Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe*32 virus [Solved]


  • This topic is locked This topic is locked

#1
wyrdaar

wyrdaar

    Member

  • Member
  • PipPip
  • 19 posts
The virus I have is a virus that mimics the svchost system in windows. I have tried many different virus scanners and nothing removes it, i have tried anti malwarebtyes, system mechanics, spybot, hitman pro, mcafee, and norton 360. It is completely invisible to norton and system mechanics. Are there any manual ways to get rid of it or any other scanners i havent tried yet? The virus itself tries to compete with the other svchost files and causes my computer to run much slower. I can end its process constantly but it just pops back up. Any help will be greatly appreciated.
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, wyrdaar! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

#3
wyrdaar

wyrdaar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Attached File  OTL.Txt   148.59KB   86 downloads

Attached Files


  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
In the future please:

Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.

OTL logfile created on: 8/10/2012 9:52:40 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 59.08% Memory free
7.50 Gb Paging File | 5.12 Gb Available in Paging File | 68.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 182.55 Gb Free Space | 40.49% Space Free | Partition Type: NTFS
Drive D: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 09:11:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2012/08/04 12:22:40 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012/08/02 15:11:17 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/08/02 13:34:52 | 001,433,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2012/08/02 11:25:10 | 001,027,792 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/08/02 01:02:23 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/08/02 01:02:14 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/08/01 07:28:37 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/07/19 11:19:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/14 08:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/06/04 23:21:13 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/14 13:51:32 | 002,039,536 | ---- | M] (GameStop Corp.) -- C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 11:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/02 15:11:17 | 009,465,032 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/08/02 01:02:25 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/08/02 01:02:14 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/08/01 07:28:30 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/01 07:28:15 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/01 07:28:14 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/01 07:28:14 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/01 07:28:14 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/07/19 11:19:31 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 11:49:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 11:48:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:48:49 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 11:48:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/10 11:54:18 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/09 14:08:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 14:03:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 14:03:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 14:03:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 14:03:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 14:02:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV:64bit: - [2012/05/25 12:53:24 | 000,180,576 | ---- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2012/05/25 12:53:20 | 000,119,136 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2012/05/25 12:53:12 | 000,121,184 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2012/05/19 13:36:41 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/02 15:11:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 11:25:10 | 001,027,792 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/08/02 01:02:23 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/08/01 07:28:37 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/07/19 11:19:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/10 10:41:35 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/14 08:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/06/04 23:21:13 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/03/05 20:53:42 | 000,667,744 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2011/11/08 00:15:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/02 11:21:22 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/08/02 01:02:26 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/04 23:21:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/06/04 23:21:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/05/25 12:58:30 | 000,173,408 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2012/05/25 12:58:28 | 001,496,416 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2012/05/19 13:38:06 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/05/19 13:38:06 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/05/19 13:37:47 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/14 22:16:27 | 000,639,280 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/04/10 12:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/08 01:48:16 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/08 01:48:16 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/10/20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/30 23:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 05:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..\SearchScopes\{62AECD46-AA2D-46DD-BB29-F6643981DF6F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-08-02 01:02:28&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://g.msn.com/USCON/1"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/11/08 00:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/08 00:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/11/08 00:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/08/02 01:02:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 11:19:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 11:19:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/28 02:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/08/06 00:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1txrb901.default\extensions
[2012/04/30 12:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/30 19:33:01 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/07/30 19:33:00 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2012/07/19 11:19:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/02 01:02:11 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/18 16:03:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 16:03:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001..\Run: [Akamai NetSession Interface] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001..\Run: [Apps] C:\Users\Chris\AppData\Local\Darksiders\Apps\mibhoh.dll (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\iavlsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\iavlsp64.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\iavlsp64.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B392F1B-69A8-4408-808A-857501883CE5}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\WINDOWS\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/14 22:40:19 | 000,000,063 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012/03/16 16:16:54 | 006,233,888 | R--- | M] (En Masse Entertainment) - D:\autorun.exe -- [ UDF ]
O33 - MountPoints2\{ead85648-09e6-11e1-b34e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ead85648-09e6-11e1-b34e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2012/03/16 16:16:54 | 006,233,888 | R--- | M] (En Masse Entertainment)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 16:50:22 | 000,082,160 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\PDFsFilter.sys
[2012/08/09 00:53:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Raiderz
[2012/08/09 00:53:34 | 004,622,336 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2012/08/09 00:52:59 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2012/08/09 00:26:24 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/08/08 16:10:28 | 3455,620,581 | ---- | C] (Perfect World Entertainment) -- C:\Users\Chris\Desktop\Raiderz_201208061644_Setup.exe
[2012/08/06 10:55:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\.techniclauncher
[2012/08/06 00:30:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Darksiders
[2012/08/06 00:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/08/05 23:17:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DC340143-5F40-4A6C-AB08-50522EA5E797}
[2012/08/05 23:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/08/02 01:02:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\AVG Secure Search
[2012/08/02 01:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/02 01:02:26 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 01:02:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2012/08/02 01:02:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 01:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/08/02 01:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/08/02 01:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/02 01:02:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/08/02 01:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/08/02 01:01:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Wajam
[2012/08/02 01:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/08/02 01:01:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/30 19:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/07/30 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
[2012/07/30 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/07/27 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\The Lord of the Rings Online
[2012/07/27 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\The Lord of the Rings Online
[2012/07/27 23:06:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Turbine
[2012/07/27 23:02:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ApplicationHistory
[2012/07/27 22:59:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/07/27 22:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012/07/27 22:58:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Star Trek ST.17.20120318a.9
[2012/07/27 22:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012/07/27 20:40:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\LOTRO Standard Res Install Files EN
[2012/07/27 19:34:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2012/07/23 17:23:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\GameStop
[2012/07/22 19:17:21 | 001,496,416 | R--- | C] (Commtouch, Inc.) -- C:\Windows\SysNative\drivers\ampse.sys
[2012/07/22 19:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Authentium
[2012/07/22 19:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
[2012/07/22 19:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Authentium
[2012/07/22 19:17:12 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\iavlsp.dll
[2012/07/22 19:17:03 | 002,154,576 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
[2012/07/22 19:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
[2012/07/22 19:17:02 | 002,096,360 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
[2012/07/22 19:16:59 | 000,056,472 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
[2012/07/22 19:16:59 | 000,025,072 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
[2012/07/22 19:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2012/07/22 19:07:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\iolo
[2012/07/22 19:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012/07/17 07:47:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\MicrosoftStore
[2012/07/12 21:42:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Guild Wars
[2012/07/12 21:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012/07/12 21:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 09:50:21 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/08/10 09:11:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 19:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 17:33:00 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 17:33:00 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 17:25:52 | 000,000,408 | ---- | M] () -- C:\Windows\SysWow64\iolo.ini
[2012/08/09 17:25:52 | 000,000,408 | ---- | M] () -- C:\Windows\SysNative\iolo.ini
[2012/08/09 17:24:13 | 000,001,202 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2012/08/09 17:22:37 | 3019,091,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 16:50:26 | 000,002,273 | ---- | M] () -- C:\Users\Chris\Desktop\System Mechanic Professional.lnk
[2012/08/09 16:49:47 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2012/08/09 13:28:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/09 00:26:30 | 000,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Launch RaiderZ.lnk
[2012/08/08 18:02:21 | 3455,620,581 | ---- | M] (Perfect World Entertainment) -- C:\Users\Chris\Desktop\Raiderz_201208061644_Setup.exe
[2012/08/06 00:18:49 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012/08/06 00:18:49 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders Soundtrack.lnk
[2012/08/04 12:22:13 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/02 12:45:44 | 000,056,472 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
[2012/08/02 12:45:34 | 000,025,072 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
[2012/08/02 11:27:36 | 002,154,576 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
[2012/08/02 11:27:34 | 002,096,360 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
[2012/08/02 11:21:22 | 000,082,160 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\PDFsFilter.sys
[2012/08/02 01:14:23 | 001,624,358 | ---- | M] () -- C:\Users\Chris\Desktop\mcpatcher-2.4.1_01.exe
[2012/08/02 01:03:40 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Desktop\OK
[2012/08/02 01:02:26 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 01:02:16 | 000,001,025 | ---- | M] () -- C:\Users\Chris\Desktop\WinRAR.lnk
[2012/08/01 07:30:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 18:10:07 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/07/28 00:56:35 | 000,001,183 | ---- | M] () -- C:\Users\Chris\Desktop\Star Trek Online.lnk
[2012/07/27 23:06:48 | 000,000,093 | ---- | M] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2012/07/27 23:01:49 | 000,809,452 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 23:01:49 | 000,669,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/27 23:01:49 | 000,125,362 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/27 22:59:19 | 000,002,227 | ---- | M] () -- C:\Users\Chris\Desktop\The Lord of the Rings Online.lnk
[2012/07/25 12:32:00 | 004,622,336 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2012/07/18 07:03:39 | 000,319,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 09:50:21 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/08/09 17:05:23 | 000,000,408 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2012/08/09 17:05:23 | 000,000,408 | ---- | C] () -- C:\Windows\SysNative\iolo.ini
[2012/08/09 16:49:47 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2012/08/09 00:52:58 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2012/08/09 00:26:30 | 000,000,725 | ---- | C] () -- C:\Users\Public\Desktop\Launch RaiderZ.lnk
[2012/08/06 00:18:49 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012/08/06 00:18:49 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders Soundtrack.lnk
[2012/08/02 01:14:14 | 001,624,358 | ---- | C] () -- C:\Users\Chris\Desktop\mcpatcher-2.4.1_01.exe
[2012/08/02 01:02:16 | 000,001,025 | ---- | C] () -- C:\Users\Chris\Desktop\WinRAR.lnk
[2012/08/02 01:01:44 | 000,000,000 | ---- | C] () -- C:\Users\Chris\Desktop\OK
[2012/07/28 00:56:34 | 000,001,183 | ---- | C] () -- C:\Users\Chris\Desktop\Star Trek Online.lnk
[2012/07/27 23:06:48 | 000,000,093 | ---- | C] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2012/07/27 22:59:19 | 000,002,227 | ---- | C] () -- C:\Users\Chris\Desktop\The Lord of the Rings Online.lnk
[2012/07/22 19:17:13 | 000,160,256 | ---- | C] () -- C:\Windows\SysNative\iavlsp64.dll
[2012/07/22 19:17:04 | 000,002,273 | ---- | C] () -- C:\Users\Chris\Desktop\System Mechanic Professional.lnk
[2012/06/04 23:21:15 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/04 23:21:13 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/04 23:21:13 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/19 13:37:41 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/19 13:37:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/19 13:37:30 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/14 22:34:11 | 000,017,408 | ---- | C] () -- C:\Users\Chris\AppData\Local\WebpageIcons.db
[2012/05/14 11:35:14 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/03/19 18:51:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/06 01:47:40 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/03/06 01:26:53 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr(1).exe
[2012/02/23 11:51:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/11/08 01:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/30 23:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/30 23:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/02/10 09:10:51 | 000,809,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/08/02 01:14:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft
[2012/08/06 10:58:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.techniclauncher
[2012/02/23 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Fingertapps
[2012/03/08 17:50:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeTorrentDownloader
[2012/08/09 13:43:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\iolo
[2012/02/23 11:49:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2012/02/23 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCDr
[2012/04/24 04:39:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client
[2012/05/29 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Stardock
[2012/07/17 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP
[2012/02/23 12:12:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangentv1000
[2012/08/04 12:22:13 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/14 11:17:12 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/09 13:28:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/11/08 01:48:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/11/08 01:48:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\explorer.exe
[2011/11/08 01:48:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/11/08 01:48:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/11/08 01:48:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\SysWOW64\explorer.exe
[2011/11/08 01:48:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/04/03 22:54:08 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/04/03 22:54:08 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/04/03 22:54:04 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/04/03 22:54:02 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/04/03 22:54:02 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/04/03 22:54:02 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/04/03 22:54:04 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/04/03 22:54:04 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/04/03 22:53:58 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/04/03 22:54:04 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/04/03 22:53:56 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/04/03 22:54:08 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/04/03 22:53:56 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/04/03 22:54:02 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/04/03 22:53:56 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/04/03 22:54:08 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/04/03 22:54:04 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/04/03 22:54:10 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/04/03 22:54:10 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/04/03 22:54:02 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/04/03 22:54:08 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/04/03 22:53:58 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012/04/03 22:54:04 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/15 20:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2012/04/03 22:54:02 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/04/03 22:53:58 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/04/03 22:53:58 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010/11/15 20:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2010/11/15 20:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2010/11/15 20:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2010/11/15 20:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2010/11/15 20:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2010/11/15 20:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2010/11/15 20:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2010/11/15 20:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2010/11/15 20:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2010/11/15 20:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2010/11/15 20:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2010/11/15 20:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2010/11/15 20:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2010/11/15 20:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2010/11/15 20:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2010/11/15 20:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2010/11/15 20:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2010/11/15 20:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2010/11/15 20:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2010/11/15 20:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2010/11/15 20:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2010/11/15 20:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2010/11/15 20:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2010/11/15 20:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2010/11/15 20:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2012/04/03 22:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/15 20:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 00:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 00:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/05/09 02:49:03 | 000,000,808 | ---- | M] () MD5=D089BFF3CF003CE11F0E1D41ECC1A9D0 -- C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EA5N8GFB\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 00:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 00:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\services.msc
[2010/11/21 00:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 00:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2012/04/10 12:04:32 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\WINDOWS\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >




OTL Extras logfile created on: 8/10/2012 9:52:40 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 59.08% Memory free
7.50 Gb Paging File | 5.12 Gb Available in Paging File | 68.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 182.55 Gb Free Space | 40.49% Space Free | Partition Type: NTFS
Drive D: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4102987237-965059444-1089211783-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{180D5D8F-D849-4D50-B84F-68B108F72445}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1999F2A3-6487-4D13-8900-2D0D2F3D2B2A}" = rport=139 | protocol=6 | dir=out | app=system |
"{347F2485-9DCE-480B-9401-BA48B169CBAD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4224159C-9AB0-4EDF-86F1-5875497FF03E}" = lport=138 | protocol=17 | dir=in | app=system |
"{455217C1-37CE-4A24-B9A9-1CA6EC049AAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{50C85B34-60A5-4397-B6A1-30CC96AFFEFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53CF159E-44D6-44D0-86C6-8702B7780E2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63C599B4-A37F-4502-98C7-C862A0F406E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{64BEDAEB-C2F6-44CE-BFC3-42C6DA52DD1C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F64B727-C0BA-4DF4-BAB5-5EDC0D7A64E9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{70BB298D-7BC3-4DBE-A7DD-9C1D79E9FE02}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8561ADE8-7BD1-42A0-B66E-FDF0CA8E2515}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86F7BA4F-B483-476C-828D-FA59DF22D358}" = lport=445 | protocol=6 | dir=in | app=system |
"{8D252AB2-2F21-4928-BDA5-08E3EBEF02F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{92157417-3433-4E67-A99B-1AB03DBA314D}" = lport=139 | protocol=6 | dir=in | app=system |
"{9595E236-6B51-407A-B63F-E09214B46BF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9FFE747C-ECCF-428D-814D-A435A4064C9A}" = lport=63497 | protocol=6 | dir=in | name=akamai netsession interface |
"{AE10203C-7BDF-4FDF-9285-60D6BC542F3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5F316BD-6D9B-4920-9556-7A24217D837A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C2DAFCBE-9DA6-4AEE-9C7A-3D37A5EFB61B}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0700A9E-CAD3-44B5-AFEA-33F40D886B9B}" = rport=137 | protocol=17 | dir=out | app=system |
"{D6308F17-6B64-41DE-B7AE-F1351F169252}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DE10BA41-37B3-437F-A740-6981E83B7C1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAD27E35-4539-4A99-A271-9D27C70EE218}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC98EAFA-A45C-42E5-8ED8-78E8A82DC4E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FF722E3B-CD34-48AC-8171-DCCE67442029}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02572981-CA7B-48C2-9D10-CA226E651ACC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{056DD167-AAA1-4591-ABE5-CE63ABAAA7E5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08DCF603-4C6A-4479-95E6-BDA45F09E6D6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0E93E14C-07DA-411A-9102-C0D457C1A300}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{112060DC-8B31-4C4D-BEC9-DFD19965AE2F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{121E7C4A-4E27-45DD-892F-A84E5F08BF1F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{17BEFF27-1B84-4FD1-A555-6C28D813361A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1BD0DF54-72CD-41EA-A719-A355AC3A74F8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CA3378C-438E-4200-98BC-50EB6EBC80BC}" = protocol=17 | dir=out | app=c:\users\public\games\tera\client\tl.exe |
"{1F49030A-F772-41AF-A4CA-3E6282AFE361}" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"{20CF7DC0-8042-4BAD-ABD5-418E6C0820F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{24774CEE-6C24-476C-9603-F64FD0053512}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2617DC8A-4102-4520-8687-4F4D0DE57A92}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\hawx2.exe |
"{27A07FF1-DD6D-46E2-9125-E31B67D30C93}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{286634C4-A86D-46A4-AE2D-ADC34224258C}" = protocol=17 | dir=in | app=c:\users\public\games\tera\client\tera.exe |
"{2928B3BA-F785-4233-B516-6C6F7333DD8D}" = protocol=17 | dir=out | app=c:\users\public\games\tera\tera-launcher.exe |
"{2DA09D22-7947-4939-B48D-730BECFD0197}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{30D6923E-2E02-4B6A-B839-4B548EE61023}" = protocol=6 | dir=out | app=c:\users\public\games\tera\tera-launcher.exe |
"{31E7B037-F0FB-4306-B79D-EDE96FA4FC73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3205AB20-003B-4FCF-B564-8915B36D56BF}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{333CF1BA-2931-4555-B116-639B89144B6C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3419C26F-D06A-48A2-BD07-E454052E508C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\hawx2_dx11.exe |
"{38C9E166-16D7-4F92-9D98-8D15E1A6FF94}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{39D046B6-1AA8-4CF1-956C-A1F986C92C48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{3AC2067D-DCD7-4F28-B58D-0FB80BF80016}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3C990328-7580-4241-B4BE-085810C469EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{3E04B7A4-110F-4F8D-BCB0-794B8FB34384}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{40725DDD-7C2E-4BCF-B113-BD3BB3F21F74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{41BFE1F4-776E-476D-9F12-5642CC098780}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{469255C5-EA14-4168-9333-11EC395AC140}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49ECD968-8046-4ACC-904B-40EA9D726A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4A38AF35-203C-47A2-BD23-6B90E6BA444D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{4CB4A3D6-88E2-4576-AED2-023401757B43}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4E3762F1-D9DF-432B-BF59-7787E27FD6CB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{501BF924-CB9B-467B-868B-88C0BEB273B3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50B62DCF-99D5-41C6-A888-73D3F8F0B2C5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{51F5B484-031D-4F99-A5BD-065398253D67}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{52CA08C0-0FAD-4F50-BA80-5AE4C71805AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{53CA6F2D-B7D2-4337-B117-C3E230C9BFF5}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{58C9B3B5-D33E-495F-B488-8255BF466AF1}" = protocol=1 | dir=in | [email protected],-28543 |
"{5F4CA3C2-AA4A-4D53-B0ED-9514708B7359}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5F5507AE-E6B6-4791-861C-551825E38ABC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{607341C8-EBF5-4ED7-91D2-A22E222AFB51}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{6360D7F1-078D-466D-A8E4-5943F4989F08}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{6483F5BA-8043-4FE3-91CA-E96E63E67B8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{660A001C-A21C-4B47-91F9-C4865EC1C766}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{6CFF6BE3-C733-4376-98B8-C6B6D59E5CE4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7134A82F-046E-4D4A-9BA1-143075953136}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7210143B-6C8D-4E78-B1EF-FABD03D19F7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7483834D-E334-4016-9DF0-5380EC292CEC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\hawx2_dx11.exe |
"{74A9B508-E5DE-4038-8593-5809A56C30DB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{75BE5750-BC30-4C1B-99E0-30B6A23CD004}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{75D256FF-6D66-497F-80D5-77EEF20B3823}" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"{768E2BC6-3258-4763-BC3A-C44643C7EE4A}" = protocol=1 | dir=out | [email protected],-28544 |
"{76E40256-20A9-48B0-936C-E33DDA9BA8A7}" = protocol=6 | dir=in | app=c:\users\public\games\tera\client\tl.exe |
"{7BF2E7A4-89A4-4CA9-B45C-F6CECE2B9E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E5AC0C9-8572-4EE5-9B3C-F323F9D9F61B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8014452D-92F3-4EE4-B002-8EF9D318729C}" = protocol=6 | dir=out | app=c:\users\public\games\tera\client\tera.exe |
"{811ECF82-38E7-4BA5-975C-845E9DFE7E87}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{87F5655B-5907-4F1A-9CE9-D839F53C816E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8869779A-D839-47CB-B8D1-935C8EBF3131}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\hawx2.exe |
"{895266F6-DA2D-471F-8919-7ED54D550C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{89B1567F-57A7-4404-B9E5-068AC39868FB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D384168-23E8-459A-AA60-6CCD0FF6DF10}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{8F76DCF7-92C8-4968-9FF9-9460E75F9418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{997CAE17-757F-439C-80CD-7DCEC92E68EF}" = protocol=17 | dir=out | app=c:\users\public\games\tera\client\tera.exe |
"{9AB166CD-EF1E-40ED-ACE3-3B48EB75E51F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9C8136AE-926E-4E83-B6C8-A1E4B73292F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{9D8CABC2-0C4B-41E9-A916-9648491A358A}" = protocol=6 | dir=in | app=c:\users\public\games\tera\tera-launcher.exe |
"{9E1FE663-DA1A-4748-9E2D-073A2FD10F4E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9EA49509-0E4C-4648-BBE3-C18E93E1A71B}" = protocol=58 | dir=in | [email protected],-28545 |
"{B03A8AFF-1822-4F1D-A91B-DC2E20638AC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B195E77B-80A5-4B5F-98BC-9653018616E2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B262A64B-1C99-46A5-9B90-F51E439E1204}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{C5B9BA98-229E-450E-8625-EF55F18F48EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC87055A-E7EB-4DE3-9B91-0F7B7F092BC6}" = protocol=17 | dir=in | app=c:\users\public\games\tera\client\tl.exe |
"{CE0F877A-D2E7-486E-A7D3-B4362CDBF170}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D45B4F4A-09FC-45E3-BCFD-4BA1FC501140}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{D4AD1E7C-ED31-48EE-BEA2-3FCBAA800CED}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DA82847D-7C04-494A-8C77-5B8A43918365}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DB639AF8-BA6B-4891-ABB5-D58BCC86CD14}" = protocol=6 | dir=in | app=c:\users\public\games\tera\client\tera.exe |
"{DBE04CF4-BAA4-4FE4-B70E-159B39EAC893}" = protocol=58 | dir=out | [email protected],-28546 |
"{DCE16D31-99A2-4F2F-A843-024E47D993D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DDEED1C0-383C-4E96-8CC0-648AF21B09A8}" = protocol=17 | dir=in | app=c:\users\public\games\tera\tera-launcher.exe |
"{DE2BAA1C-5A3B-463A-85AC-A64DA122FF40}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{E29A8058-D457-4690-AFDD-9DF13816752C}" = protocol=6 | dir=out | app=system |
"{E6C1E82C-E6EE-470D-A6BB-3AFB791F8C2D}" = protocol=6 | dir=out | app=c:\users\public\games\tera\client\tl.exe |
"{E6F7A7D9-B673-4DE3-8AC0-DBB0177BA4AC}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{E7B7E80C-2A52-48AB-8406-467F689A30D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{E950B04D-E51C-4799-98AB-69300FE937F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9AA3B63-5BAA-4BB8-82C9-9460BC0C201E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EB077443-3B7E-47DE-9C41-B3E89E5E7C66}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{EBADDA9E-C392-455B-A635-EA3E80A13E45}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EBCA29DA-E6EC-46B5-9EDF-717C2CAFED0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC407DFB-9E0E-42E9-9F7F-8E4C03EDC613}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ECEC7742-FAB6-4F03-B682-C3570130F971}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{EE30A9B3-7941-4947-AFF9-D779D402C02F}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"TCP Query User{0078BCE7-4710-4DB1-9EFA-27E715EE5B8A}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{0838B72C-E53B-446E-8F41-51624B7CC277}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{10E9F015-9F57-42AE-B187-77D64187A52C}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{52952855-88A8-4287-9581-E7C2083F2EB7}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{574EA289-8D8F-4014-955D-9C7CAF5B585A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{948A5E22-27BA-44C2-850B-83D14F5DAB78}C:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\data\browser\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\data\browser\uplaybrowser.exe |
"TCP Query User{C931B93A-EE75-45E8-81CE-962E50EC4B5C}C:\hitech creations\aces high\aceshigh.exe" = protocol=6 | dir=in | app=c:\hitech creations\aces high\aceshigh.exe |
"TCP Query User{DF46C3E5-3D25-4BC2-BBE6-CD10CF55DBC2}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{EDD5F2FB-6D28-4BE4-AF8C-0B4D0ACDFEFF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{026E3BAD-EACC-4EA3-9DA5-F260722C1110}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{0F7BFC87-E658-45D4-A363-A864972F253A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{0FF310EA-083B-4415-9014-209A2BE55F8C}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"UDP Query User{16B0219B-A7C8-4FD5-808B-5B9A8490A6A1}C:\hitech creations\aces high\aceshigh.exe" = protocol=17 | dir=in | app=c:\hitech creations\aces high\aceshigh.exe |
"UDP Query User{3E047342-AA86-4EC2-AE44-A1E447638EA8}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{95B22C02-7B2D-491E-B337-51B885AD588E}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{B1815C0C-22D7-4910-B4FB-0AB06A966589}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{D3A3D1A1-2340-4EC4-A93A-733E2BBD4FD0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DF26989C-E8A8-4804-B2BC-6A19B5EC42A4}C:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\data\browser\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x. 2\data\browser\uplaybrowser.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{23258CCA-EDBF-4BA6-99C8-8278848C500C}" = RaiderZ
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73685185-D43B-4046-83DC-24CDBF9F35E5}" = S4 League_EU
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{76A232AF-B7D6-41A4-B795-6B355E6D32B1}" = Tom Clancy's H.A.W.X. 2
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{823D676D-AEA7-49EE-8B67-45F315FA794B}" = S4 League_EU
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E3A0FAC-4751-4E31-B9FA-11BB3C23DFB3}" = Steam Package Installer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D78149D7-480E-4012-8071-7B68B3E02527}" = ExamGuard
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.00.8037
"Aces High" = Aces High (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVG Secure Search" = AVG Security Toolbar
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Darksiders" = Darksiders
"Diablo III" = Diablo III
"Far Cry" = Far Cry
"Far Cry® 2 Fortune's Edition" = Far Cry® 2 Fortune's Edition
"GameStop App" = GameStop App
"GoToAssist" = GoToAssist 8.0.0.514
"Guild Wars" = Guild Wars
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PunkBusterSvc" = PunkBuster Services
"Star Trek Online" = Star Trek Online
"Steam App 50620" = Darksiders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam Package Installer" = Steam Package Installer
"SuddenAttackNA" = SuddenAttack
"Tom Clancy's H.A.W.X.® 2 Digital Deluxe Edition" = Tom Clancy's H.A.W.X.® 2 Digital Deluxe Edition
"Vindictus" = Vindictus
"Wajam" = Wajam
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley ™
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4102987237-965059444-1089211783-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Akamai" = Akamai NetSession Interface
"SOE-Pirates of the Burning Sea" = Pirates of the Burning Sea

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 4:40:32 PM | Computer Name = Chris-PC | Source = Office Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004E01E Partial Pkey=6WT7D
ACID=3850c794-b06f-4633-b02f-8ac4df0a059f
Detailed
Error[?]

Error - 7/17/2012 4:42:55 PM | Computer Name = Chris-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 7/17/2012 11:15:20 PM | Computer Name = Chris-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 7/17/2012 11:16:05 PM | Computer Name = Chris-PC | Source = Office Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004E01E Partial Pkey=M2D62
ACID=3850c794-b06f-4633-b02f-8ac4df0a059f
Detailed
Error[?]

Error - 7/17/2012 11:16:08 PM | Computer Name = Chris-PC | Source = Office Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004E01E Partial Pkey=M2D62
ACID=3850c794-b06f-4633-b02f-8ac4df0a059f
Detailed
Error[?]

Error - 7/18/2012 10:04:41 AM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2012 10:09:12 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x004923d1 Faulting process id: 0xe0c Faulting application start time: 0x01cd6504ac318fcd
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: bb1c7b52-d146-11e1-9770-d067e50728e0

Error - 7/19/2012 2:14:29 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/20/2012 9:32:41 AM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2012 3:41:49 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

[ iolo Applications Events ]
Error - 6/13/2012 1:52:49 PM | Computer Name = Chris-PC | Source = System Shield | ID = 11
Description =

Error - 8/9/2012 7:46:17 PM | Computer Name = Chris-PC | Source = System Shield | ID = 12
Description =

Error - 8/9/2012 7:52:31 PM | Computer Name = Chris-PC | Source = System Shield | ID = 12
Description =

Error - 8/9/2012 8:00:25 PM | Computer Name = Chris-PC | Source = System Shield | ID = 12
Description =

[ System Events ]
Error - 7/21/2012 3:41:16 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description = The Application Virtualization Client service depends on the Sftfs
service which failed to start because of the following error: %%31

Error - 7/21/2012 3:41:22 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068

Error - 7/21/2012 3:41:35 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FileDisk

Error - 7/21/2012 3:52:49 PM | Computer Name = Chris-PC | Source = bowser | ID = 8003
Description =

Error - 7/21/2012 10:30:47 PM | Computer Name = Chris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:25:21 PM on ?7/?21/?2012 was unexpected.

Error - 7/21/2012 10:31:35 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Anti-Spam Service service depends the following service:
MfeFire. This service might not be installed.

Error - 7/21/2012 10:31:37 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Sftfs service failed to start due to the following error: %%31

Error - 7/21/2012 10:31:37 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description = The Application Virtualization Client service depends on the Sftfs
service which failed to start because of the following error: %%31

Error - 7/21/2012 10:31:43 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068

Error - 7/21/2012 10:31:59 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
FileDisk


< End of report >






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 09:09:12
-----------------------------
09:09:12.051 OS Version: Windows x64 6.1.7601 Service Pack 1
09:09:12.051 Number of processors: 2 586 0x603
09:09:12.052 ComputerName: CHRIS-PC UserName: Chris
09:09:17.128 Initialize success
09:11:01.889 AVAST engine defs: 12081000
09:13:17.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:13:17.257 Disk 0 Vendor: WDC_WD5000AAKX-753CA1 19.01H19 Size: 476940MB BusType: 11
09:13:17.261 Device \Driver\atapi -> MajorFunction fffffa8004adf5e8
09:13:17.264 Disk 0 MBR read successfully
09:13:17.266 Disk 0 MBR scan
09:13:17.274 Disk 0 Windows VISTA default MBR code
09:13:17.276 Disk 0 MBR hidden
09:13:17.280 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
09:13:17.298 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
09:13:17.328 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461733 MB offset 31141888
09:13:17.445 Disk 0 scanning C:\Windows\system32\drivers
09:13:28.261 Service scanning
09:13:57.144 Modules scanning
09:13:57.489 Disk 0 trace - called modules:
09:13:57.495 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004adf5e8]<<
09:13:57.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004677060]
09:13:57.504 3 CLASSPNP.SYS[fffff88001e5143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045e3060]
09:13:57.510 \Driver\atapi[0xfffffa8004a46b70] -> IRP_MJ_CREATE -> 0xfffffa8004adf5e8
09:13:59.909 AVAST engine scan C:\Windows
09:14:05.785 AVAST engine scan C:\Windows\system32
09:20:30.843 AVAST engine scan C:\Windows\system32\drivers
09:20:57.980 AVAST engine scan C:\Users\Chris
09:21:29.884 File: C:\Users\Chris\AppData\Local\Darksiders\Apps\mibhoh.dll **INFECTED** Win32:Malware-gen
09:35:17.570 AVAST engine scan C:\ProgramData
09:45:13.768 Scan finished successfully
09:50:21.444 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
09:50:21.451 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What antivirus do you have installed?
  • 0

#6
wyrdaar

wyrdaar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Currently, I have: Malwarebytes Antimalware, System Mechanics, and Kasperkey. Kaspersky however will not start up anymore and it wont uninstall.
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

Right-click on pbsvc.exe and select Run as Administrator >> follow the prompts.

You may reinstall Punkbuster when I give the all clear if you so wish.

Also uninstall:

wajam


Step 2.

Please do not use iolo's System Mechanic Professional registry cleaner.

A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

Technet blog also discusses this issue as well as Ed Bott.


Step 3.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-4102987237-965059444-1089211783-1001..\Run: [Apps] C:\Users\Chris\AppData\Local\Darksiders\Apps\mibhoh.dll (SEIKO EPSON CORPORATION)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    [2012/08/02 01:02:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    [2012/08/02 01:01:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Wajam
    [2009/07/13 18:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\WINDOWS\svchost.exe
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.


Step 5.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 6.

Please post:

OTL fix log
ComboFix.txt
TDSSKiller log


Also update me on your computer issues.
  • 0

#8
wyrdaar

wyrdaar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 12-08-09.01 - Chris 08/10/2012 23:16:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2128 [GMT -7:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\windows\RPSETUP.EXE.LOG
c:\windows\svchost.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 06:29 . 2012-08-11 06:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 06:14 . 2012-08-11 06:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAA366EC-5500-4486-A71F-3EB44227EF82}\offreg.dll
2012-08-11 05:52 . 2012-08-11 05:52 -------- d-----w- C:\_OTL
2012-08-10 07:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAA366EC-5500-4486-A71F-3EB44227EF82}\mpengine.dll
2012-08-09 23:50 . 2012-08-02 18:21 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2012-08-09 23:49 . 2012-08-09 23:49 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2012-08-09 07:53 . 2012-07-25 19:32 4622336 ----a-w- c:\windows\SysWow64\GameMon.des
2012-08-09 07:52 . 2005-01-04 18:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-08-09 07:52 . 2003-07-21 03:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-08-09 07:26 . 2012-08-09 07:26 -------- d-----w- C:\Perfect World Entertainment
2012-08-06 17:55 . 2012-08-06 17:58 -------- d-----w- c:\users\Chris\AppData\Roaming\.techniclauncher
2012-08-06 07:30 . 2012-08-06 07:55 -------- d-----w- c:\users\Chris\AppData\Local\Darksiders
2012-08-06 06:17 . 2012-08-06 06:17 -------- dc-h--w- c:\programdata\{DC340143-5F40-4A6C-AB08-50522EA5E797}
2012-08-06 06:01 . 2012-08-06 06:01 -------- d-----w- c:\program files (x86)\THQ
2012-08-02 22:11 . 2012-08-02 22:11 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-02 08:02 . 2012-08-02 08:02 -------- d-----w- c:\users\Chris\AppData\Local\AVG Secure Search
2012-08-02 08:02 . 2012-08-02 08:02 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-02 08:02 . 2012-08-02 08:02 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-02 08:02 . 2012-08-02 08:02 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-02 08:02 . 2012-08-02 08:02 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-02 08:01 . 2012-08-02 08:01 -------- d--h--w- c:\programdata\Common Files
2012-07-31 02:33 . 2012-07-31 02:33 -------- d-----w- c:\program files (x86)\Application Updater
2012-07-31 02:32 . 2012-07-31 02:33 -------- d-----w- c:\program files (x86)\YTD Toolbar
2012-07-31 02:32 . 2012-07-31 02:32 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-07-28 06:28 . 2012-07-28 06:28 -------- d-----w- c:\users\Chris\AppData\Local\The Lord of the Rings Online
2012-07-28 06:06 . 2012-07-28 06:11 -------- d-----w- c:\users\Chris\AppData\Local\Turbine
2012-07-28 06:02 . 2012-07-28 17:23 -------- d-----w- c:\users\Chris\AppData\Local\ApplicationHistory
2012-07-28 05:33 . 2012-07-28 05:33 -------- d-----w- c:\program files (x86)\Turbine
2012-07-28 02:34 . 2012-07-28 02:34 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2012-07-24 00:23 . 2012-07-24 00:23 -------- d-----w- c:\users\Chris\AppData\Local\GameStop
2012-07-23 02:17 . 2012-05-25 19:58 1496416 ----a-r- c:\windows\system32\drivers\ampse.sys
2012-07-23 02:17 . 2012-07-23 02:17 -------- d-----w- c:\programdata\Authentium
2012-07-23 02:17 . 2012-07-23 02:17 -------- d-----w- c:\program files\Common Files\Authentium
2012-07-23 02:17 . 2012-07-23 02:17 -------- d-----w- c:\program files (x86)\Common Files\Authentium
2012-07-23 02:17 . 2012-04-17 15:25 160256 ----a-w- c:\windows\system32\iavlsp64.dll
2012-07-23 02:17 . 2012-04-17 15:25 118784 ----a-w- c:\windows\SysWow64\iavlsp.dll
2012-07-23 02:17 . 2012-08-02 18:27 2154576 ----a-w- c:\windows\system32\Incinerator64.dll
2012-07-23 02:17 . 2012-08-02 18:27 2096360 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-07-23 02:16 . 2012-08-02 19:45 56472 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-07-23 02:16 . 2012-08-02 19:45 25072 ----a-w- c:\windows\system32\smrgdf.exe
2012-07-23 02:16 . 2012-04-17 15:25 69000 ----a-w- c:\windows\system32\offreg.dll
2012-07-23 02:16 . 2012-04-17 15:25 56200 ----a-w- c:\windows\SysWow64\offreg.dll
2012-07-23 02:16 . 2012-07-23 02:16 -------- d-----w- c:\program files (x86)\iolo
2012-07-23 02:07 . 2012-08-10 00:22 -------- d-----w- c:\programdata\iolo
2012-07-23 02:07 . 2012-08-09 20:43 -------- d-----w- c:\users\Chris\AppData\Roaming\iolo
2012-07-23 01:46 . 2012-04-17 18:02 89419176 ----a-w- c:\program files (x86)\Mozilla Firefox\SystemMechanicPro.exe
2012-07-17 14:47 . 2012-07-17 14:47 -------- d-----w- c:\users\Chris\AppData\Local\MicrosoftStore
2012-07-13 04:42 . 2012-07-13 04:42 -------- d-----w- c:\programdata\Media Center Programs
2012-07-13 04:42 . 2012-08-10 05:13 -------- d-----w- c:\program files (x86)\Guild Wars
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 22:11 . 2012-05-06 01:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 22:11 . 2011-11-08 06:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 22:33 . 2012-03-22 04:31 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2012-03-07 19:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:08 . 2012-07-11 22:40 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 13:59 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 13:59 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 13:59 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 13:59 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 13:59 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 13:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 13:59 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-05 06:21 . 2012-06-05 06:21 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-05 06:21 . 2012-06-05 06:21 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-06-05 06:21 . 2012-06-05 06:21 2793768 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-06-02 22:19 . 2012-06-19 01:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 02:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 02:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 02:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 01:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 01:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 02:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 01:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 01:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 22:32 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 22:32 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 22:32 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 22:32 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 22:32 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 22:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 22:32 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 22:32 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 22:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 22:32 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 22:32 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 22:32 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 22:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 22:32 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 22:32 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 13:59 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 13:59 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 13:59 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 13:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 13:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 13:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 13:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 13:59 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 13:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 19:58 . 2012-05-25 19:58 173408 ----a-r- c:\windows\system32\drivers\amp.sys
2012-05-19 20:38 . 2012-05-19 20:38 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-05-19 20:38 . 2011-11-08 08:20 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-05-19 20:38 . 2012-05-19 20:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-05-19 20:38 . 2012-05-19 20:38 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-05-19 20:38 . 2012-05-19 20:37 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-05-19 20:38 . 2012-05-19 20:37 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-05-19 20:38 . 2012-05-19 20:38 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-05-19 20:38 . 2012-05-19 20:38 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-05-19 20:38 . 2012-05-19 20:38 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-05-19 20:37 . 2012-05-19 20:37 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-05-19 20:37 . 2011-11-08 08:20 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-05-19 20:37 . 2012-05-19 20:37 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-05-19 20:37 . 2012-05-19 20:37 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-05-19 20:37 . 2012-05-19 20:37 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-05-19 20:37 . 2012-05-19 20:37 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-05-19 20:37 . 2012-05-19 20:37 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-05-19 20:37 . 2012-05-19 20:37 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-05-19 20:37 . 2012-05-19 20:37 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-05-19 20:37 . 2012-05-19 20:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-05-19 20:37 . 2012-05-19 20:37 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-05-19 20:37 . 2012-05-19 20:37 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-05-19 20:37 . 2012-05-19 20:37 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-05-19 20:37 . 2012-05-19 20:37 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-05-19 20:37 . 2012-05-19 20:36 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-05-19 20:37 . 2012-05-19 20:37 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-05-19 20:37 . 2012-05-19 20:37 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-05-19 20:37 . 2011-11-08 08:20 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-05-19 20:36 . 2012-05-19 20:36 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-05-19 20:36 . 2012-05-19 20:36 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-05-19 20:36 . 2012-05-19 20:36 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-05-19 20:36 . 2012-05-19 20:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-05-19 20:36 . 2012-05-19 20:36 332800 ----a-w- c:\windows\system32\ATIODE.exe
2012-05-19 20:36 . 2012-05-19 20:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-05-19 20:36 . 2012-05-19 20:36 64000 ----a-w- c:\windows\system32\coinst.dll
2012-05-19 20:36 . 2012-05-19 20:36 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2012-05-19 20:36 . 2012-05-19 20:36 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-05-19 20:36 . 2012-05-19 20:36 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-05-19 20:36 . 2012-05-19 20:36 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-05-19 20:36 . 2012-05-19 20:36 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-05-19 20:36 . 2012-05-19 20:36 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-05-19 20:36 . 2012-05-19 20:36 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-05-19 20:36 . 2012-05-19 20:36 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-05-19 20:36 . 2012-05-19 20:36 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-05-19 20:36 . 2012-05-19 20:36 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-05-19 20:36 . 2012-05-19 20:36 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-05-19 20:36 . 2012-05-19 20:36 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Chris\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-27 1095560]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-02 1147488]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-2-24 0]
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-5-14 2039536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1255736]
R3 X6va006;X6va006;c:\users\Chris\AppData\Local\Temp\006ADD3.tmp [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-02 31080]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-19 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2012-05-25 173408]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2012-05-25 1496416]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-27 794560]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-22 743992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-08-02 1027792]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-05-25 121184]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-05-25 119136]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-05-25 180576]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-02 830048]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-05-19 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-05-19 343040]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 22:11]
.
2012-08-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1txrb901.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USCON/1
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AMP
SafeBoot-AMPSE
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Chris\AppData\Local\Temp\006ADD3.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:bd,5a,00,1c,c8,76,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 23:56:28
ComboFix-quarantined-files.txt 2012-08-11 06:56
.
Pre-Run: 195,241,660,416 bytes free
Post-Run: 195,092,353,024 bytes free
.
- - End Of File - - 7C351B2483224C60B2600F14B76E7084


This was the only log that saved for some reason, but the virus appears to be gone, I can no longer find it in my processes and my computer is back to full speed.
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
You can find the OTL log here

The log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


You can find the TDSSKiller log here

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



Please post these two logs. :thumbsup:
  • 0

#10
wyrdaar

wyrdaar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
23:58:16.0944 4468 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:58:17.0384 4468 ============================================================
23:58:17.0384 4468 Current date / time: 2012/08/10 23:58:17.0384
23:58:17.0384 4468 SystemInfo:
23:58:17.0384 4468
23:58:17.0384 4468 OS Version: 6.1.7601 ServicePack: 1.0
23:58:17.0384 4468 Product type: Workstation
23:58:17.0384 4468 ComputerName: CHRIS-PC
23:58:17.0384 4468 UserName: Chris
23:58:17.0384 4468 Windows directory: C:\Windows
23:58:17.0384 4468 System windows directory: C:\Windows
23:58:17.0384 4468 Running under WOW64
23:58:17.0384 4468 Processor architecture: Intel x64
23:58:17.0384 4468 Number of processors: 2
23:58:17.0384 4468 Page size: 0x1000
23:58:17.0384 4468 Boot type: Normal boot
23:58:17.0384 4468 ============================================================
23:58:18.0397 4468 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:58:18.0417 4468 ============================================================
23:58:18.0417 4468 \Device\Harddisk0\DR0:
23:58:18.0417 4468 MBR partitions:
23:58:18.0417 4468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
23:58:18.0417 4468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x385D2800
23:58:18.0417 4468 ============================================================
23:58:18.0427 4468 C: <-> \Device\Harddisk0\DR0\Partition1
23:58:18.0427 4468 ============================================================
23:58:18.0427 4468 Initialize success
23:58:18.0427 4468 ============================================================
23:58:42.0734 5040 ============================================================
23:58:42.0734 5040 Scan started
23:58:42.0734 5040 Mode: Manual; SigCheck; TDLFS;
23:58:42.0734 5040 ============================================================
23:58:43.0635 5040 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:58:43.0745 5040 1394ohci - ok
23:58:43.0855 5040 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:58:43.0885 5040 ACPI - ok
23:58:43.0885 5040 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:58:43.0915 5040 AcpiPmi - ok
23:58:43.0995 5040 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:58:44.0025 5040 AdobeARMservice - ok
23:58:44.0165 5040 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:58:44.0176 5040 AdobeFlashPlayerUpdateSvc - ok
23:58:44.0216 5040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:58:44.0236 5040 adp94xx - ok
23:58:44.0256 5040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:58:44.0266 5040 adpahci - ok
23:58:44.0286 5040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:58:44.0296 5040 adpu320 - ok
23:58:44.0316 5040 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:58:44.0356 5040 AeLookupSvc - ok
23:58:44.0416 5040 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:58:44.0426 5040 AFD - ok
23:58:44.0436 5040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:58:44.0446 5040 agp440 - ok
23:58:44.0776 5040 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
23:58:44.0776 5040 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
23:58:44.0786 5040 Akamai ( HiddenFile.Multi.Generic ) - warning
23:58:44.0786 5040 Akamai - detected HiddenFile.Multi.Generic (1)
23:58:44.0906 5040 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:58:44.0956 5040 ALG - ok
23:58:45.0006 5040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:58:45.0016 5040 aliide - ok
23:58:45.0056 5040 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
23:58:45.0086 5040 AMD External Events Utility - ok
23:58:45.0136 5040 AMD FUEL Service - ok
23:58:45.0166 5040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:58:45.0197 5040 amdide - ok
23:58:45.0227 5040 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
23:58:45.0257 5040 amdiox64 - ok
23:58:45.0267 5040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:58:45.0277 5040 AmdK8 - ok
23:58:45.0926 5040 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
23:58:46.0131 5040 amdkmdag - ok
23:58:46.0272 5040 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:58:46.0312 5040 amdkmdap - ok
23:58:46.0332 5040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:58:46.0352 5040 AmdPPM - ok
23:58:46.0372 5040 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:58:46.0382 5040 amdsata - ok
23:58:46.0402 5040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:58:46.0412 5040 amdsbs - ok
23:58:46.0442 5040 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:58:46.0452 5040 amdxata - ok
23:58:46.0512 5040 AMP (7ff52fd7cb32fbeba5960e8f9621d734) C:\Windows\system32\Drivers\amp.sys
23:58:46.0542 5040 AMP - ok
23:58:46.0642 5040 AMPSE (6221e6de43bbbd96c122f0edd0139809) C:\Windows\system32\Drivers\ampse.sys
23:58:46.0672 5040 AMPSE - ok
23:58:46.0752 5040 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
23:58:46.0782 5040 AODDriver4.1 - ok
23:58:46.0932 5040 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:58:47.0012 5040 AppID - ok
23:58:47.0042 5040 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:58:47.0092 5040 AppIDSvc - ok
23:58:47.0122 5040 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:58:47.0152 5040 Appinfo - ok
23:58:47.0222 5040 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:58:47.0262 5040 Apple Mobile Device - ok
23:58:47.0382 5040 Application Updater (0805ecf10476a091999e4d59d0db71a2) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
23:58:47.0412 5040 Application Updater - ok
23:58:47.0452 5040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:58:47.0462 5040 arc - ok
23:58:47.0472 5040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:58:47.0482 5040 arcsas - ok
23:58:47.0492 5040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:58:47.0522 5040 AsyncMac - ok
23:58:47.0542 5040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:58:47.0542 5040 atapi - ok
23:58:47.0572 5040 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
23:58:47.0582 5040 AtiHdmiService - ok
23:58:48.0196 5040 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
23:58:48.0305 5040 atikmdag - ok
23:58:48.0430 5040 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\drivers\AtiPcie.sys
23:58:48.0445 5040 AtiPcie - ok
23:58:48.0492 5040 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
23:58:48.0523 5040 atksgt - ok
23:58:48.0586 5040 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:58:48.0617 5040 AudioEndpointBuilder - ok
23:58:48.0617 5040 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:58:48.0664 5040 AudioSrv - ok
23:58:48.0711 5040 avgtp (e1b8ec60c85a266cb604cd46921606b4) C:\Windows\system32\drivers\avgtpx64.sys
23:58:48.0742 5040 avgtp - ok
23:58:48.0757 5040 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:58:48.0789 5040 AxInstSV - ok
23:58:48.0867 5040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:58:48.0898 5040 b06bdrv - ok
23:58:48.0929 5040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:58:48.0960 5040 b57nd60a - ok
23:58:48.0991 5040 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:58:49.0023 5040 BDESVC - ok
23:58:49.0038 5040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:58:49.0101 5040 Beep - ok
23:58:49.0179 5040 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:58:49.0257 5040 BFE - ok
23:58:49.0366 5040 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
23:58:49.0366 5040 BingDesktopUpdate - ok
23:58:49.0428 5040 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:58:49.0475 5040 BITS - ok
23:58:49.0522 5040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:58:49.0553 5040 blbdrive - ok
23:58:49.0631 5040 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:58:49.0647 5040 Bonjour Service - ok
23:58:49.0693 5040 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:58:49.0740 5040 bowser - ok
23:58:49.0756 5040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:58:49.0771 5040 BrFiltLo - ok
23:58:49.0771 5040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:58:49.0787 5040 BrFiltUp - ok
23:58:49.0818 5040 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:58:49.0834 5040 BridgeMP - ok
23:58:49.0865 5040 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:58:49.0896 5040 Browser - ok
23:58:49.0912 5040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:58:49.0974 5040 Brserid - ok
23:58:49.0974 5040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:58:50.0005 5040 BrSerWdm - ok
23:58:50.0005 5040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:58:50.0021 5040 BrUsbMdm - ok
23:58:50.0037 5040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:58:50.0037 5040 BrUsbSer - ok
23:58:50.0052 5040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:58:50.0068 5040 BTHMODEM - ok
23:58:50.0083 5040 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:58:50.0146 5040 bthserv - ok
23:58:50.0187 5040 catchme - ok
23:58:50.0197 5040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:58:50.0227 5040 cdfs - ok
23:58:50.0247 5040 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:58:50.0297 5040 cdrom - ok
23:58:50.0317 5040 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:58:50.0337 5040 CertPropSvc - ok
23:58:50.0347 5040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:58:50.0357 5040 circlass - ok
23:58:50.0387 5040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:58:50.0407 5040 CLFS - ok
23:58:50.0477 5040 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:58:50.0487 5040 clr_optimization_v2.0.50727_32 - ok
23:58:50.0527 5040 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:58:50.0537 5040 clr_optimization_v2.0.50727_64 - ok
23:58:50.0587 5040 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:58:50.0627 5040 clr_optimization_v4.0.30319_32 - ok
23:58:50.0657 5040 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:58:50.0667 5040 clr_optimization_v4.0.30319_64 - ok
23:58:50.0697 5040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:58:50.0717 5040 CmBatt - ok
23:58:50.0717 5040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:58:50.0727 5040 cmdide - ok
23:58:50.0787 5040 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:58:50.0837 5040 CNG - ok
23:58:50.0837 5040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:58:50.0847 5040 Compbatt - ok
23:58:50.0867 5040 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:58:50.0897 5040 CompositeBus - ok
23:58:50.0897 5040 COMSysApp - ok
23:58:50.0897 5040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:58:50.0907 5040 crcdisk - ok
23:58:50.0967 5040 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:58:50.0987 5040 CryptSvc - ok
23:58:51.0117 5040 CSObjectsSrv (6e5b42219f1fe4a3d087d9d501e343d5) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
23:58:51.0127 5040 CSObjectsSrv - ok
23:58:51.0277 5040 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:58:51.0307 5040 cvhsvc - ok
23:58:51.0427 5040 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:58:51.0457 5040 DcomLaunch - ok
23:58:51.0497 5040 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:58:51.0547 5040 defragsvc - ok
23:58:51.0597 5040 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:58:51.0657 5040 DfsC - ok
23:58:51.0697 5040 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:58:51.0777 5040 Dhcp - ok
23:58:51.0787 5040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:58:51.0837 5040 discache - ok
23:58:51.0867 5040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:58:51.0877 5040 Disk - ok
23:58:51.0897 5040 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:58:51.0927 5040 Dnscache - ok
23:58:51.0957 5040 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:58:52.0047 5040 dot3svc - ok
23:58:52.0077 5040 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:58:52.0117 5040 DPS - ok
23:58:52.0127 5040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:58:52.0167 5040 drmkaud - ok
23:58:52.0257 5040 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:58:52.0287 5040 DXGKrnl - ok
23:58:52.0287 5040 EagleX64 - ok
23:58:52.0307 5040 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:58:52.0357 5040 EapHost - ok
23:58:52.0547 5040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:58:52.0627 5040 ebdrv - ok
23:58:52.0747 5040 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:58:52.0807 5040 EFS - ok
23:58:52.0897 5040 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:58:52.0937 5040 ehRecvr - ok
23:58:52.0957 5040 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:58:52.0977 5040 ehSched - ok
23:58:53.0017 5040 ElRawDisk (f21a07780bbd64adef872f50e8ce2e75) C:\Windows\system32\drivers\ElRawDsk.sys
23:58:53.0027 5040 ElRawDisk - ok
23:58:53.0087 5040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:58:53.0117 5040 elxstor - ok
23:58:53.0117 5040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:58:53.0137 5040 ErrDev - ok
23:58:53.0207 5040 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:58:53.0257 5040 EventSystem - ok
23:58:53.0277 5040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:58:53.0317 5040 exfat - ok
23:58:53.0337 5040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:58:53.0387 5040 fastfat - ok
23:58:53.0447 5040 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:58:53.0487 5040 Fax - ok
23:58:53.0507 5040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:58:53.0527 5040 fdc - ok
23:58:53.0557 5040 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:58:53.0577 5040 fdPHost - ok
23:58:53.0597 5040 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:58:53.0637 5040 FDResPub - ok
23:58:53.0647 5040 FileDisk - ok
23:58:53.0677 5040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:58:53.0717 5040 FileInfo - ok
23:58:53.0727 5040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:58:53.0757 5040 Filetrace - ok
23:58:53.0757 5040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:58:53.0767 5040 flpydisk - ok
23:58:53.0797 5040 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:58:53.0837 5040 FltMgr - ok
23:58:54.0127 5040 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:58:54.0167 5040 FontCache - ok
23:58:54.0248 5040 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:58:54.0278 5040 FontCache3.0.0.0 - ok
23:58:54.0308 5040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:58:54.0318 5040 FsDepends - ok
23:58:54.0348 5040 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:58:54.0378 5040 Fs_Rec - ok
23:58:54.0398 5040 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:58:54.0418 5040 fvevol - ok
23:58:54.0438 5040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:58:54.0448 5040 gagp30kx - ok
23:58:54.0568 5040 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:58:54.0578 5040 GamesAppService - ok
23:58:54.0638 5040 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:58:54.0668 5040 GEARAspiWDM - ok
23:58:54.0738 5040 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
23:58:54.0768 5040 GoToAssist - ok
23:58:54.0848 5040 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:58:54.0888 5040 gpsvc - ok
23:58:54.0918 5040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:58:54.0938 5040 hcw85cir - ok
23:58:54.0968 5040 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:58:54.0998 5040 HDAudBus - ok
23:58:55.0008 5040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:58:55.0038 5040 HidBatt - ok
23:58:55.0048 5040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:58:55.0068 5040 HidBth - ok
23:58:55.0068 5040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:58:55.0088 5040 HidIr - ok
23:58:55.0108 5040 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:58:55.0158 5040 hidserv - ok
23:58:55.0178 5040 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:58:55.0188 5040 HidUsb - ok
23:58:55.0198 5040 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:58:55.0248 5040 hkmsvc - ok
23:58:55.0288 5040 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:58:55.0308 5040 HomeGroupListener - ok
23:58:55.0338 5040 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:58:55.0378 5040 HomeGroupProvider - ok
23:58:55.0398 5040 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:58:55.0408 5040 HpSAMD - ok
23:58:55.0468 5040 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:58:55.0528 5040 HTTP - ok
23:58:55.0548 5040 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:58:55.0558 5040 hwpolicy - ok
23:58:55.0568 5040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:58:55.0578 5040 i8042prt - ok
23:58:55.0598 5040 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:58:55.0618 5040 iaStorV - ok
23:58:55.0774 5040 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:58:55.0805 5040 idsvc - ok
23:58:55.0805 5040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:58:55.0820 5040 iirsp - ok
23:58:55.0898 5040 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:58:55.0945 5040 IKEEXT - ok
23:58:56.0101 5040 IntcAzAudAddService (9526f32b8a76f8dc25a1587400e30084) C:\Windows\system32\drivers\RTKVHD64.sys
23:58:56.0148 5040 IntcAzAudAddService - ok
23:58:56.0257 5040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:58:56.0273 5040 intelide - ok
23:58:56.0273 5040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
23:58:56.0304 5040 intelppm - ok
23:58:56.0522 5040 ioloSystemService (b5a662956977407c6b9b88a846fef9bd) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
23:58:56.0538 5040 ioloSystemService - ok
23:58:56.0569 5040 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:58:56.0609 5040 IPBusEnum - ok
23:58:56.0619 5040 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:58:56.0659 5040 IpFilterDriver - ok
23:58:56.0709 5040 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:58:56.0759 5040 iphlpsvc - ok
23:58:56.0779 5040 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:58:56.0809 5040 IPMIDRV - ok
23:58:56.0839 5040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:58:56.0869 5040 IPNAT - ok
23:58:56.0999 5040 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
23:58:57.0029 5040 iPod Service - ok
23:58:57.0039 5040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:58:57.0049 5040 IRENUM - ok
23:58:57.0069 5040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:58:57.0079 5040 isapnp - ok
23:58:57.0099 5040 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:58:57.0119 5040 iScsiPrt - ok
23:58:57.0169 5040 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:58:57.0189 5040 k57nd60a - ok
23:58:57.0199 5040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:58:57.0209 5040 kbdclass - ok
23:58:57.0219 5040 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:58:57.0249 5040 kbdhid - ok
23:58:57.0279 5040 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:58:57.0289 5040 KeyIso - ok
23:58:57.0349 5040 KL1 (73bf91efbe1f788d0615a396a9211a4b) C:\Windows\system32\DRIVERS\kl1.sys
23:58:57.0369 5040 KL1 - ok
23:58:57.0369 5040 kl2 (dc3cf56209c6a19124fedef1cbfaf55b) C:\Windows\system32\DRIVERS\kl2.sys
23:58:57.0379 5040 kl2 - ok
23:58:57.0459 5040 KLIF (06f1e403d712083930310eb4ba9032c2) C:\Windows\system32\DRIVERS\klif.sys
23:58:57.0469 5040 KLIF - ok
23:58:57.0479 5040 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
23:58:57.0489 5040 KLIM6 - ok
23:58:57.0499 5040 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
23:58:57.0509 5040 klmouflt - ok
23:58:57.0539 5040 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:58:57.0549 5040 KSecDD - ok
23:58:57.0569 5040 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:58:57.0579 5040 KSecPkg - ok
23:58:57.0599 5040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:58:57.0639 5040 ksthunk - ok
23:58:57.0709 5040 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:58:57.0749 5040 KtmRm - ok
23:58:57.0799 5040 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:58:57.0849 5040 LanmanServer - ok
23:58:57.0889 5040 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:58:57.0939 5040 LanmanWorkstation - ok
23:58:57.0979 5040 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
23:58:57.0989 5040 lirsgt - ok
23:58:57.0999 5040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:58:58.0049 5040 lltdio - ok
23:58:58.0089 5040 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:58:58.0139 5040 lltdsvc - ok
23:58:58.0159 5040 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:58:58.0189 5040 lmhosts - ok
23:58:58.0229 5040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:58:58.0239 5040 LSI_FC - ok
23:58:58.0249 5040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:58:58.0259 5040 LSI_SAS - ok
23:58:58.0269 5040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:58:58.0279 5040 LSI_SAS2 - ok
23:58:58.0289 5040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:58:58.0299 5040 LSI_SCSI - ok
23:58:58.0319 5040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:58:58.0379 5040 luafv - ok
23:58:58.0409 5040 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
23:58:58.0419 5040 MBAMProtector - ok
23:58:58.0519 5040 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:58:58.0529 5040 MBAMService - ok
23:58:58.0569 5040 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:58:58.0579 5040 Mcx2Svc - ok
23:58:58.0579 5040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:58:58.0589 5040 megasas - ok
23:58:58.0609 5040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:58:58.0629 5040 MegaSR - ok
23:58:58.0649 5040 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:58:58.0709 5040 MMCSS - ok
23:58:58.0719 5040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:58:58.0749 5040 Modem - ok
23:58:58.0779 5040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:58:58.0839 5040 monitor - ok
23:58:58.0859 5040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:58:58.0869 5040 mouclass - ok
23:58:58.0879 5040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:58:58.0929 5040 mouhid - ok
23:58:58.0959 5040 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:58:58.0969 5040 mountmgr - ok
23:58:59.0187 5040 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:58:59.0234 5040 MozillaMaintenance - ok
23:58:59.0250 5040 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:58:59.0265 5040 mpio - ok
23:58:59.0296 5040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:58:59.0312 5040 mpsdrv - ok
23:58:59.0406 5040 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:58:59.0452 5040 MpsSvc - ok
23:58:59.0468 5040 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:58:59.0499 5040 MRxDAV - ok
23:58:59.0530 5040 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:58:59.0577 5040 mrxsmb - ok
23:58:59.0608 5040 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:58:59.0655 5040 mrxsmb10 - ok
23:58:59.0671 5040 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:58:59.0702 5040 mrxsmb20 - ok
23:58:59.0718 5040 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:58:59.0733 5040 msahci - ok
23:58:59.0733 5040 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:58:59.0749 5040 msdsm - ok
23:58:59.0780 5040 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:58:59.0796 5040 MSDTC - ok
23:58:59.0811 5040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:58:59.0842 5040 Msfs - ok
23:58:59.0858 5040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:58:59.0889 5040 mshidkmdf - ok
23:58:59.0905 5040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:58:59.0920 5040 msisadrv - ok
23:58:59.0967 5040 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:59:00.0030 5040 MSiSCSI - ok
23:59:00.0030 5040 msiserver - ok
23:59:00.0092 5040 MSK80Service - ok
23:59:00.0123 5040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:59:00.0154 5040 MSKSSRV - ok
23:59:00.0154 5040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:00.0201 5040 MSPCLOCK - ok
23:59:00.0201 5040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:59:00.0242 5040 MSPQM - ok
23:59:00.0282 5040 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:59:00.0312 5040 MsRPC - ok
23:59:00.0322 5040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:59:00.0332 5040 mssmbios - ok
23:59:00.0332 5040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:59:00.0372 5040 MSTEE - ok
23:59:00.0382 5040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:59:00.0392 5040 MTConfig - ok
23:59:00.0422 5040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:59:00.0432 5040 Mup - ok
23:59:00.0492 5040 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:59:00.0542 5040 napagent - ok
23:59:00.0562 5040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:59:00.0582 5040 NativeWifiP - ok
23:59:00.0662 5040 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:59:00.0682 5040 NDIS - ok
23:59:00.0682 5040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:59:00.0712 5040 NdisCap - ok
23:59:00.0722 5040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:00.0752 5040 NdisTapi - ok
23:59:00.0752 5040 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:00.0782 5040 Ndisuio - ok
23:59:00.0812 5040 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:00.0892 5040 NdisWan - ok
23:59:00.0912 5040 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:59:00.0942 5040 NDProxy - ok
23:59:00.0952 5040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:59:01.0012 5040 NetBIOS - ok
23:59:01.0052 5040 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:59:01.0102 5040 NetBT - ok
23:59:01.0132 5040 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:01.0142 5040 Netlogon - ok
23:59:01.0192 5040 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:59:01.0232 5040 Netman - ok
23:59:01.0312 5040 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:01.0352 5040 NetMsmqActivator - ok
23:59:01.0362 5040 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:01.0372 5040 NetPipeActivator - ok
23:59:01.0412 5040 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:59:01.0462 5040 netprofm - ok
23:59:01.0462 5040 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:01.0472 5040 NetTcpActivator - ok
23:59:01.0472 5040 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:59:01.0482 5040 NetTcpPortSharing - ok
23:59:01.0522 5040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:59:01.0532 5040 nfrd960 - ok
23:59:01.0572 5040 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:59:01.0632 5040 NlaSvc - ok
23:59:01.0662 5040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:59:01.0692 5040 Npfs - ok
23:59:01.0712 5040 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:59:01.0742 5040 nsi - ok
23:59:01.0742 5040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:59:01.0772 5040 nsiproxy - ok
23:59:01.0912 5040 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:59:01.0952 5040 Ntfs - ok
23:59:02.0042 5040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:59:02.0072 5040 Null - ok
23:59:02.0132 5040 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:59:02.0172 5040 nvraid - ok
23:59:02.0182 5040 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:59:02.0192 5040 nvstor - ok
23:59:02.0212 5040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:59:02.0222 5040 nv_agp - ok
23:59:02.0232 5040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:59:02.0252 5040 ohci1394 - ok
23:59:02.0332 5040 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:59:02.0372 5040 ose - ok
23:59:02.0702 5040 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:59:02.0819 5040 osppsvc - ok
23:59:02.0955 5040 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:59:02.0985 5040 p2pimsvc - ok
23:59:03.0035 5040 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:59:03.0055 5040 p2psvc - ok
23:59:03.0105 5040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:59:03.0135 5040 Parport - ok
23:59:03.0165 5040 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:59:03.0195 5040 partmgr - ok
23:59:03.0215 5040 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:59:03.0245 5040 PcaSvc - ok
23:59:03.0305 5040 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
23:59:03.0315 5040 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
23:59:03.0345 5040 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:59:03.0355 5040 pci - ok
23:59:03.0355 5040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:59:03.0365 5040 pciide - ok
23:59:03.0385 5040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:59:03.0395 5040 pcmcia - ok
23:59:03.0405 5040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:59:03.0415 5040 pcw - ok
23:59:03.0465 5040 PDFsFilter (8570c04d9dbfddd2ccf655deb4d84715) C:\Windows\system32\DRIVERS\PDFsFilter.sys
23:59:03.0495 5040 PDFsFilter - ok
23:59:03.0545 5040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:59:03.0595 5040 PEAUTH - ok
23:59:03.0685 5040 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:59:03.0725 5040 PerfHost - ok
23:59:03.0915 5040 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:59:03.0955 5040 pla - ok
23:59:04.0005 5040 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:59:04.0045 5040 PlugPlay - ok
23:59:04.0065 5040 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:59:04.0085 5040 PNRPAutoReg - ok
23:59:04.0115 5040 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:59:04.0125 5040 PNRPsvc - ok
23:59:04.0325 5040 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:59:04.0385 5040 PolicyAgent - ok
23:59:04.0415 5040 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:59:04.0465 5040 Power - ok
23:59:04.0515 5040 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:59:04.0575 5040 PptpMiniport - ok
23:59:04.0595 5040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:59:04.0625 5040 Processor - ok
23:59:04.0675 5040 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:59:04.0715 5040 ProfSvc - ok
23:59:04.0755 5040 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:04.0785 5040 ProtectedStorage - ok
23:59:04.0805 5040 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:59:04.0835 5040 Psched - ok
23:59:04.0855 5040 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:59:04.0865 5040 PxHlpa64 - ok
23:59:04.0963 5040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:59:05.0010 5040 ql2300 - ok
23:59:05.0134 5040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:59:05.0150 5040 ql40xx - ok
23:59:05.0181 5040 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:59:05.0212 5040 QWAVE - ok
23:59:05.0228 5040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:59:05.0244 5040 QWAVEdrv - ok
23:59:05.0259 5040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:59:05.0290 5040 RasAcd - ok
23:59:05.0322 5040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:59:05.0368 5040 RasAgileVpn - ok
23:59:05.0384 5040 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:59:05.0462 5040 RasAuto - ok
23:59:05.0478 5040 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:05.0540 5040 Rasl2tp - ok
23:59:05.0587 5040 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:59:05.0634 5040 RasMan - ok
23:59:05.0665 5040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:05.0727 5040 RasPppoe - ok
23:59:05.0758 5040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:59:05.0790 5040 RasSstp - ok
23:59:05.0805 5040 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:59:05.0852 5040 rdbss - ok
23:59:05.0868 5040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:59:05.0883 5040 rdpbus - ok
23:59:05.0914 5040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:05.0977 5040 RDPCDD - ok
23:59:05.0992 5040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:59:06.0024 5040 RDPENCDD - ok
23:59:06.0024 5040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:59:06.0055 5040 RDPREFMP - ok
23:59:06.0102 5040 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:59:06.0102 5040 RDPWD - ok
23:59:06.0133 5040 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:59:06.0148 5040 rdyboost - ok
23:59:06.0180 5040 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:59:06.0242 5040 RemoteAccess - ok
23:59:06.0273 5040 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:59:06.0304 5040 RemoteRegistry - ok
23:59:06.0476 5040 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:59:06.0507 5040 RoxMediaDB12OEM - ok
23:59:06.0538 5040 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:59:06.0554 5040 RoxWatch12 - ok
23:59:06.0648 5040 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:59:06.0694 5040 RpcEptMapper - ok
23:59:06.0710 5040 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:59:06.0730 5040 RpcLocator - ok
23:59:06.0770 5040 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
23:59:06.0800 5040 RpcSs - ok
23:59:06.0830 5040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:59:06.0870 5040 rspndr - ok
23:59:06.0910 5040 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:06.0930 5040 SamSs - ok
23:59:06.0970 5040 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:59:06.0980 5040 sbp2port - ok
23:59:07.0020 5040 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:59:07.0050 5040 SCardSvr - ok
23:59:07.0060 5040 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:59:07.0100 5040 scfilter - ok
23:59:07.0190 5040 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:59:07.0230 5040 Schedule - ok
23:59:07.0260 5040 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:59:07.0290 5040 SCPolicySvc - ok
23:59:07.0310 5040 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:59:07.0330 5040 SDRSVC - ok
23:59:07.0400 5040 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:59:07.0430 5040 SeaPort - ok
23:59:07.0470 5040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:59:07.0530 5040 secdrv - ok
23:59:07.0550 5040 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:59:07.0580 5040 seclogon - ok
23:59:07.0590 5040 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:59:07.0640 5040 SENS - ok
23:59:07.0660 5040 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:59:07.0680 5040 SensrSvc - ok
23:59:07.0700 5040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:59:07.0720 5040 Serenum - ok
23:59:07.0730 5040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:59:07.0740 5040 Serial - ok
23:59:07.0740 5040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:59:07.0760 5040 sermouse - ok
23:59:07.0790 5040 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:59:07.0860 5040 SessionEnv - ok
23:59:07.0860 5040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:59:07.0880 5040 sffdisk - ok
23:59:07.0890 5040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:59:07.0900 5040 sffp_mmc - ok
23:59:07.0910 5040 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:59:07.0920 5040 sffp_sd - ok
23:59:07.0930 5040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:59:07.0940 5040 sfloppy - ok
23:59:08.0030 5040 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:59:08.0050 5040 Sftfs - ok
23:59:08.0160 5040 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:59:08.0180 5040 sftlist - ok
23:59:08.0220 5040 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:59:08.0240 5040 Sftplay - ok
23:59:08.0250 5040 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:59:08.0250 5040 Sftredir - ok
23:59:08.0400 5040 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:59:08.0430 5040 SftService - ok
23:59:08.0560 5040 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:59:08.0590 5040 Sftvol - ok
23:59:08.0680 5040 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:59:08.0690 5040 sftvsa - ok
23:59:08.0740 5040 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:59:08.0770 5040 SharedAccess - ok
23:59:08.0830 5040 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:59:08.0860 5040 ShellHWDetection - ok
23:59:08.0890 5040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:59:08.0910 5040 SiSRaid2 - ok
23:59:08.0910 5040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:59:08.0930 5040 SiSRaid4 - ok
23:59:08.0990 5040 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:59:09.0010 5040 SkypeUpdate - ok
23:59:09.0020 5040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:59:09.0060 5040 Smb - ok
23:59:09.0090 5040 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:59:09.0110 5040 SNMPTRAP - ok
23:59:09.0130 5040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:59:09.0150 5040 spldr - ok
23:59:09.0190 5040 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:59:09.0230 5040 Spooler - ok
23:59:09.0530 5040 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:59:09.0630 5040 sppsvc - ok
23:59:09.0740 5040 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:59:09.0790 5040 sppuinotify - ok
23:59:09.0850 5040 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:59:09.0890 5040 srv - ok
23:59:09.0930 5040 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:59:09.0970 5040 srv2 - ok
23:59:10.0000 5040 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:59:10.0040 5040 srvnet - ok
23:59:10.0070 5040 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:59:10.0100 5040 SSDPSRV - ok
23:59:10.0120 5040 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:59:10.0140 5040 SstpSvc - ok
23:59:10.0202 5040 Steam Client Service - ok
23:59:10.0249 5040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:59:10.0280 5040 stexstor - ok
23:59:10.0343 5040 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:59:10.0405 5040 stisvc - ok
23:59:10.0483 5040 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:59:10.0499 5040 stllssvr - ok
23:59:10.0530 5040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:59:10.0530 5040 swenum - ok
23:59:10.0577 5040 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:59:10.0639 5040 swprv - ok
23:59:10.0764 5040 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:59:10.0811 5040 SysMain - ok
23:59:10.0920 5040 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:59:10.0936 5040 TabletInputService - ok
23:59:10.0967 5040 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:59:10.0998 5040 TapiSrv - ok
23:59:11.0014 5040 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:59:11.0045 5040 TBS - ok
23:59:11.0201 5040 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:59:11.0248 5040 Tcpip - ok
23:59:11.0404 5040 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:59:11.0435 5040 TCPIP6 - ok
23:59:11.0513 5040 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:59:11.0560 5040 tcpipreg - ok
23:59:11.0575 5040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:59:11.0591 5040 TDPIPE - ok
23:59:11.0606 5040 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:59:11.0638 5040 TDTCP - ok
23:59:11.0653 5040 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:59:11.0684 5040 tdx - ok
23:59:11.0700 5040 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:59:11.0700 5040 TermDD - ok
23:59:11.0778 5040 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:59:11.0809 5040 TermService - ok
23:59:11.0825 5040 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:59:11.0856 5040 Themes - ok
23:59:11.0887 5040 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:59:11.0918 5040 THREADORDER - ok
23:59:11.0934 5040 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:59:12.0012 5040 TrkWks - ok
23:59:12.0074 5040 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:59:12.0152 5040 TrustedInstaller - ok
23:59:12.0152 5040 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:12.0184 5040 tssecsrv - ok
23:59:12.0215 5040 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:59:12.0262 5040 TsUsbFlt - ok
23:59:12.0293 5040 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:59:12.0293 5040 TsUsbGD - ok
23:59:12.0324 5040 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:59:12.0355 5040 tunnel - ok
23:59:12.0355 5040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:59:12.0371 5040 uagp35 - ok
23:59:12.0402 5040 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:59:12.0449 5040 udfs - ok
23:59:12.0480 5040 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:59:12.0527 5040 UI0Detect - ok
23:59:12.0527 5040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:59:12.0542 5040 uliagpkx - ok
23:59:12.0574 5040 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:59:12.0652 5040 umbus - ok
23:59:12.0667 5040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:59:12.0698 5040 UmPass - ok
23:59:12.0745 5040 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:59:12.0808 5040 upnphost - ok
23:59:13.0010 5040 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:59:13.0062 5040 USBAAPL64 - ok
23:59:13.0072 5040 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
23:59:13.0092 5040 usbccgp - ok
23:59:13.0102 5040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:59:13.0112 5040 usbcir - ok
23:59:13.0142 5040 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:59:13.0152 5040 usbehci - ok
23:59:13.0182 5040 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:59:13.0192 5040 usbhub - ok
23:59:13.0202 5040 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:59:13.0232 5040 usbohci - ok
23:59:13.0242 5040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:59:13.0262 5040 usbprint - ok
23:59:13.0282 5040 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:13.0332 5040 USBSTOR - ok
23:59:13.0332 5040 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:59:13.0352 5040 usbuhci - ok
23:59:13.0382 5040 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:59:13.0462 5040 UxSms - ok
23:59:13.0492 5040 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:13.0502 5040 VaultSvc - ok
23:59:13.0512 5040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:59:13.0522 5040 vdrvroot - ok
23:59:13.0572 5040 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:59:13.0632 5040 vds - ok
23:59:13.0632 5040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:13.0652 5040 vga - ok
23:59:13.0682 5040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:59:13.0762 5040 VgaSave - ok
23:59:13.0872 5040 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:59:13.0882 5040 vhdmp - ok
23:59:13.0892 5040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:59:13.0902 5040 viaide - ok
23:59:14.0342 5040 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:59:14.0362 5040 volmgr - ok
23:59:14.0402 5040 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:59:14.0422 5040 volmgrx - ok
23:59:14.0462 5040 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:59:14.0482 5040 volsnap - ok
23:59:14.0612 5040 vseamps (1de8494eb32a68d2140fd120bab2de43) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
23:59:14.0622 5040 vseamps - ok
23:59:14.0662 5040 vsedsps (53604f5091eb1100b930b7e34f593660) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
23:59:14.0672 5040 vsedsps - ok
23:59:14.0702 5040 vseqrts (54f18665937f657842bc195bd2cb489c) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
23:59:14.0742 5040 vseqrts - ok
23:59:14.0762 5040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:59:14.0772 5040 vsmraid - ok
23:59:14.0922 5040 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:59:15.0002 5040 VSS - ok
23:59:15.0032 5040 vtany - ok
23:59:15.0195 5040 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
23:59:15.0211 5040 vToolbarUpdater12.1.5 - ok
23:59:15.0320 5040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:59:15.0367 5040 vwifibus - ok
23:59:15.0414 5040 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:59:15.0460 5040 W32Time - ok
23:59:15.0492 5040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:59:15.0507 5040 WacomPen - ok
23:59:15.0538 5040 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:15.0585 5040 WANARP - ok
23:59:15.0585 5040 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:15.0616 5040 Wanarpv6 - ok
23:59:15.0913 5040 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:59:15.0944 5040 WatAdminSvc - ok
23:59:16.0053 5040 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:59:16.0131 5040 wbengine - ok
23:59:16.0251 5040 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:59:16.0281 5040 WbioSrvc - ok
23:59:16.0351 5040 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:59:16.0391 5040 wcncsvc - ok
23:59:16.0421 5040 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:59:16.0451 5040 WcsPlugInService - ok
23:59:16.0491 5040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:59:16.0521 5040 Wd - ok
23:59:16.0571 5040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:59:16.0591 5040 Wdf01000 - ok
23:59:16.0611 5040 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:59:16.0631 5040 WdiServiceHost - ok
23:59:16.0631 5040 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:59:16.0651 5040 WdiSystemHost - ok
23:59:16.0681 5040 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:59:16.0721 5040 WebClient - ok
23:59:16.0751 5040 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:59:16.0811 5040 Wecsvc - ok
23:59:16.0831 5040 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:59:16.0861 5040 wercplsupport - ok
23:59:16.0881 5040 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:59:16.0911 5040 WerSvc - ok
23:59:16.0951 5040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:59:16.0981 5040 WfpLwf - ok
23:59:17.0031 5040 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
23:59:17.0061 5040 WimFltr - ok
23:59:17.0061 5040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:59:17.0081 5040 WIMMount - ok
23:59:17.0111 5040 WinDefend - ok
23:59:17.0121 5040 WinHttpAutoProxySvc - ok
23:59:17.0181 5040 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:59:17.0231 5040 Winmgmt - ok
23:59:17.0382 5040 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:59:17.0452 5040 WinRM - ok
23:59:17.0582 5040 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:59:17.0592 5040 WinUsb - ok
23:59:17.0682 5040 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:59:17.0732 5040 Wlansvc - ok
23:59:17.0782 5040 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:59:17.0802 5040 wlcrasvc - ok
23:59:17.0982 5040 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:59:18.0012 5040 wlidsvc - ok
23:59:18.0122 5040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:59:18.0142 5040 WmiAcpi - ok
23:59:18.0220 5040 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:59:18.0251 5040 wmiApSrv - ok
23:59:18.0314 5040 WMPNetworkSvc - ok
23:59:18.0345 5040 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:59:18.0361 5040 WPCSvc - ok
23:59:18.0392 5040 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:59:18.0392 5040 WPDBusEnum - ok
23:59:18.0423 5040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:59:18.0454 5040 ws2ifsl - ok
23:59:18.0485 5040 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:59:18.0517 5040 wscsvc - ok
23:59:18.0517 5040 WSearch - ok
23:59:18.0704 5040 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:59:18.0735 5040 wuauserv - ok
23:59:18.0985 5040 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:59:19.0031 5040 WudfPf - ok
23:59:19.0063 5040 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:19.0125 5040 WUDFRd - ok
23:59:19.0156 5040 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:59:19.0187 5040 wudfsvc - ok
23:59:19.0219 5040 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:59:19.0265 5040 WwanSvc - ok
23:59:19.0328 5040 X6va006 - ok
23:59:19.0453 5040 X6va009 - ok
23:59:19.0468 5040 xsherlock - ok
23:59:19.0484 5040 xspirit - ok
23:59:19.0499 5040 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:59:19.0546 5040 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:59:19.0546 5040 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:59:19.0624 5040 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:59:19.0624 5040 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:59:19.0640 5040 Boot (0x1200) (d857b42159e53320c227e69786c4884a) \Device\Harddisk0\DR0\Partition0
23:59:19.0640 5040 \Device\Harddisk0\DR0\Partition0 - ok
23:59:19.0671 5040 Boot (0x1200) (8c9a28b321709804a4bb2a58b946a10e) \Device\Harddisk0\DR0\Partition1
23:59:19.0671 5040 \Device\Harddisk0\DR0\Partition1 - ok
23:59:19.0671 5040 ============================================================
23:59:19.0671 5040 Scan finished
23:59:19.0671 5040 ============================================================
23:59:19.0687 2304 Detected object count: 3
23:59:19.0687 2304 Actual detected object count: 3
00:00:05.0842 2304 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:00:05.0842 2304 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
00:00:06.0528 2304 \Device\Harddisk0\DR0\# - copied to quarantine
00:00:06.0528 2304 \Device\Harddisk0\DR0 - copied to quarantine
00:00:06.0575 2304 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:00:06.0575 2304 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:00:06.0590 2304 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
00:00:06.0590 2304 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
00:00:06.0606 2304 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:00:06.0606 2304 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:00:06.0606 2304 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:00:06.0622 2304 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:00:06.0622 2304 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:00:06.0622 2304 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:00:06.0622 2304 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:00:06.0622 2304 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:00:06.0622 2304 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:00:06.0622 2304 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:00:06.0653 2304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
00:00:06.0653 2304 \Device\Harddisk0\DR0 - ok
00:00:06.0668 2304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
00:00:06.0668 2304 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:00:06.0668 2304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:01:05.0625 5888 Deinitialize success





All processes killed
========== OTL ==========
Process svchost.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
c:\Program Files\mcafee\msk\mskapbho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
File C:\Program Files (x86)\Wajam\IE\priam_bho.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4102987237-965059444-1089211783-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Apps deleted successfully.
C:\Users\Chris\AppData\Local\Darksiders\Apps\mibhoh.dll moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\ not found.
C:\Users\Chris\AppData\Local\Wajam\Chrome folder moved successfully.
C:\Users\Chris\AppData\Local\Wajam folder moved successfully.
C:\WINDOWS\svchost.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Downloads\cmd.bat deleted successfully.
C:\Users\Chris\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 141499519 bytes
->Temporary Internet Files folder emptied: 340314808 bytes
->Java cache emptied: 67232 bytes
->FireFox cache emptied: 160972835 bytes
->Flash cache emptied: 45301 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 41539584 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 673139 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 2998 bytes

Total Files Cleaned = 654.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08102012_225254

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S2B05TX\addons-tracker-v4[1].htm moved successfully.
File\Folder C:\Windows\temp\CHRIS-PC.lck not found!

PendingFileRenameOperations files...
File C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S2B05TX\addons-tracker-v4[1].htm not found!
File C:\Windows\temp\CHRIS-PC.lck not found!

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Let;s run TDSSKiller again using the same instructions we have in Post #7 and Step 5. with one exception select delete for this one entry:

\Device\Harddisk0\DR0 ( TDSS File System )


Then post the resultant TDSSKiller log.
  • 0

#12
wyrdaar

wyrdaar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
That entry doesn't appear when i do the scan, only something that says:


Hidden File

Service: Akamai

Suspicious object, medium risk

unless that is the file you are talking about nothing else appears
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Do you recognize any of these files?


c:\windows\vtany.sys
c:\users\Chris\AppData\Local\Temp\006ADD3.tmp
c:\windows\SysWOW64\Drivers\X6va009
c:\windows\system32\xsherlock.xem
c:\windows\xspirit.sys
  • 0

#14
wyrdaar

wyrdaar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I don't have any of those files, i went through my whole computer.
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Rootkit::
c:\windows\vtany.sys
c:\users\Chris\AppData\Local\Temp\006ADD3.tmp
c:\windows\SysWOW64\Drivers\X6va009
c:\windows\system32\xsherlock.xem
c:\windows\xspirit.sys

Registry::
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"=-

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"=-

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"=-


Driver::
vtany
X6va006
X6va009
xsherlock
xspirit



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP