Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant URL:Mal svchost.exe alerts [Solved]

Started by IanF , Aug 11 2012 11:21 AM

  • This topic is locked This topic is locked

#1
IanF
Posted 11 August 2012 - 11:21 AM

IanF

    New Member

  • Member
  • Pip
  • 5 posts
Hello,

Over the last couple of days, my computer has been behaving oddly. I do not remember installing or downloading anything specifically dubious within the specified timeframe, but my understanding is that my computer is infected with a worm or malware of some sort. Complete scans with AVG, Avast!, CCleaner and Malwarebytes have reported no specific issues, or anyway, none that could be fixed.

Among the effects noticed, my Internet connection is much slower than usual (unusual lag on YouTube, long time to connect to webpages, unexplainable high ping in video games) and anything related to Google will not load in any browswer (making it impossible to use the search feature on some websites and using captcha). AVG reports unusual amounts of memory (300MB - 400 MB) being spent in Firefox every now and then. It has also become a gamble to boot up in safe mode for it'll only work a few times out of many. I could also not run any version OTL in normal mode since an error message concerning a faulty driver/peripheral kept popping up; I had to run OTL.exe in safe mode.

A detail worth noting, I suppose, is that I have only used Mozilla Firefox as a browser untill the problem showed up. Then I started trying to use Chrome and Explorer, to see if anything would be different. Turns out everything's affected.

Avast! keeps reporting blocked connection attempts to URLS and an IP adress I have never seen before, by svchost.exe. The last pop-up gave the following information:

URL: http://colexity777.com/x/
Process: C:\Windows\system32\svchost.exe
Infection: URL:Mal

And here is the OTL log (also attached to post for convenience):

OTL logfile created on: 2012-08-11 12:41:47 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ian\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 85,92% Memory free
6,19 Gb Paging File | 5,98 Gb Available in Paging File | 96,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,36 Gb Total Space | 29,79 Gb Free Space | 22,17% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,41 Gb Free Space | 43,77% Space Free | Partition Type: NTFS
Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-DE-IAN | User Name: Ian | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-09 17:17:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Downloads\OTL.exe
PRC - [2009-04-11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2002-04-17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Modules (No Company Name) ==========

MOD - [2002-04-17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002-04-17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - [2012-07-17 17:00:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-07-03 02:13:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-06-25 14:27:54 | 000,696,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kilgray\memoQ60\AUClient.exe -- (Kilgray: memoQ update permissions manager. 9841208.)
SRV - [2012-06-05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-11-02 14:50:06 | 000,696,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kilgray\memoQ40\AUClient.exe -- (Kilgray: memoQ update permissions manager. 979430.)
SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-06-05 16:44:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-09-30 11:31:14 | 004,195,960 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008-12-18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008-12-15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008-12-15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008-05-07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008-01-20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-01-04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ian\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012-07-03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-07-03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-07-03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-07-03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-07-03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-07-03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-05-14 22:35:52 | 000,079,104 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzudd.sys -- (rzudd)
DRV - [2012-04-10 14:51:16 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2011-10-07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011-10-04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-09-13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-08-08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-07-11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-07-11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-07-11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011-07-11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010-06-17 18:18:24 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-04-12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010-01-16 19:01:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009-12-01 16:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009-05-08 21:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009-04-11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-01-21 02:57:22 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009-01-21 02:57:22 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-12-22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008-12-15 00:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008-09-04 01:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008-01-20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007-05-30 21:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0420Vid.sys -- (V0420VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}
IE - HKLM\..\SearchScopes\{4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}
IE - HKCU\..\SearchScopes\{4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}: "URL" = http://search.live.c...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.radio-can...grands-titres/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.11
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected] [2010-08-02 14:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-08-08 10:41:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-08-09 00:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-17 17:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-08 21:14:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-17 17:00:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-08 21:14:12 | 000,000,000 | ---D | M]

[2009-06-20 03:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\mozilla\Extensions
[2009-06-20 03:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\mozilla\Extensions\[email protected]
[2012-08-04 03:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions
[2012-06-10 14:34:37 | 000,000,000 | ---D | M] (Module d'Antidote) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2012-07-18 02:48:45 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2011-10-09 17:22:39 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2012-03-25 17:23:59 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2012-07-15 13:00:48 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected](113).com
[2012-08-07 10:32:48 | 000,001,088 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\mvz0ttcf.default\searchplugins\dictionarycom.xml
[2010-08-05 18:08:43 | 000,001,196 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\mvz0ttcf.default\searchplugins\winamp-search.xml
[2012-05-06 23:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-07 21:22:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-08-08 10:41:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012-07-29 21:12:34 | 000,197,500 | ---- | M] () (No name found) -- C:\USERS\IAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVZ0TTCF.DEFAULT\EXTENSIONS\[email protected]
[2008-01-20 22:33:22 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\IAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVZ0TTCF.DEFAULT\EXTENSIONS\[email protected]
[2011-10-21 20:56:54 | 000,143,480 | ---- | M] () (No name found) -- C:\USERS\IAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVZ0TTCF.DEFAULT\EXTENSIONS\[email protected]
[2009-09-02 03:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-07-17 17:00:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-13 19:06:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007-04-16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010-07-12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-06-19 12:47:16 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012-06-19 12:47:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-19 12:47:16 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012-06-19 12:47:16 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012-06-19 12:47:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012-06-19 12:47:16 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CodecC = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2006-09-18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN File not found
O4 - HKLM..\Run: [C:\Windows\system32\V0420Ext.ax] C:\Windows\System32\V0420Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27CE149E-9C35-4DA0-9A42-B1BF15695566}: DhcpNameServer = 132.210.13.2 132.210.10.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64165795-5090-40BB-B377-B60A44F01738}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ian\Dossiers divers\Images\Lulz\Wallpapers\tumblr_lxz8bhC8wU1r5x74wo1_1280.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ian\Dossiers divers\Images\Lulz\Wallpapers\tumblr_lxz8bhC8wU1r5x74wo1_1280.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7e1baacd-23bf-11df-9c8b-0023ae24a631}\Shell - "" = AutoRun
O33 - MountPoints2\{7e1baacd-23bf-11df-9c8b-0023ae24a631}\Shell\AutoRun\command - "" = D:\Startup.exe
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\AutoRun\command - "" = D:\rcaeasyrip_setup.exe
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\install\command - "" = D:\rcaeasyrip_setup.exe
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\usermanualEnglish\command - "" = D:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\usermanualFrench\command - "" = D:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\usermanualSpanish\command - "" = D:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-11 11:44:14 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{39311C15-F9E0-48D9-A551-64791F50C40A}
[2012-08-11 11:44:00 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8FABB927-C644-41ED-8866-CABCF0E1AB34}
[2012-08-10 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A93C7367-5392-4014-82C2-2400EC33808A}
[2012-08-10 22:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{281B05F4-8739-46A0-9F03-FAD3AAD4154E}
[2012-08-10 18:23:18 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\Proof of ID
[2012-08-10 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C109840B-A912-40C4-9715-7A7D63CCA7C1}
[2012-08-10 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{25B0B5A2-5E07-421C-8C05-D224413936FC}
[2012-08-09 19:56:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-08-09 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2005 Power Packs
[2012-08-09 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Microsoft Help
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Microsoft Visual Basic 2005 Power Packs
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Basic 2005 Power Packs
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012-08-09 17:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012-08-09 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{969014D8-835E-460F-B80A-F18E3A74B9A1}
[2012-08-09 11:03:01 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C6561128-8339-4786-85A8-3034F82F7614}
[2012-08-09 01:33:28 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-08-09 00:12:00 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\AVG2012
[2012-08-09 00:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012-08-09 00:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012-08-09 00:10:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012-08-09 00:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012-08-09 00:01:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012-08-09 00:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-08-08 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{310CF479-4B79-478E-8018-C2C6A295A2CA}
[2012-08-08 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{3EC1A408-91C7-45B9-9E6A-6FD272A92E35}
[2012-08-08 17:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012-08-08 17:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012-08-08 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-08-08 10:39:31 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{4DAFA293-D81A-43D2-BE5D-CE33C4CE4D79}
[2012-08-08 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{67EBB44F-4180-4717-B76B-1632D9108DB4}
[2012-08-08 10:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8910C032-FEB7-4559-92A7-3EB37D20297E}
[2012-08-08 03:33:01 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{15079CA2-1E74-4489-B5D9-804417B63FF2}
[2012-08-07 15:21:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{6B783FC2-6C22-4D05-ADD4-D8953E49E323}
[2012-08-07 15:21:17 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{B138D50D-B9ED-4595-8D92-C7E62E909F1D}
[2012-08-07 03:21:19 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{DDCA2ED2-9B99-473F-94C2-6E09470FE7AE}
[2012-08-06 10:08:19 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{9CED1E3F-2676-49BC-8821-E7DDD9218C82}
[2012-08-06 10:07:43 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{91A199B3-FC75-41A1-B74B-989BEC5F4FE5}
[2012-08-04 00:29:35 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\asssssssssjhlkl
[2012-08-03 10:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{6AB6915C-EE63-44A3-82E1-188661116BDF}
[2012-08-03 10:08:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{124F82F2-E291-43CE-BCC7-A1B6120CE7D6}
[2012-08-02 10:27:26 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\Stormblade
[2012-08-02 10:07:18 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C004858D-903D-4F32-B973-F99297134552}
[2012-08-02 10:06:18 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{3BCD5921-A9FA-4DC0-8C44-5361AC78315D}
[2012-08-02 03:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012-08-02 03:23:06 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012-08-02 03:23:06 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012-08-02 03:23:06 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012-08-02 03:23:06 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012-08-02 03:23:05 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012-08-02 03:23:05 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012-08-02 03:23:05 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012-08-02 03:23:05 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012-08-02 03:23:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\FreeAudioPack
[2012-08-02 03:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012-08-01 23:26:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{7A0644A3-BB6F-4518-839A-F5CC61BAAA53}
[2012-08-01 10:10:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8D1F5F3E-2238-41E7-A52C-3A8F6BB71A37}
[2012-08-01 10:09:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{13A6CEA9-83C0-41E2-8710-2BC077340741}
[2012-07-31 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{B6298023-C2F4-43CD-BCC8-313CAEA296FC}
[2012-07-31 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{88A4A29B-77E4-4D26-9AA6-633958CF6601}
[2012-07-31 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{17DDD854-01E5-4726-ADEB-8AADFC83C53B}
[2012-07-31 10:05:58 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{CD9B98D5-5823-470B-A8EF-8D08621E6690}
[2012-07-30 10:09:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{125BE422-3352-498A-B44B-D2FD6AFED8CC}
[2012-07-30 10:08:16 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A6DFAC41-05B9-4687-A51E-270FAA34C45A}
[2012-07-30 02:58:43 | 000,086,683 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2012-07-30 02:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Audio Extractor Platinum
[2012-07-30 02:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\AoA Audio Extractor Platinum
[2012-07-29 12:07:40 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{346276E0-F986-49E0-94F6-952E0C6FB476}
[2012-07-27 22:10:31 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{DD7A3C1F-B979-4F42-9C66-754A0D441152}
[2012-07-27 22:09:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{AD9938F1-4CCD-4AF0-9907-C3FFA6109942}
[2012-07-27 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{13671CA5-00BC-4F74-AD60-71D27BC904B7}
[2012-07-27 10:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{EFEEF196-F553-408E-8353-DA81CC146AF2}
[2012-07-26 10:08:29 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{1D4F0F82-A6B5-4FCF-B788-433D1ED34450}
[2012-07-26 10:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{69DF9E69-B8F1-47EA-97D2-7A37FB406080}
[2012-07-25 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\FMC
[2012-07-25 10:09:58 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{D85A8D60-2E60-4525-A5F8-F547BC470800}
[2012-07-25 10:09:24 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{E7991644-9EE0-4A15-9DFB-FEA211C69E6F}
[2012-07-24 22:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C8B23C1B-9B7D-4F91-90A3-E6CE0850FBE6}
[2012-07-24 22:08:09 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8ED8823F-E521-4BD6-913B-1FFB59E9190F}
[2012-07-24 10:07:34 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{084B0E04-8C94-47F9-869E-C0E4C7872F82}
[2012-07-24 10:06:25 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A14DBB6D-3266-497D-B46C-A6B0284C7D47}
[2012-07-23 10:07:06 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{374ACB4B-6AAF-40F1-A07E-4B5BBA2B9FCB}
[2012-07-23 10:05:54 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{D41E6B7D-2E62-4848-9090-30E37CEA334D}
[2012-07-20 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{41CB8D95-1612-4212-BB41-30B7F6068EA3}
[2012-07-20 10:45:35 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{D4E9D350-BFEB-424C-BA2B-AA4659B771D8}
[2012-07-19 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A91FDD68-C331-4267-95F3-09BE9C099E92}
[2012-07-19 22:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{681643AD-1472-46F7-8CBB-B7F1F75976CF}
[2012-07-19 10:07:15 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{FCF73A82-8E35-45C6-AEC4-83F3EBC79014}
[2012-07-19 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A3615BA3-5ACC-4752-B4DB-8D52D225C436}
[2012-07-18 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\LogMeIn Hamachi
[2012-07-18 21:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012-07-18 21:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012-07-18 10:06:27 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{CDAD3843-C55D-405D-BD5B-F47152CD2BD7}
[2012-07-18 10:05:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{BEB4B3AD-2A6E-4EE5-95F1-43EE0139ECE4}
[2012-07-17 10:06:49 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{80E43C60-2493-483D-B6BE-2379F7C3307E}
[2012-07-17 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{485A5D72-CA5E-40D5-8953-967A349725CF}
[2012-07-16 13:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\QC FR vs FR FR
[2012-07-16 10:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{0064500B-0976-4755-A087-809C28CBDD5F}
[2012-07-16 10:11:47 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{35D5335E-90D7-4556-A69C-59BA89D44F9A}
[2012-07-13 10:25:26 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C9FB85DB-A5F1-49E3-8C99-293BEC165762}
[2012-07-13 10:24:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{01DD1A9E-2181-4062-8F6F-600BF2C5EE53}
[2006-06-26 01:33:46 | 000,163,840 | ---- | C] (アリスソフト) -- C:\Users\Ian\AppData\Local\Tempals_inst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-11 12:46:56 | 000,007,512 | ---- | M] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat
[2012-08-11 12:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-08-11 12:39:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-11 12:39:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-11 12:26:08 | 000,729,886 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012-08-11 12:26:08 | 000,641,070 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-08-11 12:26:08 | 000,149,692 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012-08-11 12:26:08 | 000,122,954 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-08-11 12:22:02 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-11 12:22:02 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012-08-11 11:46:26 | 103,576,853 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-08-11 11:42:44 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-11 03:22:12 | 000,222,720 | ---- | M] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-10 18:30:26 | 001,697,858 | ---- | M] () -- C:\Users\Ian\Desktop\ID Check_Fafard.zip
[2012-08-09 00:10:56 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012-08-08 17:26:57 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-08-08 17:26:57 | 000,001,917 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-08-08 17:23:27 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-08-08 10:42:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012-08-08 10:29:09 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-06 15:38:30 | 000,108,299 | ---- | M] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o2_1280.png
[2012-08-06 15:38:22 | 000,110,325 | ---- | M] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o1_1280.png
[2012-08-06 15:28:03 | 000,539,289 | ---- | M] () -- C:\Users\Ian\Desktop\Katenborough.wma
[2012-08-06 15:24:49 | 000,054,369 | ---- | M] () -- C:\Users\Ian\Desktop\gdsfgdf.wma
[2012-08-06 00:57:41 | 002,424,975 | ---- | M] () -- C:\Users\Ian\Desktop\IMG_0715.JPG
[2012-08-05 20:44:11 | 001,294,112 | ---- | M] () -- C:\Users\Ian\Desktop\Sequence 0.mp3
[2012-08-05 01:24:45 | 000,063,603 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.338299320.jpg
[2012-08-05 01:24:36 | 000,071,685 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.331527045.jpg
[2012-08-05 01:24:25 | 000,044,159 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.331489489.jpg
[2012-08-05 01:24:08 | 000,059,008 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.362726639_934s.jpg
[2012-08-05 01:23:59 | 000,100,743 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.362724681_2231.jpg
[2012-08-04 03:37:21 | 000,221,732 | ---- | M] () -- C:\Users\Ian\Desktop\Ray_Lederer-TESV-Spriggan.jpg
[2012-08-03 02:41:32 | 001,484,596 | ---- | M] () -- C:\Users\Ian\Desktop\gggbbbbb.wav
[2012-08-03 02:34:24 | 005,497,004 | ---- | M] () -- C:\Users\Ian\Desktop\gggg.wav
[2012-08-03 02:07:11 | 000,009,899 | ---- | M] () -- C:\Users\Ian\Desktop\credits.png
[2012-08-02 03:23:12 | 000,001,093 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,077 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012-08-02 03:23:12 | 000,001,075 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012-08-02 03:23:12 | 000,001,069 | ---- | M] () -- C:\Users\Ian\Desktop\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,051 | ---- | M] () -- C:\Users\Ian\Desktop\Free Mp3 Wma Converter.lnk
[2012-07-30 12:02:38 | 000,000,472 | ---- | M] () -- C:\Users\Ian\Desktop\Ant Videos.lnk
[2012-07-30 02:58:43 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\AoA Audio Extractor Platinum.lnk
[2012-07-29 12:05:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012-07-16 03:17:37 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-07-16 03:12:26 | 001,619,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-11 11:46:26 | 103,576,853 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-08-10 18:30:26 | 001,697,858 | ---- | C] () -- C:\Users\Ian\Desktop\ID Check_Fafard.zip
[2012-08-09 00:10:56 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012-08-08 17:26:57 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-08-08 17:26:57 | 000,001,917 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-08-08 17:23:27 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-08-08 10:29:09 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-06 15:38:30 | 000,108,299 | ---- | C] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o2_1280.png
[2012-08-06 15:38:20 | 000,110,325 | ---- | C] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o1_1280.png
[2012-08-06 15:28:03 | 000,539,289 | ---- | C] () -- C:\Users\Ian\Desktop\Katenborough.wma
[2012-08-06 15:24:48 | 000,054,369 | ---- | C] () -- C:\Users\Ian\Desktop\gdsfgdf.wma
[2012-08-06 00:57:40 | 002,424,975 | ---- | C] () -- C:\Users\Ian\Desktop\IMG_0715.JPG
[2012-08-05 20:44:05 | 001,294,112 | ---- | C] () -- C:\Users\Ian\Desktop\Sequence 0.mp3
[2012-08-05 01:24:44 | 000,063,603 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.338299320.jpg
[2012-08-05 01:24:35 | 000,071,685 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.331527045.jpg
[2012-08-05 01:24:24 | 000,044,159 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.331489489.jpg
[2012-08-05 01:24:07 | 000,059,008 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.362726639_934s.jpg
[2012-08-05 01:23:57 | 000,100,743 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.362724681_2231.jpg
[2012-08-04 03:37:19 | 000,221,732 | ---- | C] () -- C:\Users\Ian\Desktop\Ray_Lederer-TESV-Spriggan.jpg
[2012-08-03 02:41:32 | 001,484,596 | ---- | C] () -- C:\Users\Ian\Desktop\gggbbbbb.wav
[2012-08-03 02:34:24 | 005,497,004 | ---- | C] () -- C:\Users\Ian\Desktop\gggg.wav
[2012-08-03 02:07:11 | 000,009,899 | ---- | C] () -- C:\Users\Ian\Desktop\credits.png
[2012-08-02 03:23:12 | 000,001,093 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,077 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012-08-02 03:23:12 | 000,001,075 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012-08-02 03:23:12 | 000,001,069 | ---- | C] () -- C:\Users\Ian\Desktop\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,051 | ---- | C] () -- C:\Users\Ian\Desktop\Free Mp3 Wma Converter.lnk
[2012-08-02 03:23:06 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012-08-02 03:23:04 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012-07-30 12:02:38 | 000,000,472 | ---- | C] () -- C:\Users\Ian\Desktop\Ant Videos.lnk
[2012-07-30 02:58:43 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\AoA Audio Extractor Platinum.lnk
[2012-06-11 10:12:10 | 000,000,223 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-03-05 14:45:56 | 000,000,148 | -H-- | C] () -- C:\Windows\System32\WN125047.bin
[2012-03-05 14:45:56 | 000,000,148 | -H-- | C] () -- C:\Windows\AC841540.bin
[2010-12-02 22:57:47 | 000,172,471 | ---- | C] () -- C:\Users\Ian\Picture 6.png
[2010-12-02 22:57:37 | 000,166,133 | ---- | C] () -- C:\Users\Ian\Picture 19.png
[2010-11-04 16:51:51 | 000,000,097 | ---- | C] () -- C:\Windows\Antidote7.ini
[2010-10-17 00:22:55 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010-09-28 22:27:14 | 000,000,000 | ---- | C] () -- C:\Users\Ian\shaved head
[2010-09-12 12:06:46 | 000,031,369 | ---- | C] () -- C:\Windows\System32\xvid-uninstall.exe
[2010-08-06 17:52:09 | 000,000,712 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\isomaster.ini
[2010-08-01 13:55:24 | 000,007,676 | ---- | C] () -- C:\Users\Ian\.recently-used.xbel
[2010-02-23 15:21:14 | 000,000,091 | ---- | C] () -- C:\Users\Ian\AppData\Local\fusioncache.dat
[2009-10-19 22:42:36 | 000,000,235 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\devices.xml
[2009-10-19 22:42:36 | 000,000,012 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\settings.xml
[2009-06-30 01:25:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-05-06 13:59:11 | 000,006,836 | ---- | C] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat
[2009-05-03 00:49:42 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-05-01 04:19:11 | 000,222,720 | ---- | C] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010-04-03 22:27:05 | 000,000,000 | -HSD | M] -- C:\Users\Ian\AppData\Roaming\.#
[2012-06-25 00:09:10 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\.minecraft
[2010-08-02 02:21:25 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\ACAMPREF
[2009-05-06 23:38:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\acccore
[2012-07-30 03:04:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Audacity
[2012-08-09 00:12:00 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\AVG2012
[2010-11-24 12:14:31 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\avidemux
[2011-07-23 00:35:17 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Beat Hazard
[2011-01-13 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Bioshock
[2012-06-10 13:42:59 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\BitTorrent
[2012-08-08 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\DAEMON Tools Lite
[2012-08-08 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\DAEMON Tools Pro
[2009-06-08 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de telechargement Share-to-Web
[2009-06-08 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de telechargement Share-to-Web
[2009-05-06 00:14:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de téléchargement Share-to-Web
[2009-05-06 00:14:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de téléchargement Share-to-Web
[2010-11-04 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Druide
[2012-08-02 03:23:21 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\FreeAudioPack
[2012-06-25 04:56:14 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\FreeFLVConverter
[2010-08-01 13:51:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\gtk-2.0
[2011-07-10 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\HandBrake
[2009-06-20 04:11:49 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\LimeWire
[2010-03-02 04:15:02 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Locktime
[2011-07-16 23:46:23 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\LolClient
[2012-05-26 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\LolClient2
[2010-08-02 02:14:42 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\MakeMusic
[2012-08-10 16:42:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\MemoQ
[2011-02-21 19:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mount&Blade
[2011-07-04 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mount&Blade Warband
[2011-07-03 01:43:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mount&Blade With Fire and Sword
[2010-06-09 23:36:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\My Games
[2010-06-01 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\NCH Swift Sound
[2010-12-11 13:57:05 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\PCDr
[2010-08-05 18:15:12 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Plane9
[2012-07-15 22:08:33 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Rainmeter
[2009-07-13 04:40:41 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Recordpad
[2010-02-12 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Screaming Bee
[2010-08-05 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SoundSpectrum
[2009-11-27 16:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SPORE
[2012-02-20 14:00:02 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SystemRequirementsLab
[2009-12-19 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\thriXXX
[2010-11-13 17:00:32 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Transcend
[2012-08-08 17:28:43 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\TS3Client
[2012-08-08 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\uTorrent
[2010-08-02 03:24:29 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Winsome Technologies
[2010-02-17 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\XnView
[2012-07-29 12:05:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012-08-11 12:39:29 | 000,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012-08-11 12:22:02 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

I hope you can help me restore my machine, and I thank you for your time!

Attached Files

  • Attached File  OTL.Txt   114.01KB   134 downloads

Edited by IanF, 11 August 2012 - 11:32 AM.

  • 0

Advertisements

#2
Essexboy
Posted 11 August 2012 - 11:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you will need to uninstal two of the three antiviruses on your system as they will conflict

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present


    :Files
    ipconfig /flushdns /c
    netsh int ip reset c:\resetlog.txt /c
    ipconfig /release /c
    ipconfig /renew /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#3
IanF
Posted 11 August 2012 - 01:04 PM

IanF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL log:

OTL logfile created on: 2012-08-11 14:22:34 - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ian\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,24% Memory free
6,19 Gb Paging File | 5,89 Gb Available in Paging File | 95,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,36 Gb Total Space | 30,29 Gb Free Space | 22,55% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,41 Gb Free Space | 43,77% Space Free | Partition Type: NTFS
Drive F: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-DE-IAN | User Name: Ian | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-09 17:17:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Downloads\OTL.exe
PRC - [2009-04-11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2002-04-17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Modules (No Company Name) ==========

MOD - [2008-09-16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002-04-17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002-04-17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV - [2012-07-17 17:00:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-07-03 02:13:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-06-25 14:27:54 | 000,696,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kilgray\memoQ60\AUClient.exe -- (Kilgray: memoQ update permissions manager. 9841208.)
SRV - [2012-06-05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-11-02 14:50:06 | 000,696,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kilgray\memoQ40\AUClient.exe -- (Kilgray: memoQ update permissions manager. 979430.)
SRV - [2011-06-05 16:44:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-09-30 11:31:14 | 004,195,960 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008-12-18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008-12-15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008-12-15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008-05-07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008-01-20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-01-04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ian\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012-07-03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-07-03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-07-03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-07-03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-07-03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-07-03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-05-14 22:35:52 | 000,079,104 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rzudd.sys -- (rzudd)
DRV - [2012-04-10 14:51:16 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010-06-17 18:18:24 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-04-12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010-01-16 19:01:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009-12-01 16:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009-05-08 21:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009-04-11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-01-21 02:57:22 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009-01-21 02:57:22 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-12-22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008-12-15 00:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008-09-04 01:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008-01-20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007-05-30 21:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0420Vid.sys -- (V0420VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}
IE - HKLM\..\SearchScopes\{4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}
IE - HKCU\..\SearchScopes\{4ABC00A3-EB23-4605-87D1-4B6DD72C06F1}: "URL" = http://search.live.c...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.radio-can...grands-titres/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.11
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected] [2010-08-02 14:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-08-08 10:41:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-17 17:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-08 21:14:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-17 17:00:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-08 21:14:12 | 000,000,000 | ---D | M]

[2009-06-20 03:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\mozilla\Extensions
[2009-06-20 03:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\mozilla\Extensions\[email protected]
[2012-08-04 03:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions
[2012-06-10 14:34:37 | 000,000,000 | ---D | M] (Module d'Antidote) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2012-07-18 02:48:45 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2011-10-09 17:22:39 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2012-03-25 17:23:59 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected]
[2012-07-15 13:00:48 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Ian\AppData\Roaming\mozilla\Firefox\Profiles\mvz0ttcf.default\extensions\[email protected](113).com
[2012-08-07 10:32:48 | 000,001,088 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\mvz0ttcf.default\searchplugins\dictionarycom.xml
[2010-08-05 18:08:43 | 000,001,196 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\mvz0ttcf.default\searchplugins\winamp-search.xml
[2012-05-06 23:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-07 21:22:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-08-08 10:41:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012-07-29 21:12:34 | 000,197,500 | ---- | M] () (No name found) -- C:\USERS\IAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVZ0TTCF.DEFAULT\EXTENSIONS\[email protected]
[2008-01-20 22:33:22 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\IAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVZ0TTCF.DEFAULT\EXTENSIONS\[email protected]
[2011-10-21 20:56:54 | 000,143,480 | ---- | M] () (No name found) -- C:\USERS\IAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVZ0TTCF.DEFAULT\EXTENSIONS\[email protected]
[2009-09-02 03:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012-07-17 17:00:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-13 19:06:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007-04-16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010-07-12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-06-19 12:47:16 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012-06-19 12:47:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-19 12:47:16 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012-06-19 12:47:16 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012-06-19 12:47:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012-06-19 12:47:16 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CodecC = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjfcdinekpfcedakhpngcnaamhiihn\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: AVG Safe Search = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012-08-11 14:08:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN File not found
O4 - HKLM..\Run: [C:\Windows\system32\V0420Ext.ax] C:\Windows\System32\V0420Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27CE149E-9C35-4DA0-9A42-B1BF15695566}: DhcpNameServer = 132.210.13.2 132.210.10.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64165795-5090-40BB-B377-B60A44F01738}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ian\Dossiers divers\Images\Lulz\Wallpapers\tumblr_lxz8bhC8wU1r5x74wo1_1280.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ian\Dossiers divers\Images\Lulz\Wallpapers\tumblr_lxz8bhC8wU1r5x74wo1_1280.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7e1baacd-23bf-11df-9c8b-0023ae24a631}\Shell - "" = AutoRun
O33 - MountPoints2\{7e1baacd-23bf-11df-9c8b-0023ae24a631}\Shell\AutoRun\command - "" = D:\Startup.exe
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\AutoRun\command - "" = D:\rcaeasyrip_setup.exe
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\install\command - "" = D:\rcaeasyrip_setup.exe
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\usermanualEnglish\command - "" = D:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\usermanualFrench\command - "" = D:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{d81be46f-6590-11de-96c9-0023ae24a631}\Shell\usermanualSpanish\command - "" = D:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-11 14:08:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-08-11 13:57:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-08-11 11:44:14 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{39311C15-F9E0-48D9-A551-64791F50C40A}
[2012-08-11 11:44:00 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8FABB927-C644-41ED-8866-CABCF0E1AB34}
[2012-08-10 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A93C7367-5392-4014-82C2-2400EC33808A}
[2012-08-10 22:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{281B05F4-8739-46A0-9F03-FAD3AAD4154E}
[2012-08-10 18:23:18 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\Proof of ID
[2012-08-10 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C109840B-A912-40C4-9715-7A7D63CCA7C1}
[2012-08-10 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{25B0B5A2-5E07-421C-8C05-D224413936FC}
[2012-08-09 19:56:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-08-09 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2005 Power Packs
[2012-08-09 17:22:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Microsoft Help
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Microsoft Visual Basic 2005 Power Packs
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Basic 2005 Power Packs
[2012-08-09 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012-08-09 17:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012-08-09 11:03:56 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{969014D8-835E-460F-B80A-F18E3A74B9A1}
[2012-08-09 11:03:01 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C6561128-8339-4786-85A8-3034F82F7614}
[2012-08-09 00:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012-08-09 00:01:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012-08-09 00:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-08-08 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{310CF479-4B79-478E-8018-C2C6A295A2CA}
[2012-08-08 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{3EC1A408-91C7-45B9-9E6A-6FD272A92E35}
[2012-08-08 17:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012-08-08 10:39:31 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{4DAFA293-D81A-43D2-BE5D-CE33C4CE4D79}
[2012-08-08 10:38:39 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{67EBB44F-4180-4717-B76B-1632D9108DB4}
[2012-08-08 10:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8910C032-FEB7-4559-92A7-3EB37D20297E}
[2012-08-08 03:33:01 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{15079CA2-1E74-4489-B5D9-804417B63FF2}
[2012-08-07 15:21:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{6B783FC2-6C22-4D05-ADD4-D8953E49E323}
[2012-08-07 15:21:17 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{B138D50D-B9ED-4595-8D92-C7E62E909F1D}
[2012-08-07 03:21:19 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{DDCA2ED2-9B99-473F-94C2-6E09470FE7AE}
[2012-08-06 10:08:19 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{9CED1E3F-2676-49BC-8821-E7DDD9218C82}
[2012-08-06 10:07:43 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{91A199B3-FC75-41A1-B74B-989BEC5F4FE5}
[2012-08-04 00:29:35 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\asssssssssjhlkl
[2012-08-03 10:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{6AB6915C-EE63-44A3-82E1-188661116BDF}
[2012-08-03 10:08:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{124F82F2-E291-43CE-BCC7-A1B6120CE7D6}
[2012-08-02 10:27:26 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\Stormblade
[2012-08-02 10:07:18 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C004858D-903D-4F32-B973-F99297134552}
[2012-08-02 10:06:18 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{3BCD5921-A9FA-4DC0-8C44-5361AC78315D}
[2012-08-02 03:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012-08-02 03:23:06 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012-08-02 03:23:06 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012-08-02 03:23:06 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012-08-02 03:23:06 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012-08-02 03:23:05 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012-08-02 03:23:05 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012-08-02 03:23:05 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012-08-02 03:23:05 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012-08-02 03:23:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\FreeAudioPack
[2012-08-02 03:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012-08-01 23:26:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{7A0644A3-BB6F-4518-839A-F5CC61BAAA53}
[2012-08-01 10:10:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8D1F5F3E-2238-41E7-A52C-3A8F6BB71A37}
[2012-08-01 10:09:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{13A6CEA9-83C0-41E2-8710-2BC077340741}
[2012-07-31 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{B6298023-C2F4-43CD-BCC8-313CAEA296FC}
[2012-07-31 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{88A4A29B-77E4-4D26-9AA6-633958CF6601}
[2012-07-31 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{17DDD854-01E5-4726-ADEB-8AADFC83C53B}
[2012-07-31 10:05:58 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{CD9B98D5-5823-470B-A8EF-8D08621E6690}
[2012-07-30 10:09:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{125BE422-3352-498A-B44B-D2FD6AFED8CC}
[2012-07-30 10:08:16 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A6DFAC41-05B9-4687-A51E-270FAA34C45A}
[2012-07-30 02:58:43 | 000,086,683 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2012-07-30 02:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Audio Extractor Platinum
[2012-07-30 02:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\AoA Audio Extractor Platinum
[2012-07-29 12:07:40 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{346276E0-F986-49E0-94F6-952E0C6FB476}
[2012-07-27 22:10:31 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{DD7A3C1F-B979-4F42-9C66-754A0D441152}
[2012-07-27 22:09:03 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{AD9938F1-4CCD-4AF0-9907-C3FFA6109942}
[2012-07-27 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{13671CA5-00BC-4F74-AD60-71D27BC904B7}
[2012-07-27 10:06:05 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{EFEEF196-F553-408E-8353-DA81CC146AF2}
[2012-07-26 10:08:29 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{1D4F0F82-A6B5-4FCF-B788-433D1ED34450}
[2012-07-26 10:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{69DF9E69-B8F1-47EA-97D2-7A37FB406080}
[2012-07-25 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\FMC
[2012-07-25 10:09:58 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{D85A8D60-2E60-4525-A5F8-F547BC470800}
[2012-07-25 10:09:24 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{E7991644-9EE0-4A15-9DFB-FEA211C69E6F}
[2012-07-24 22:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C8B23C1B-9B7D-4F91-90A3-E6CE0850FBE6}
[2012-07-24 22:08:09 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{8ED8823F-E521-4BD6-913B-1FFB59E9190F}
[2012-07-24 10:07:34 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{084B0E04-8C94-47F9-869E-C0E4C7872F82}
[2012-07-24 10:06:25 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A14DBB6D-3266-497D-B46C-A6B0284C7D47}
[2012-07-23 10:07:06 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{374ACB4B-6AAF-40F1-A07E-4B5BBA2B9FCB}
[2012-07-23 10:05:54 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{D41E6B7D-2E62-4848-9090-30E37CEA334D}
[2012-07-20 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{41CB8D95-1612-4212-BB41-30B7F6068EA3}
[2012-07-20 10:45:35 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{D4E9D350-BFEB-424C-BA2B-AA4659B771D8}
[2012-07-19 22:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A91FDD68-C331-4267-95F3-09BE9C099E92}
[2012-07-19 22:43:38 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{681643AD-1472-46F7-8CBB-B7F1F75976CF}
[2012-07-19 10:07:15 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{FCF73A82-8E35-45C6-AEC4-83F3EBC79014}
[2012-07-19 10:06:28 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{A3615BA3-5ACC-4752-B4DB-8D52D225C436}
[2012-07-18 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\LogMeIn Hamachi
[2012-07-18 21:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012-07-18 21:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012-07-18 10:06:27 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{CDAD3843-C55D-405D-BD5B-F47152CD2BD7}
[2012-07-18 10:05:52 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{BEB4B3AD-2A6E-4EE5-95F1-43EE0139ECE4}
[2012-07-17 10:06:49 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{80E43C60-2493-483D-B6BE-2379F7C3307E}
[2012-07-17 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{485A5D72-CA5E-40D5-8953-967A349725CF}
[2012-07-16 13:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\QC FR vs FR FR
[2012-07-16 10:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{0064500B-0976-4755-A087-809C28CBDD5F}
[2012-07-16 10:11:47 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{35D5335E-90D7-4556-A69C-59BA89D44F9A}
[2012-07-13 10:25:26 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{C9FB85DB-A5F1-49E3-8C99-293BEC165762}
[2012-07-13 10:24:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\{01DD1A9E-2181-4062-8F6F-600BF2C5EE53}
[2006-06-26 01:33:46 | 000,163,840 | ---- | C] (アリスソフト) -- C:\Users\Ian\AppData\Local\Tempals_inst.exe

========== Files - Modified Within 30 Days ==========

[2012-08-11 14:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-08-11 14:08:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012-08-11 14:01:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-11 14:01:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-11 13:53:01 | 000,343,040 | ---- | M] () -- C:\Users\Ian\Desktop\Copie de secours de HOW TO FIX.wbk
[2012-08-11 13:31:10 | 000,729,886 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012-08-11 13:31:10 | 000,641,070 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-08-11 13:31:10 | 000,149,692 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012-08-11 13:31:10 | 000,122,954 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-08-11 13:22:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-11 12:57:26 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-11 12:57:14 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012-08-11 12:46:56 | 000,007,512 | ---- | M] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat
[2012-08-11 03:22:12 | 000,222,720 | ---- | M] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-10 18:30:26 | 001,697,858 | ---- | M] () -- C:\Users\Ian\Desktop\ID Check_Fafard.zip
[2012-08-08 17:26:57 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-08-08 17:26:57 | 000,001,917 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-08-08 10:42:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012-08-06 15:38:30 | 000,108,299 | ---- | M] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o2_1280.png
[2012-08-06 15:38:22 | 000,110,325 | ---- | M] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o1_1280.png
[2012-08-06 15:28:03 | 000,539,289 | ---- | M] () -- C:\Users\Ian\Desktop\Katenborough.wma
[2012-08-06 15:24:49 | 000,054,369 | ---- | M] () -- C:\Users\Ian\Desktop\gdsfgdf.wma
[2012-08-06 00:57:41 | 002,424,975 | ---- | M] () -- C:\Users\Ian\Desktop\IMG_0715.JPG
[2012-08-05 20:44:11 | 001,294,112 | ---- | M] () -- C:\Users\Ian\Desktop\Sequence 0.mp3
[2012-08-05 01:24:45 | 000,063,603 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.338299320.jpg
[2012-08-05 01:24:36 | 000,071,685 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.331527045.jpg
[2012-08-05 01:24:25 | 000,044,159 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.331489489.jpg
[2012-08-05 01:24:08 | 000,059,008 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.362726639_934s.jpg
[2012-08-05 01:23:59 | 000,100,743 | ---- | M] () -- C:\Users\Ian\Desktop\il_570xN.362724681_2231.jpg
[2012-08-04 03:37:21 | 000,221,732 | ---- | M] () -- C:\Users\Ian\Desktop\Ray_Lederer-TESV-Spriggan.jpg
[2012-08-03 02:41:32 | 001,484,596 | ---- | M] () -- C:\Users\Ian\Desktop\gggbbbbb.wav
[2012-08-03 02:34:24 | 005,497,004 | ---- | M] () -- C:\Users\Ian\Desktop\gggg.wav
[2012-08-03 02:07:11 | 000,009,899 | ---- | M] () -- C:\Users\Ian\Desktop\credits.png
[2012-08-02 03:23:12 | 000,001,093 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,077 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012-08-02 03:23:12 | 000,001,075 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012-08-02 03:23:12 | 000,001,069 | ---- | M] () -- C:\Users\Ian\Desktop\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,051 | ---- | M] () -- C:\Users\Ian\Desktop\Free Mp3 Wma Converter.lnk
[2012-07-30 12:02:38 | 000,000,472 | ---- | M] () -- C:\Users\Ian\Desktop\Ant Videos.lnk
[2012-07-30 02:58:43 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\AoA Audio Extractor Platinum.lnk
[2012-07-29 12:05:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012-07-16 03:17:37 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-07-16 03:12:26 | 001,619,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012-08-11 13:53:00 | 000,343,040 | ---- | C] () -- C:\Users\Ian\Desktop\Copie de secours de HOW TO FIX.wbk
[2012-08-10 18:30:26 | 001,697,858 | ---- | C] () -- C:\Users\Ian\Desktop\ID Check_Fafard.zip
[2012-08-08 17:26:57 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-08-08 17:26:57 | 000,001,917 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-08-06 15:38:30 | 000,108,299 | ---- | C] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o2_1280.png
[2012-08-06 15:38:20 | 000,110,325 | ---- | C] () -- C:\Users\Ian\Desktop\tumblr_m8c8cgqaOU1qg7mi3o1_1280.png
[2012-08-06 15:28:03 | 000,539,289 | ---- | C] () -- C:\Users\Ian\Desktop\Katenborough.wma
[2012-08-06 15:24:48 | 000,054,369 | ---- | C] () -- C:\Users\Ian\Desktop\gdsfgdf.wma
[2012-08-06 00:57:40 | 002,424,975 | ---- | C] () -- C:\Users\Ian\Desktop\IMG_0715.JPG
[2012-08-05 20:44:05 | 001,294,112 | ---- | C] () -- C:\Users\Ian\Desktop\Sequence 0.mp3
[2012-08-05 01:24:44 | 000,063,603 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.338299320.jpg
[2012-08-05 01:24:35 | 000,071,685 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.331527045.jpg
[2012-08-05 01:24:24 | 000,044,159 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.331489489.jpg
[2012-08-05 01:24:07 | 000,059,008 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.362726639_934s.jpg
[2012-08-05 01:23:57 | 000,100,743 | ---- | C] () -- C:\Users\Ian\Desktop\il_570xN.362724681_2231.jpg
[2012-08-04 03:37:19 | 000,221,732 | ---- | C] () -- C:\Users\Ian\Desktop\Ray_Lederer-TESV-Spriggan.jpg
[2012-08-03 02:41:32 | 001,484,596 | ---- | C] () -- C:\Users\Ian\Desktop\gggbbbbb.wav
[2012-08-03 02:34:24 | 005,497,004 | ---- | C] () -- C:\Users\Ian\Desktop\gggg.wav
[2012-08-03 02:07:11 | 000,009,899 | ---- | C] () -- C:\Users\Ian\Desktop\credits.png
[2012-08-02 03:23:12 | 000,001,093 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,077 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012-08-02 03:23:12 | 000,001,075 | ---- | C] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012-08-02 03:23:12 | 000,001,069 | ---- | C] () -- C:\Users\Ian\Desktop\Easy Audio Cutter.lnk
[2012-08-02 03:23:12 | 000,001,051 | ---- | C] () -- C:\Users\Ian\Desktop\Free Mp3 Wma Converter.lnk
[2012-08-02 03:23:06 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012-08-02 03:23:04 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012-07-30 12:02:38 | 000,000,472 | ---- | C] () -- C:\Users\Ian\Desktop\Ant Videos.lnk
[2012-07-30 02:58:43 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\AoA Audio Extractor Platinum.lnk
[2012-06-11 10:12:10 | 000,000,223 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-03-05 14:45:56 | 000,000,148 | -H-- | C] () -- C:\Windows\System32\WN125047.bin
[2012-03-05 14:45:56 | 000,000,148 | -H-- | C] () -- C:\Windows\AC841540.bin
[2010-12-02 22:57:47 | 000,172,471 | ---- | C] () -- C:\Users\Ian\Picture 6.png
[2010-12-02 22:57:37 | 000,166,133 | ---- | C] () -- C:\Users\Ian\Picture 19.png
[2010-11-04 16:51:51 | 000,000,097 | ---- | C] () -- C:\Windows\Antidote7.ini
[2010-10-17 00:22:55 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010-09-28 22:27:14 | 000,000,000 | ---- | C] () -- C:\Users\Ian\shaved head
[2010-09-12 12:06:46 | 000,031,369 | ---- | C] () -- C:\Windows\System32\xvid-uninstall.exe
[2010-08-06 17:52:09 | 000,000,712 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\isomaster.ini
[2010-08-01 13:55:24 | 000,007,676 | ---- | C] () -- C:\Users\Ian\.recently-used.xbel
[2010-02-23 15:21:14 | 000,000,091 | ---- | C] () -- C:\Users\Ian\AppData\Local\fusioncache.dat
[2009-10-19 22:42:36 | 000,000,235 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\devices.xml
[2009-10-19 22:42:36 | 000,000,012 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\settings.xml
[2009-06-30 01:25:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-05-06 13:59:11 | 000,007,512 | ---- | C] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat
[2009-05-03 00:49:42 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-05-01 04:19:11 | 000,222,720 | ---- | C] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010-04-03 22:27:05 | 000,000,000 | -HSD | M] -- C:\Users\Ian\AppData\Roaming\.#
[2012-06-25 00:09:10 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\.minecraft
[2010-08-02 02:21:25 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\ACAMPREF
[2009-05-06 23:38:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\acccore
[2012-07-30 03:04:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Audacity
[2010-11-24 12:14:31 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\avidemux
[2011-07-23 00:35:17 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Beat Hazard
[2011-01-13 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Bioshock
[2012-06-10 13:42:59 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\BitTorrent
[2012-08-08 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\DAEMON Tools Lite
[2012-08-08 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\DAEMON Tools Pro
[2009-06-08 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de telechargement Share-to-Web
[2009-06-08 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de telechargement Share-to-Web
[2009-05-06 00:14:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de téléchargement Share-to-Web
[2009-05-06 00:14:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dossier de téléchargement Share-to-Web
[2010-11-04 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Druide
[2012-08-02 03:23:21 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\FreeAudioPack
[2012-06-25 04:56:14 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\FreeFLVConverter
[2010-08-01 13:51:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\gtk-2.0
[2011-07-10 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\HandBrake
[2009-06-20 04:11:49 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\LimeWire
[2010-03-02 04:15:02 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Locktime
[2011-07-16 23:46:23 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\LolClient
[2012-05-26 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\LolClient2
[2010-08-02 02:14:42 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\MakeMusic
[2012-08-10 16:42:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\MemoQ
[2011-02-21 19:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mount&Blade
[2011-07-04 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mount&Blade Warband
[2011-07-03 01:43:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mount&Blade With Fire and Sword
[2010-06-09 23:36:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\My Games
[2010-06-01 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\NCH Swift Sound
[2010-12-11 13:57:05 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\PCDr
[2010-08-05 18:15:12 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Plane9
[2012-07-15 22:08:33 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Rainmeter
[2009-07-13 04:40:41 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Recordpad
[2010-02-12 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Screaming Bee
[2010-08-05 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SoundSpectrum
[2009-11-27 16:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SPORE
[2012-02-20 14:00:02 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SystemRequirementsLab
[2009-12-19 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\thriXXX
[2010-11-13 17:00:32 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Transcend
[2012-08-08 17:28:43 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\TS3Client
[2012-08-08 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\uTorrent
[2010-08-02 03:24:29 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Winsome Technologies
[2010-02-17 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\XnView
[2012-07-29 12:05:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012-08-11 14:01:25 | 000,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012-08-11 12:57:14 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >


TDSS Report:

14:54:43.0060 3200 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:54:43.0622 3200 ============================================================
14:54:43.0622 3200 Current date / time: 2012/08/11 14:54:43.0622
14:54:43.0622 3200 SystemInfo:
14:54:43.0622 3200
14:54:43.0622 3200 OS Version: 6.0.6002 ServicePack: 2.0
14:54:43.0622 3200 Product type: Workstation
14:54:43.0622 3200 ComputerName: PC-DE-IAN
14:54:43.0622 3200 UserName: Ian
14:54:43.0622 3200 Windows directory: C:\Windows
14:54:43.0622 3200 System windows directory: C:\Windows
14:54:43.0622 3200 Processor architecture: Intel x86
14:54:43.0622 3200 Number of processors: 2
14:54:43.0622 3200 Page size: 0x1000
14:54:43.0622 3200 Boot type: Normal boot
14:54:43.0622 3200 ============================================================
14:54:44.0184 3200 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:54:44.0184 3200 ============================================================
14:54:44.0184 3200 \Device\Harddisk0\DR0:
14:54:44.0184 3200 MBR partitions:
14:54:44.0184 3200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
14:54:44.0184 3200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0
14:54:44.0184 3200 ============================================================
14:54:44.0215 3200 C: <-> \Device\Harddisk0\DR0\Partition1
14:54:44.0262 3200 E: <-> \Device\Harddisk0\DR0\Partition0
14:54:44.0262 3200 ============================================================
14:54:44.0262 3200 Initialize success
14:54:44.0262 3200 ============================================================
14:56:02.0823 6120 ============================================================
14:56:02.0823 6120 Scan started
14:56:02.0823 6120 Mode: Manual;
14:56:02.0823 6120 ============================================================
14:56:03.0229 6120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:56:03.0229 6120 ACPI - ok
14:56:03.0354 6120 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:56:03.0354 6120 adp94xx - ok
14:56:03.0416 6120 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:56:03.0416 6120 adpahci - ok
14:56:03.0447 6120 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:56:03.0447 6120 adpu160m - ok
14:56:03.0494 6120 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:56:03.0494 6120 adpu320 - ok
14:56:03.0541 6120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:56:03.0541 6120 AeLookupSvc - ok
14:56:03.0650 6120 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
14:56:03.0650 6120 AESTFilters - ok
14:56:03.0712 6120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:56:03.0712 6120 AFD - ok
14:56:03.0759 6120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:56:03.0759 6120 agp440 - ok
14:56:03.0790 6120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:56:03.0790 6120 aic78xx - ok
14:56:03.0822 6120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:56:03.0822 6120 ALG - ok
14:56:03.0853 6120 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:56:03.0853 6120 aliide - ok
14:56:03.0868 6120 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:56:03.0868 6120 amdagp - ok
14:56:03.0900 6120 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:56:03.0900 6120 amdide - ok
14:56:03.0931 6120 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:56:03.0931 6120 AmdK7 - ok
14:56:03.0946 6120 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:56:03.0946 6120 AmdK8 - ok
14:56:03.0993 6120 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:56:03.0993 6120 ApfiltrService - ok
14:56:04.0056 6120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:56:04.0056 6120 Appinfo - ok
14:56:04.0071 6120 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:56:04.0071 6120 arc - ok
14:56:04.0118 6120 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:56:04.0118 6120 arcsas - ok
14:56:04.0321 6120 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:56:04.0321 6120 aspnet_state - ok
14:56:04.0352 6120 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
14:56:04.0352 6120 aswFsBlk - ok
14:56:04.0399 6120 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
14:56:04.0399 6120 aswMonFlt - ok
14:56:04.0399 6120 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\aswRdr.sys
14:56:04.0414 6120 aswRdr - ok
14:56:04.0539 6120 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
14:56:04.0539 6120 aswSnx - ok
14:56:04.0602 6120 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
14:56:04.0602 6120 aswSP - ok
14:56:04.0648 6120 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
14:56:04.0648 6120 aswTdi - ok
14:56:04.0695 6120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:56:04.0695 6120 AsyncMac - ok
14:56:04.0726 6120 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
14:56:04.0726 6120 atapi - ok
14:56:04.0820 6120 Ati External Event Utility (740b9b4140caccd0513d999eab488e48) C:\Windows\system32\Ati2evxx.exe
14:56:04.0820 6120 Ati External Event Utility - ok
14:56:05.0226 6120 atikmdag (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
14:56:05.0272 6120 atikmdag - ok
14:56:05.0444 6120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:56:05.0444 6120 AudioEndpointBuilder - ok
14:56:05.0444 6120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:56:05.0444 6120 Audiosrv - ok
14:56:05.0569 6120 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:56:05.0569 6120 avast! Antivirus - ok
14:56:05.0662 6120 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
14:56:05.0662 6120 BCM42RLY - ok
14:56:05.0787 6120 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:56:05.0787 6120 BCM43XX - ok
14:56:05.0865 6120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:56:05.0865 6120 Beep - ok
14:56:05.0912 6120 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:56:05.0912 6120 BFE - ok
14:56:06.0037 6120 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:56:06.0052 6120 BITS - ok
14:56:06.0084 6120 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:56:06.0084 6120 blbdrive - ok
14:56:06.0193 6120 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
14:56:06.0193 6120 Bonjour Service - ok
14:56:06.0255 6120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:56:06.0255 6120 bowser - ok
14:56:06.0286 6120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:56:06.0286 6120 BrFiltLo - ok
14:56:06.0302 6120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:56:06.0302 6120 BrFiltUp - ok
14:56:06.0333 6120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:56:06.0349 6120 Browser - ok
14:56:06.0380 6120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:56:06.0380 6120 Brserid - ok
14:56:06.0411 6120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:56:06.0411 6120 BrSerWdm - ok
14:56:06.0442 6120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:56:06.0442 6120 BrUsbMdm - ok
14:56:06.0458 6120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:56:06.0458 6120 BrUsbSer - ok
14:56:06.0489 6120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:56:06.0489 6120 BTHMODEM - ok
14:56:06.0505 6120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:56:06.0505 6120 cdfs - ok
14:56:06.0552 6120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:56:06.0552 6120 cdrom - ok
14:56:06.0614 6120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:56:06.0614 6120 CertPropSvc - ok
14:56:06.0630 6120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:56:06.0630 6120 circlass - ok
14:56:06.0692 6120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:56:06.0692 6120 CLFS - ok
14:56:06.0770 6120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:56:06.0770 6120 clr_optimization_v2.0.50727_32 - ok
14:56:06.0848 6120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:56:06.0864 6120 clr_optimization_v4.0.30319_32 - ok
14:56:06.0895 6120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:56:06.0895 6120 CmBatt - ok
14:56:06.0926 6120 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:56:06.0926 6120 cmdide - ok
14:56:06.0957 6120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:56:06.0957 6120 Compbatt - ok
14:56:06.0957 6120 COMSysApp - ok
14:56:07.0098 6120 cpuz132 - ok
14:56:07.0098 6120 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:56:07.0098 6120 crcdisk - ok
14:56:07.0144 6120 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:56:07.0160 6120 Crusoe - ok
14:56:07.0207 6120 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:56:07.0207 6120 CryptSvc - ok
14:56:07.0300 6120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:56:07.0300 6120 DcomLaunch - ok
14:56:07.0347 6120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:56:07.0363 6120 DfsC - ok
14:56:07.0519 6120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:56:07.0534 6120 DFSR - ok
14:56:07.0706 6120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:56:07.0706 6120 Dhcp - ok
14:56:07.0831 6120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:56:07.0831 6120 disk - ok
14:56:07.0893 6120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:56:07.0893 6120 Dnscache - ok
14:56:08.0127 6120 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:56:08.0127 6120 DockLoginService - ok
14:56:08.0221 6120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:56:08.0236 6120 dot3svc - ok
14:56:08.0283 6120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:56:08.0283 6120 DPS - ok
14:56:08.0314 6120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:56:08.0314 6120 drmkaud - ok
14:56:08.0392 6120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:56:08.0408 6120 DXGKrnl - ok
14:56:08.0455 6120 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
14:56:08.0455 6120 e1express - ok
14:56:08.0502 6120 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:56:08.0502 6120 E1G60 - ok
14:56:08.0548 6120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:56:08.0548 6120 EapHost - ok
14:56:08.0595 6120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:56:08.0595 6120 Ecache - ok
14:56:08.0658 6120 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:56:08.0673 6120 elxstor - ok
14:56:08.0736 6120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:56:08.0751 6120 EMDMgmt - ok
14:56:08.0767 6120 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
14:56:08.0767 6120 ErrDev - ok
14:56:08.0814 6120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:56:08.0814 6120 EventSystem - ok
14:56:08.0876 6120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:56:08.0892 6120 exfat - ok
14:56:08.0923 6120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:56:08.0923 6120 fastfat - ok
14:56:08.0954 6120 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:56:08.0954 6120 fdc - ok
14:56:08.0985 6120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:56:08.0985 6120 fdPHost - ok
14:56:08.0985 6120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:56:08.0985 6120 FDResPub - ok
14:56:09.0016 6120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:56:09.0016 6120 FileInfo - ok
14:56:09.0048 6120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:56:09.0048 6120 Filetrace - ok
14:56:09.0172 6120 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:56:09.0188 6120 FLEXnet Licensing Service - ok
14:56:09.0219 6120 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:56:09.0219 6120 flpydisk - ok
14:56:09.0250 6120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:56:09.0250 6120 FltMgr - ok
14:56:09.0344 6120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:56:09.0360 6120 FontCache - ok
14:56:09.0469 6120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:56:09.0469 6120 FontCache3.0.0.0 - ok
14:56:09.0500 6120 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:56:09.0500 6120 Fs_Rec - ok
14:56:09.0547 6120 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:56:09.0547 6120 gagp30kx - ok
14:56:09.0609 6120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:56:09.0625 6120 gpsvc - ok
14:56:09.0734 6120 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:09.0734 6120 gupdate - ok
14:56:09.0750 6120 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:09.0750 6120 gupdatem - ok
14:56:09.0781 6120 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
14:56:09.0796 6120 hamachi - ok
14:56:09.0968 6120 Hamachi2Svc (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
14:56:09.0984 6120 Hamachi2Svc - ok
14:56:10.0171 6120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:56:10.0186 6120 HDAudBus - ok
14:56:10.0249 6120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:56:10.0249 6120 HidBth - ok
14:56:10.0264 6120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:56:10.0264 6120 HidIr - ok
14:56:10.0311 6120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:56:10.0311 6120 hidserv - ok
14:56:10.0342 6120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:56:10.0342 6120 HidUsb - ok
14:56:10.0374 6120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:56:10.0405 6120 hkmsvc - ok
14:56:10.0420 6120 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:56:10.0420 6120 HpCISSs - ok
14:56:10.0483 6120 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
14:56:10.0483 6120 HTTP - ok
14:56:10.0498 6120 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:56:10.0498 6120 i2omp - ok
14:56:10.0545 6120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:56:10.0545 6120 i8042prt - ok
14:56:10.0686 6120 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:56:10.0686 6120 IAANTMON - ok
14:56:10.0732 6120 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
14:56:10.0748 6120 iaStor - ok
14:56:10.0779 6120 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:56:10.0779 6120 iaStorV - ok
14:56:10.0904 6120 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:56:10.0904 6120 IDriverT - ok
14:56:11.0076 6120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:56:11.0091 6120 idsvc - ok
14:56:11.0122 6120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:56:11.0122 6120 iirsp - ok
14:56:11.0185 6120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:56:11.0200 6120 IKEEXT - ok
14:56:11.0247 6120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:56:11.0247 6120 intelide - ok
14:56:11.0294 6120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:56:11.0294 6120 intelppm - ok
14:56:11.0341 6120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:56:11.0341 6120 IPBusEnum - ok
14:56:11.0372 6120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:56:11.0372 6120 IpFilterDriver - ok
14:56:11.0403 6120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:56:11.0419 6120 iphlpsvc - ok
14:56:11.0419 6120 IpInIp - ok
14:56:11.0450 6120 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:56:11.0450 6120 IPMIDRV - ok
14:56:11.0466 6120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:56:11.0466 6120 IPNAT - ok
14:56:11.0481 6120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:56:11.0481 6120 IRENUM - ok
14:56:11.0512 6120 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:56:11.0512 6120 isapnp - ok
14:56:11.0559 6120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:56:11.0559 6120 iScsiPrt - ok
14:56:11.0575 6120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:56:11.0575 6120 iteatapi - ok
14:56:11.0590 6120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:56:11.0590 6120 iteraid - ok
14:56:11.0622 6120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:56:11.0622 6120 kbdclass - ok
14:56:11.0668 6120 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:56:11.0668 6120 kbdhid - ok
14:56:11.0700 6120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:11.0700 6120 KeyIso - ok
14:56:11.0793 6120 Kilgray: memoQ update permissions manager. 979430. - ok
14:56:11.0856 6120 Kilgray: memoQ update permissions manager. 9841208. - ok
14:56:11.0949 6120 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
14:56:11.0965 6120 KSecDD - ok
14:56:12.0043 6120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:56:12.0043 6120 KtmRm - ok
14:56:12.0105 6120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:56:12.0121 6120 LanmanServer - ok
14:56:12.0152 6120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:56:12.0168 6120 LanmanWorkstation - ok
14:56:12.0199 6120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:56:12.0199 6120 lltdio - ok
14:56:12.0246 6120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:56:12.0261 6120 lltdsvc - ok
14:56:12.0292 6120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:56:12.0292 6120 lmhosts - ok
14:56:12.0324 6120 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:56:12.0324 6120 LSI_FC - ok
14:56:12.0339 6120 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:56:12.0339 6120 LSI_SAS - ok
14:56:12.0370 6120 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:56:12.0370 6120 LSI_SCSI - ok
14:56:12.0402 6120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:56:12.0402 6120 luafv - ok
14:56:12.0433 6120 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:56:12.0433 6120 megasas - ok
14:56:12.0495 6120 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:56:12.0495 6120 MegaSR - ok
14:56:12.0526 6120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:56:12.0542 6120 MMCSS - ok
14:56:12.0558 6120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:56:12.0558 6120 Modem - ok
14:56:12.0573 6120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:56:12.0573 6120 monitor - ok
14:56:12.0589 6120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:56:12.0589 6120 mouclass - ok
14:56:12.0604 6120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:56:12.0604 6120 mouhid - ok
14:56:12.0620 6120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:56:12.0620 6120 MountMgr - ok
14:56:12.0714 6120 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:56:12.0714 6120 MozillaMaintenance - ok
14:56:12.0745 6120 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:56:12.0745 6120 mpio - ok
14:56:12.0776 6120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:56:12.0776 6120 mpsdrv - ok
14:56:12.0838 6120 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:56:12.0838 6120 MpsSvc - ok
14:56:12.0901 6120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:56:12.0916 6120 Mraid35x - ok
14:56:12.0948 6120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:56:12.0948 6120 MRxDAV - ok
14:56:13.0026 6120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:56:13.0026 6120 mrxsmb - ok
14:56:13.0072 6120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:56:13.0072 6120 mrxsmb10 - ok
14:56:13.0088 6120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:56:13.0088 6120 mrxsmb20 - ok
14:56:13.0135 6120 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
14:56:13.0135 6120 msahci - ok
14:56:13.0166 6120 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:56:13.0166 6120 msdsm - ok
14:56:13.0213 6120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:56:13.0228 6120 MSDTC - ok
14:56:13.0275 6120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:56:13.0275 6120 Msfs - ok
14:56:13.0291 6120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:56:13.0291 6120 msisadrv - ok
14:56:13.0338 6120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:56:13.0353 6120 MSiSCSI - ok
14:56:13.0353 6120 msiserver - ok
14:56:13.0400 6120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:56:13.0400 6120 MSKSSRV - ok
14:56:13.0416 6120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:56:13.0431 6120 MSPCLOCK - ok
14:56:13.0447 6120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:56:13.0447 6120 MSPQM - ok
14:56:13.0494 6120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:56:13.0494 6120 MsRPC - ok
14:56:13.0540 6120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:56:13.0540 6120 mssmbios - ok
14:56:13.0572 6120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:56:13.0572 6120 MSTEE - ok
14:56:13.0587 6120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:56:13.0587 6120 Mup - ok
14:56:13.0650 6120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:56:13.0650 6120 napagent - ok
14:56:13.0728 6120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:56:13.0743 6120 NativeWifiP - ok
14:56:13.0790 6120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:56:13.0790 6120 NDIS - ok
14:56:13.0806 6120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:56:13.0806 6120 NdisTapi - ok
14:56:13.0821 6120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:56:13.0821 6120 Ndisuio - ok
14:56:13.0852 6120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:56:13.0852 6120 NdisWan - ok
14:56:13.0884 6120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:56:13.0884 6120 NDProxy - ok
14:56:13.0946 6120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:56:13.0946 6120 NetBIOS - ok
14:56:14.0024 6120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:56:14.0024 6120 netbt - ok
14:56:14.0055 6120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:14.0071 6120 Netlogon - ok
14:56:14.0133 6120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:56:14.0133 6120 Netman - ok
14:56:14.0289 6120 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:56:14.0305 6120 NetMsmqActivator - ok
14:56:14.0305 6120 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:56:14.0320 6120 NetPipeActivator - ok
14:56:14.0352 6120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:56:14.0352 6120 netprofm - ok
14:56:14.0367 6120 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:56:14.0367 6120 NetTcpActivator - ok
14:56:14.0367 6120 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:56:14.0367 6120 NetTcpPortSharing - ok
14:56:14.0398 6120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:56:14.0398 6120 nfrd960 - ok
14:56:14.0430 6120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:56:14.0445 6120 NlaSvc - ok
14:56:14.0476 6120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:56:14.0476 6120 Npfs - ok
14:56:14.0492 6120 npggsvc - ok
14:56:14.0523 6120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:56:14.0523 6120 nsi - ok
14:56:14.0539 6120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:56:14.0539 6120 nsiproxy - ok
14:56:14.0648 6120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:56:14.0664 6120 Ntfs - ok
14:56:14.0695 6120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:56:14.0695 6120 ntrigdigi - ok
14:56:14.0742 6120 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:56:14.0742 6120 NuidFltr - ok
14:56:14.0757 6120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:56:14.0757 6120 Null - ok
14:56:14.0788 6120 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:56:14.0788 6120 nvraid - ok
14:56:14.0804 6120 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:56:14.0804 6120 nvstor - ok
14:56:14.0866 6120 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:56:14.0866 6120 nv_agp - ok
14:56:14.0882 6120 NwlnkFlt - ok
14:56:14.0882 6120 NwlnkFwd - ok
14:56:14.0929 6120 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:56:14.0929 6120 ohci1394 - ok
14:56:15.0038 6120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:15.0054 6120 p2pimsvc - ok
14:56:15.0069 6120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:15.0069 6120 p2psvc - ok
14:56:15.0100 6120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:56:15.0100 6120 Parport - ok
14:56:15.0132 6120 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:56:15.0132 6120 partmgr - ok
14:56:15.0147 6120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:56:15.0147 6120 Parvdm - ok
14:56:15.0194 6120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:56:15.0194 6120 PcaSvc - ok
14:56:15.0256 6120 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
14:56:15.0334 6120 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
14:56:15.0334 6120 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
14:56:15.0381 6120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:56:15.0381 6120 pci - ok
14:56:15.0397 6120 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:56:15.0397 6120 pciide - ok
14:56:15.0428 6120 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:56:15.0444 6120 pcmcia - ok
14:56:15.0537 6120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:56:15.0553 6120 PEAUTH - ok
14:56:15.0709 6120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:56:15.0787 6120 pla - ok
14:56:15.0927 6120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:56:15.0927 6120 PlugPlay - ok
14:56:16.0036 6120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:16.0052 6120 PNRPAutoReg - ok
14:56:16.0052 6120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:16.0068 6120 PNRPsvc - ok
14:56:16.0161 6120 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
14:56:16.0161 6120 Point32 - ok
14:56:16.0224 6120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:56:16.0239 6120 PolicyAgent - ok
14:56:16.0286 6120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:56:16.0286 6120 PptpMiniport - ok
14:56:16.0364 6120 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:56:16.0364 6120 Processor - ok
14:56:16.0380 6120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:56:16.0395 6120 ProfSvc - ok
14:56:16.0426 6120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:16.0426 6120 ProtectedStorage - ok
14:56:16.0473 6120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:56:16.0473 6120 PSched - ok
14:56:16.0520 6120 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
14:56:16.0520 6120 PxHelp20 - ok
14:56:16.0629 6120 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:56:16.0645 6120 ql2300 - ok
14:56:16.0692 6120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:56:16.0692 6120 ql40xx - ok
14:56:16.0723 6120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:56:16.0738 6120 QWAVE - ok
14:56:16.0785 6120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:56:16.0785 6120 QWAVEdrv - ok
14:56:17.0191 6120 R300 (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
14:56:17.0222 6120 R300 - ok
14:56:17.0347 6120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:56:17.0347 6120 RasAcd - ok
14:56:17.0378 6120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:56:17.0394 6120 RasAuto - ok
14:56:17.0440 6120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:56:17.0440 6120 Rasl2tp - ok
14:56:17.0472 6120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:56:17.0487 6120 RasMan - ok
14:56:17.0518 6120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:56:17.0534 6120 RasPppoe - ok
14:56:17.0550 6120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:56:17.0550 6120 RasSstp - ok
14:56:17.0596 6120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:56:17.0596 6120 rdbss - ok
14:56:17.0612 6120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:56:17.0612 6120 RDPCDD - ok
14:56:17.0659 6120 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:56:17.0659 6120 rdpdr - ok
14:56:17.0674 6120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:56:17.0674 6120 RDPENCDD - ok
14:56:17.0737 6120 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:56:17.0737 6120 RDPWD - ok
14:56:17.0799 6120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:56:17.0815 6120 RemoteAccess - ok
14:56:17.0862 6120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:56:17.0877 6120 RemoteRegistry - ok
14:56:17.0908 6120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:56:17.0908 6120 RpcLocator - ok
14:56:17.0955 6120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:56:17.0955 6120 RpcSs - ok
14:56:17.0971 6120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:56:17.0971 6120 rspndr - ok
14:56:18.0080 6120 RSUSBSTOR (f1ed9ffa59c369e72bc53a7631346f61) C:\Windows\system32\Drivers\RtsUStor.sys
14:56:18.0080 6120 RSUSBSTOR - ok
14:56:18.0111 6120 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
14:56:18.0111 6120 RTSTOR - ok
14:56:18.0174 6120 rzudd (04365f72c1611f250368aaf414b38d9f) C:\Windows\system32\DRIVERS\rzudd.sys
14:56:18.0174 6120 rzudd - ok
14:56:18.0205 6120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:18.0205 6120 SamSs - ok
14:56:18.0236 6120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:56:18.0236 6120 sbp2port - ok
14:56:18.0283 6120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:56:18.0298 6120 SCardSvr - ok
14:56:18.0361 6120 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
14:56:18.0361 6120 SCDEmu - ok
14:56:18.0423 6120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:56:18.0439 6120 Schedule - ok
14:56:18.0486 6120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:56:18.0486 6120 SCPolicySvc - ok
14:56:18.0532 6120 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys
14:56:18.0532 6120 SCREAMINGBDRIVER - ok
14:56:18.0564 6120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:56:18.0579 6120 SDRSVC - ok
14:56:18.0704 6120 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:56:18.0704 6120 SeaPort - ok
14:56:18.0735 6120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:56:18.0735 6120 secdrv - ok
14:56:18.0751 6120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:56:18.0751 6120 seclogon - ok
14:56:18.0766 6120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:56:18.0766 6120 SENS - ok
14:56:18.0782 6120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:56:18.0782 6120 Serenum - ok
14:56:18.0813 6120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:56:18.0813 6120 Serial - ok
14:56:18.0829 6120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:56:18.0829 6120 sermouse - ok
14:56:18.0969 6120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:56:18.0969 6120 SessionEnv - ok
14:56:18.0985 6120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:56:19.0000 6120 sffdisk - ok
14:56:19.0016 6120 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:56:19.0016 6120 sffp_mmc - ok
14:56:19.0032 6120 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:56:19.0032 6120 sffp_sd - ok
14:56:19.0047 6120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:56:19.0047 6120 sfloppy - ok
14:56:19.0110 6120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:56:19.0125 6120 SharedAccess - ok
14:56:19.0172 6120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:56:19.0188 6120 ShellHWDetection - ok
14:56:19.0203 6120 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:56:19.0203 6120 sisagp - ok
14:56:19.0234 6120 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:56:19.0234 6120 SiSRaid2 - ok
14:56:19.0266 6120 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:56:19.0266 6120 SiSRaid4 - ok
14:56:19.0390 6120 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
14:56:19.0406 6120 SkypeUpdate - ok
14:56:19.0702 6120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:56:19.0796 6120 slsvc - ok
14:56:19.0952 6120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:56:19.0968 6120 SLUINotify - ok
14:56:20.0077 6120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:56:20.0077 6120 Smb - ok
14:56:20.0124 6120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:56:20.0124 6120 SNMPTRAP - ok
14:56:20.0155 6120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:56:20.0155 6120 spldr - ok
14:56:20.0202 6120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:56:20.0217 6120 Spooler - ok
14:56:20.0311 6120 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
14:56:20.0326 6120 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:56:20.0326 6120 sptd ( LockedFile.Multi.Generic ) - warning
14:56:20.0326 6120 sptd - detected LockedFile.Multi.Generic (1)
14:56:20.0373 6120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:56:20.0373 6120 srv - ok
14:56:20.0436 6120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:56:20.0436 6120 srv2 - ok
14:56:20.0451 6120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:56:20.0451 6120 srvnet - ok
14:56:20.0482 6120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:56:20.0482 6120 SSDPSRV - ok
14:56:20.0545 6120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:56:20.0545 6120 SstpSvc - ok
14:56:20.0670 6120 STacSV (cb2449150a5ea17caa0b94363d9440cc) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
14:56:20.0670 6120 STacSV - ok
14:56:20.0748 6120 Steam Client Service - ok
14:56:20.0810 6120 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
14:56:20.0810 6120 STHDA - ok
14:56:20.0872 6120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:56:20.0872 6120 stisvc - ok
14:56:20.0935 6120 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:56:20.0935 6120 stllssvr - ok
14:56:20.0966 6120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:56:20.0966 6120 swenum - ok
14:56:21.0028 6120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:56:21.0028 6120 swprv - ok
14:56:21.0075 6120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:56:21.0075 6120 Symc8xx - ok
14:56:21.0091 6120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:56:21.0091 6120 Sym_hi - ok
14:56:21.0106 6120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:56:21.0106 6120 Sym_u3 - ok
14:56:21.0169 6120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:56:21.0184 6120 SysMain - ok
14:56:21.0216 6120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:56:21.0231 6120 TabletInputService - ok
14:56:21.0262 6120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:56:21.0278 6120 TapiSrv - ok
14:56:21.0294 6120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:56:21.0294 6120 TBS - ok
14:56:21.0403 6120 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:56:21.0403 6120 Tcpip - ok
14:56:21.0418 6120 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:56:21.0434 6120 Tcpip6 - ok
14:56:21.0465 6120 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:56:21.0465 6120 tcpipreg - ok
14:56:21.0496 6120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:56:21.0496 6120 TDPIPE - ok
14:56:21.0528 6120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:56:21.0528 6120 TDTCP - ok
14:56:21.0559 6120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:56:21.0559 6120 tdx - ok
14:56:21.0590 6120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:56:21.0590 6120 TermDD - ok
14:56:21.0652 6120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:56:21.0668 6120 TermService - ok
14:56:21.0715 6120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:56:21.0730 6120 Themes - ok
14:56:21.0762 6120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:56:21.0762 6120 THREADORDER - ok
14:56:21.0808 6120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:56:21.0824 6120 TrkWks - ok
14:56:21.0871 6120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:56:21.0871 6120 TrustedInstaller - ok
14:56:21.0902 6120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:56:21.0902 6120 tssecsrv - ok
14:56:21.0949 6120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:56:21.0949 6120 tunmp - ok
14:56:21.0980 6120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:56:21.0980 6120 tunnel - ok
14:56:21.0996 6120 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:56:21.0996 6120 uagp35 - ok
14:56:22.0042 6120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:56:22.0042 6120 udfs - ok
14:56:22.0105 6120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:56:22.0105 6120 UI0Detect - ok
14:56:22.0120 6120 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:56:22.0120 6120 uliagpkx - ok
14:56:22.0167 6120 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:56:22.0167 6120 uliahci - ok
14:56:22.0183 6120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:56:22.0198 6120 UlSata - ok
14:56:22.0214 6120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:56:22.0214 6120 ulsata2 - ok
14:56:22.0245 6120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:56:22.0245 6120 umbus - ok
14:56:22.0276 6120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:56:22.0276 6120 upnphost - ok
14:56:22.0339 6120 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:56:22.0339 6120 usbaudio - ok
14:56:22.0386 6120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:56:22.0386 6120 usbccgp - ok
14:56:22.0417 6120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:56:22.0417 6120 usbcir - ok
14:56:22.0464 6120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:56:22.0464 6120 usbehci - ok
14:56:22.0495 6120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:56:22.0495 6120 usbhub - ok
14:56:22.0542 6120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:56:22.0542 6120 usbohci - ok
14:56:22.0573 6120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:56:22.0573 6120 usbprint - ok
14:56:22.0604 6120 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:56:22.0604 6120 usbscan - ok
14:56:22.0635 6120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:56:22.0635 6120 USBSTOR - ok
14:56:22.0729 6120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:56:22.0729 6120 usbuhci - ok
14:56:22.0760 6120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:56:22.0776 6120 UxSms - ok
14:56:22.0838 6120 V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\Windows\system32\DRIVERS\V0420Vid.sys
14:56:22.0838 6120 V0420VID - ok
14:56:22.0900 6120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:56:22.0947 6120 vds - ok
14:56:23.0010 6120 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:56:23.0010 6120 vga - ok
14:56:23.0025 6120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:56:23.0025 6120 VgaSave - ok
14:56:23.0088 6120 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:56:23.0088 6120 viaagp - ok
14:56:23.0103 6120 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:56:23.0103 6120 ViaC7 - ok
14:56:23.0119 6120 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:56:23.0119 6120 viaide - ok
14:56:23.0212 6120 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
14:56:23.0228 6120 Viewpoint Manager Service - ok
14:56:23.0244 6120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:56:23.0244 6120 volmgr - ok
14:56:23.0322 6120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:56:23.0322 6120 volmgrx - ok
14:56:23.0384 6120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:56:23.0384 6120 volsnap - ok
14:56:23.0446 6120 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:56:23.0446 6120 vsmraid - ok
14:56:23.0556 6120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:56:23.0618 6120 VSS - ok
14:56:23.0696 6120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:56:23.0712 6120 W32Time - ok
14:56:23.0758 6120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:56:23.0758 6120 WacomPen - ok
14:56:23.0790 6120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:56:23.0790 6120 Wanarp - ok
14:56:23.0805 6120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:56:23.0805 6120 Wanarpv6 - ok
14:56:23.0836 6120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:56:23.0852 6120 wcncsvc - ok
14:56:23.0868 6120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:56:23.0883 6120 WcsPlugInService - ok
14:56:23.0899 6120 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:56:23.0899 6120 Wd - ok
14:56:23.0946 6120 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:56:23.0961 6120 Wdf01000 - ok
14:56:23.0977 6120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:56:23.0977 6120 WdiServiceHost - ok
14:56:23.0992 6120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:56:23.0992 6120 WdiSystemHost - ok
14:56:24.0039 6120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:56:24.0039 6120 WebClient - ok
14:56:24.0117 6120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:56:24.0117 6120 Wecsvc - ok
14:56:24.0148 6120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:56:24.0148 6120 wercplsupport - ok
14:56:24.0195 6120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:56:24.0211 6120 WerSvc - ok
14:56:24.0320 6120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:56:24.0320 6120 WinDefend - ok
14:56:24.0336 6120 WinHttpAutoProxySvc - ok
14:56:24.0414 6120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:56:24.0414 6120 Winmgmt - ok
14:56:24.0538 6120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:56:24.0632 6120 WinRM - ok
14:56:24.0726 6120 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
14:56:24.0726 6120 WinUSB - ok
14:56:24.0788 6120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:56:24.0819 6120 Wlansvc - ok
14:56:25.0038 6120 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:56:25.0053 6120 wlidsvc - ok
14:56:25.0178 6120 wltrysvc - ok
14:56:25.0240 6120 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:56:25.0240 6120 WmiAcpi - ok
14:56:25.0318 6120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:56:25.0318 6120 wmiApSrv - ok
14:56:25.0474 6120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:56:25.0521 6120 WMPNetworkSvc - ok
14:56:25.0568 6120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:56:25.0584 6120 WPCSvc - ok
14:56:25.0662 6120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:56:25.0662 6120 WPDBusEnum - ok
14:56:25.0740 6120 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:56:25.0740 6120 WpdUsb - ok
14:56:25.0927 6120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:56:25.0927 6120 WPFFontCache_v0400 - ok
14:56:25.0958 6120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:56:25.0958 6120 ws2ifsl - ok
14:56:25.0989 6120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:56:26.0005 6120 wscsvc - ok
14:56:26.0005 6120 WSearch - ok
14:56:26.0208 6120 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:56:26.0239 6120 wuauserv - ok
14:56:26.0395 6120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:56:26.0395 6120 WUDFRd - ok
14:56:26.0442 6120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:56:26.0457 6120 wudfsvc - ok
14:56:26.0473 6120 yksvc - ok
14:56:26.0566 6120 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
14:56:26.0566 6120 yukonwlh - ok
14:56:26.0660 6120 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
14:56:26.0925 6120 \Device\Harddisk0\DR0 - ok
14:56:26.0956 6120 Boot (0x1200) (57c98506cc7f57ee91ba751ae3f38351) \Device\Harddisk0\DR0\Partition0
14:56:26.0956 6120 \Device\Harddisk0\DR0\Partition0 - ok
14:56:26.0956 6120 Boot (0x1200) (f523c1d408a1a816065a35db033e4332) \Device\Harddisk0\DR0\Partition1
14:56:26.0972 6120 \Device\Harddisk0\DR0\Partition1 - ok
14:56:26.0972 6120 ============================================================
14:56:26.0972 6120 Scan finished
14:56:26.0972 6120 ============================================================
14:56:26.0972 6084 Detected object count: 1
14:56:26.0972 6084 Actual detected object count: 1
14:56:50.0590 6084 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:56:50.0590 6084 sptd ( LockedFile.Multi.Generic ) - User select action: Skip





Hope everything's here... Thanks!
  • 0

#4
Essexboy
Posted 11 August 2012 - 01:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm not where I thought it was

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
IanF
Posted 11 August 2012 - 01:50 PM

IanF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Combofix Log:

ComboFix 12-08-10.02 - Ian 2012-08-11 15:26:58.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.2.1036.18.3070.1718 [GMT -4:00]
Lancé depuis: c:\users\Ian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AcRemoteUpdate.exe
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\[email protected]\chrome.manifest
c:\program files\AutocompletePro\[email protected]\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\[email protected]\chrome\content\options.js
c:\program files\AutocompletePro\[email protected]\chrome\content\options.xul
c:\program files\AutocompletePro\[email protected]\chrome\content\utils.js
c:\program files\AutocompletePro\[email protected]\defaults\preferences\predictad.js
c:\program files\AutocompletePro\[email protected]\install.rdf
c:\program files\AutocompletePro\TaskScheduler.dll
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\4a6ad3dd-db4c-4c85-a238-f9483baae32d.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\Ian\AppData\Local\Tempals_inst.exe
c:\users\Ian\AppData\Roaming\.#
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-11 au 2012-08-11 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-11 19:37 . 2012-08-11 19:37 -------- d-----w- c:\users\Ian\AppData\Local\temp
2012-08-11 19:37 . 2012-08-11 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 18:45 . 2012-08-11 18:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-11 18:08 . 2012-08-11 18:08 -------- d-----w- C:\_OTL
2012-08-09 21:22 . 2012-08-09 21:22 -------- d-----w- c:\users\Ian\AppData\Local\Microsoft Help
2012-08-09 21:22 . 2012-08-09 21:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-08-09 21:22 . 2012-08-09 21:22 -------- d-----w- c:\program files\Microsoft Visual Basic 2005 Power Packs
2012-08-09 21:22 . 2012-08-09 21:22 -------- d-----w- c:\program files\Microsoft SDKs
2012-08-09 21:22 . 2012-08-09 21:22 -------- d-----w- c:\programdata\Microsoft Help
2012-08-09 04:09 . 2012-08-09 04:09 -------- d-----w- c:\program files\AVG
2012-08-09 04:01 . 2012-08-09 04:01 -------- d--h--w- c:\programdata\Common Files
2012-08-09 04:01 . 2012-08-11 17:59 -------- d-----w- c:\programdata\MFAData
2012-08-08 04:46 . 2012-08-08 04:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AF05390-28BE-4092-87C7-5518B0EA2FB9}\offreg.dll
2012-08-07 06:17 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AF05390-28BE-4092-87C7-5518B0EA2FB9}\mpengine.dll
2012-07-30 06:58 . 2007-05-13 16:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2012-07-30 06:58 . 2012-07-30 06:58 -------- d-----w- c:\program files\AoA Audio Extractor Platinum
2012-07-19 01:31 . 2012-08-08 21:28 -------- d-----w- c:\users\Ian\AppData\Local\LogMeIn Hamachi
2012-07-19 01:30 . 2012-07-19 01:30 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2009-05-11 03:41 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-07-03 16:10 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2009-05-11 03:41 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2009-05-11 03:41 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2009-05-11 03:41 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2009-05-11 03:41 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-06-29 23:20 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2009-05-11 03:41 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-13 13:40 . 2012-07-11 15:03 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 14:15 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:14 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-25 14:09 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 14:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 14:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 14:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 14:09 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 14:09 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 14:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-25 14:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-25 14:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 14:14 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:14 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 21:18 . 2010-06-24 15:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-31 16:25 . 2009-10-02 16:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 06:37 . 2012-06-13 17:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 17:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 17:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 17:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 17:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 17:15 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 17:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 17:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 02:35 . 2012-05-15 02:35 79104 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-07-17 21:00 . 2011-05-10 00:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-17 3077528]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0420Ext.ax"="c:\windows\system32\V0420Ext.ax" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"agentantidote.exe"="c:\program files\Druide\Antidote 7\Programmes32\agentantidote.exe" [2012-02-23 943168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - 96944462
*Deregistered* - 96944462
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-05 14:12]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-05 14:12]
.
2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-08-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\mvz0ttcf.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.radio-canada.ca/grands-titres/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Easy Dock - (no file)
HKLM-Run-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
AddRemove-AutocompletePro2_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 15:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Kilgray: memoQ update permissions manager. 979430.]
"ImagePath"="c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Kilgray: memoQ update permissions manager. 9841208.]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-719398664-2818229733-1026923385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* 0]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-719398664-2818229733-1026923385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* 0\OpenWithList]
@Class="Shell"
"a"="firefox.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-719398664-2818229733-1026923385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* 0sY;S‚0á0¤0É0‚0qN¤N‚0J0}YM0&
0]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-719398664-2818229733-1026923385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* 0sY;S‚0á0¤0É0‚0qN¤N‚0J0}YM0&
0\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-719398664-2818229733-1026923385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%­*,*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-719398664-2818229733-1026923385-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%­*,*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-719398664-2818229733-1026923385-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,5c,08,a0,a0,8e,e9,9e,53,58,20,13,11,a0,71,29,bc,b2,36,0f,c4,
5b,f8,49,7f,77,7d,9c,e3,95,54,98,94,1c,ef,af,c5,f4,54,b2,68,36,3a,c0,9d,c8,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
Heure de fin: 2012-08-11 15:40:56
ComboFix-quarantined-files.txt 2012-08-11 19:40
.
Avant-CF: 28 759 244 800 octets libres
Après-CF: 28 584 546 304 octets libres
.
- - End Of File - - 36273389C15CF2FD30C63239253C2DC7


Everything seems to be working fine! Avast! no longer reports any malicious URL blocked, Google is working everywhere now, and pages load up much faster. I haven't tried playing a game yet, but my bet is that it'll be much more bearable from now on.

I don't know if it's definitely fixed, but it sure feels like it for the time being! Thank you!
  • 0

#6
Essexboy
Posted 11 August 2012 - 02:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets do a final check for orphans

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
IanF
Posted 11 August 2012 - 02:35 PM

IanF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.08.11.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Ian :: PC-DE-IAN [administrateur]

2012-08-11 16:23:49
mbam-log-2012-08-11 (16-23-49).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 205141
Temps écoulé: 7 minute(s), 50 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)


Basically, nothing harmful has been found.
  • 0

#8
Essexboy
Posted 11 August 2012 - 02:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer ? Any problems ?
  • 0

#9
IanF
Posted 11 August 2012 - 03:06 PM

IanF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Nope, everything seems to be working fine. Internet's nice and fast again, search engine is working, antivirus is not reporting any suspicious activity... Everything's okay!

Thank you so much for your time!
  • 0

#10
Essexboy
Posted 11 August 2012 - 03:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy
Posted 15 August 2012 - 07:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP