Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP no update/firewall google ad search pop up [Solved] [Closed]


  • This topic is locked This topic is locked

#1
skrlin182

skrlin182

    Member

  • Member
  • PipPip
  • 32 posts
Title explains issues, here is the log file

OTL logfile created on: 8/17/2012 12:04:55 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\PMC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 60.77% Memory free
5.09 Gb Paging File | 3.77 Gb Available in Paging File | 74.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 83.48 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 262.46 Gb Free Space | 56.35% Space Free | Partition Type: NTFS

Computer Name: PMC-MAIN | User Name: PMC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 12:04:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PMC\Desktop\OTL.exe
PRC - [2012/07/25 18:21:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/19 15:40:10 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/05/14 13:07:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/04/27 19:10:38 | 001,171,304 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/04/27 19:04:36 | 000,821,016 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012/04/27 19:04:16 | 000,403,112 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/04/27 19:03:28 | 005,955,000 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/02 22:16:30 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/03/09 01:49:43 | 000,422,912 | ---- | M] () -- C:\UPS\WSTD\WSTDMessaging.exe
PRC - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
PRC - [2008/08/31 20:05:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/13 10:39:12 | 000,073,728 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 16:30:05 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/25 18:21:19 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 07:28:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 07:28:00 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 07:22:33 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:22:26 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 07:21:41 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/14 07:21:35 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/05/09 09:01:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 09:01:41 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 09:01:41 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/09 09:01:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 09:01:34 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/09 08:59:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 08:59:16 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/09 08:58:44 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 08:58:39 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/27 19:09:24 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2012/04/27 18:33:28 | 000,435,552 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
MOD - [2012/03/02 22:16:30 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
MOD - [2012/03/02 22:16:28 | 000,045,056 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll
MOD - [2012/03/02 22:03:58 | 000,053,248 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll
MOD - [2012/03/02 22:03:58 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll
MOD - [2012/03/02 21:37:14 | 000,018,432 | ---- | M] () -- C:\UPS\WSTD\UPSResourceManager.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/08/18 15:23:40 | 000,026,112 | ---- | M] () -- C:\WINDOWS\system32\VNCpm.dll
MOD - [2011/03/09 01:49:43 | 000,422,912 | ---- | M] () -- C:\UPS\WSTD\WSTDMessaging.exe
MOD - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2010/10/26 00:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/26 00:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/26 00:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/09/05 20:02:50 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/09/05 20:02:50 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/09/05 20:02:50 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:50 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/09/05 20:02:50 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:50 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/09/05 20:02:50 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:50 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/09/05 20:02:50 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010/09/05 20:02:50 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010/09/05 20:02:50 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3321.40422__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010/09/05 20:02:50 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3321.40340__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/09/05 20:02:49 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/09/05 20:02:49 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:49 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:49 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:49 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/09/05 20:02:49 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/09/05 20:02:49 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/09/05 20:02:48 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/09/05 20:02:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/09/05 20:02:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/09/05 20:02:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/09/05 20:02:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3294.18781__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3294.18795__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3294.18782__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3294.18759__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/09/05 20:02:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/09/05 20:02:48 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/09/05 20:02:47 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/09/05 20:02:47 | 000,540,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/09/05 20:02:47 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/09/05 20:02:47 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/09/05 20:02:47 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/09/05 20:02:47 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/09/05 20:02:47 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/09/05 20:02:47 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/09/05 20:02:47 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll
MOD - [2010/09/05 20:02:47 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/09/05 20:02:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/09/05 20:02:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/09/05 20:02:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/09/05 20:02:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/09/05 20:02:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/09/05 20:02:47 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/09/05 20:02:47 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/09/05 20:02:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/09/05 20:02:47 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/09/05 20:02:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/09/05 20:02:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/09/05 20:02:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/09/05 20:02:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/09/05 20:02:47 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/09/05 20:02:47 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/09/05 20:02:47 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/05/20 13:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 09:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 09:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 09:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 09:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 09:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 09:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/08/14 16:30:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/25 18:21:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/19 15:40:10 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/05/14 13:07:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/04/27 19:04:36 | 000,821,016 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/18 15:37:42 | 001,696,496 | ---- | M] (RealVNC Ltd) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2008/08/31 20:05:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\PMC\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\PMC\LOCALS~1\Temp\awtyapow.sys -- (awtyapow)
DRV - [2012/08/17 11:57:31 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A10F2BA5-1B31-4645-A30E-7B781CA4E64F}\MpKsla8e0c007.sys -- (MpKsla8e0c007)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/19 15:40:11 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/05/19 15:40:07 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/05/19 15:40:06 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/05/19 15:40:04 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2012/05/19 15:40:03 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt67.sys -- (vidsflt67)
DRV - [2012/05/19 15:40:01 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/05/19 15:39:59 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2011/08/18 15:23:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/02/04 02:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/03 04:22:00 | 005,030,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 07:10:12 | 001,684,736 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/29 03:00:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/02/07 02:13:51 | 000,060,572 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/02/07 02:13:49 | 000,028,449 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/01/04 02:41:48 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2002/12/17 05:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/17 05:41:10 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Autodesk Player Plugin: C:\Program Files\Autodesk\Autodesk Player Plugin\npAdPlayerPlugin_FF.dll (Autodesk)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/25 18:21:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 22:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/21 16:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/09/08 12:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PMC\Application Data\Mozilla\Extensions
[2010/09/06 15:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PMC\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/06 10:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PMC\Application Data\Mozilla\Firefox\Profiles\z3p28s2o.default\extensions
[2011/03/28 10:02:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\PMC\Application Data\Mozilla\Firefox\Profiles\z3p28s2o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/27 10:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/24 19:45:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/25 18:21:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012/02/28 10:35:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/06 18:50:26 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/06/26 14:31:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/26 14:31:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LeapFTP Internet Explorer Hook) - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\Program Files\LeapFTP 3.0\lftpie.dll (LeapWare)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://www.partserve...3d/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1345209676281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1345220627468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7}: NameServer = 10.0.0.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/05 19:51:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/01/24 01:22:34 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/08/16 17:46:37 | 000,000,027 | ---- | M] () - F:\Autorun.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 12:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PMC\Desktop\CleanUP
[2012/08/17 11:15:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/17 11:10:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/17 11:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/17 11:10:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/17 08:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/17 08:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/17 08:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/17 08:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PMC\Application Data\Malwarebytes
[2012/08/17 08:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/17 08:27:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/17 08:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/17 08:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/07 18:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/08/07 18:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 12:09:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{25379939-1042-4793-A89C-D5024206BA8D}.job
[2012/08/17 12:04:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/17 11:39:55 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/17 11:39:51 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/17 11:36:21 | 000,000,485 | ---- | M] () -- C:\Documents and Settings\PMC\Application Data\SamsungLiveUpdateConfig.ini
[2012/08/17 11:30:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/17 11:30:45 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/17 11:29:55 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 11:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/17 11:29:48 | 000,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/08/17 11:29:43 | 000,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/17 11:17:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 11:15:10 | 000,000,332 | ---- | M] () -- C:\Start_.cmd
[2012/08/17 08:43:51 | 000,000,199 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2012/08/17 08:37:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/12 08:59:30 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/08/08 09:17:26 | 000,000,081 | ---- | M] () -- C:\WINDOWS\LogoLib.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 11:15:10 | 000,000,332 | ---- | C] () -- C:\Start_.cmd
[2012/08/17 08:51:59 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/17 08:51:55 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/17 08:37:56 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/08/17 08:37:47 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/16 22:25:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/07 18:24:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/20 17:07:30 | 014,402,095 | ---- | C] () -- C:\Documents and Settings\PMC\Desktop\F5Reference_AEH_v42.pdf
[2012/06/26 12:57:48 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\PMC\g2mdlhlpx.exe
[2012/05/09 09:29:37 | 003,699,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/16 11:49:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 15:23:28 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\PMC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 19:32:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2011/12/15 19:31:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2011/12/04 11:42:33 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\VNCpm.dll
[2011/10/13 10:28:01 | 000,000,081 | ---- | C] () -- C:\WINDOWS\LogoLib.INI
[2011/10/12 17:42:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\U2fwordw.dll
[2011/10/12 17:42:12 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2011/10/12 17:42:12 | 000,153,761 | ---- | C] () -- C:\WINDOWS\System32\U2frtf.dll
[2011/10/12 17:42:12 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2011/10/12 17:42:12 | 000,124,256 | ---- | C] () -- C:\WINDOWS\System32\U2dmapi.dll
[2011/10/12 17:42:12 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\U2fhtml.dll
[2011/10/12 17:42:12 | 000,097,489 | ---- | C] () -- C:\WINDOWS\System32\U2fcr.dll
[2011/10/12 17:42:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\U2fxls.dll
[2011/10/12 17:42:12 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2011/10/12 17:42:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2fwks.dll
[2011/10/12 17:42:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2ftext.dll
[2011/10/12 17:42:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\U2fsepv.dll
[2011/10/12 17:42:12 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2011/10/12 17:42:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\U2frec.dll
[2011/10/12 17:42:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\U2fdif.dll
[2011/10/12 17:42:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\U2ddisk.dll
[2011/10/12 17:42:12 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2011/10/12 17:42:12 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2011/10/12 14:42:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/12 14:10:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\HLVDD.dll
[2011/09/10 11:47:44 | 000,000,297 | ---- | C] () -- C:\WINDOWS\VPlus.ini
[2011/07/24 17:10:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/10 11:40:36 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/17 17:43:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/02/22 13:08:02 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\PMC\Application Data\SAS7_000.DAT
[2010/09/27 15:53:39 | 000,086,082 | R--- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2010/09/27 15:53:39 | 000,000,110 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/09/09 11:22:23 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2010/09/09 11:19:45 | 000,001,298 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/08 09:39:07 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\PMC\Application Data\default.rss
[2010/09/08 09:39:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\PMC\Application Data\downloads.m3u
[2010/09/06 15:43:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/06 14:55:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/09/06 14:30:48 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2010/09/06 14:30:06 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/09/06 14:07:16 | 000,000,485 | ---- | C] () -- C:\Documents and Settings\PMC\Application Data\SamsungLiveUpdateConfig.ini
[2010/09/05 20:04:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/05 20:02:23 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/09/05 19:56:48 | 000,024,064 | ---- | C] () -- C:\WINDOWS\autoload.exe
[2010/09/05 19:52:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 19:49:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/05 03:01:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/05 03:00:37 | 000,173,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/05/19 15:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/06/28 12:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/08/17 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/09/06 14:27:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/07/25 12:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/01/30 11:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/22 14:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/03/17 17:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2011/10/21 16:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2012/02/11 15:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/08/06 12:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Interapptive
[2010/09/06 14:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/02/22 12:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/09/06 14:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/05 16:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/03/16 08:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/02 17:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\10A7D3D9-8075-475C-A460-68CE8D3A41F5
[2011/11/18 12:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\7DCAAF05-F661-433A-A40B-1E75196A3415
[2011/01/21 18:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\7E33EF4E-D240-4B68-B2CD-2780CF38DDE4
[2011/11/02 17:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\9FF7B5C5-463A-48EB-88CB-732BF86C0BBF
[2010/10/18 17:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Acronis
[2012/06/28 12:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Autodesk
[2012/06/25 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\BRC
[2012/05/19 15:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\C0F9DD4A-C6FB-4E9E-9EA9-6C0CF49BA40A
[2011/05/06 22:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\cadenas
[2010/09/17 14:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Canon
[2011/03/21 16:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\CircuitWorks
[2011/03/17 17:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\DassaultSystemes
[2012/07/05 13:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\DraftSight
[2012/07/05 14:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\EDrawings
[2012/07/10 16:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\FileZilla
[2012/02/11 15:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Flip Video
[2011/01/30 12:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\ICAClient
[2010/11/24 15:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\LeapWare
[2011/07/25 15:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\ntr
[2011/02/22 12:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Nuance
[2010/09/06 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\ScanSoft
[2010/09/06 15:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Thunderbird
[2010/09/06 15:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Windows Desktop Search
[2010/09/06 15:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PMC\Application Data\Windows Search
[2012/08/17 11:39:51 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012/08/17 12:09:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{25379939-1042-4793-A89C-D5024206BA8D}.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB52820$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >
  • 0

Advertisements


#2
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL Extras logfile created on: 8/17/2012 12:04:56 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\PMC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 60.77% Memory free
5.09 Gb Paging File | 3.77 Gb Available in Paging File | 74.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 83.48 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 262.46 Gb Free Space | 56.35% Space Free | Partition Type: NTFS

Computer Name: PMC-MAIN | User Name: PMC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CAB6A1C-3423-4EA0-8871-9CCA3672602B}" = FlukeView ScopeMeter 4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1C0CDD0D-9EF8-4A77-A6D6-B656696DAC7E}" = VPlus User Interface
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ECC)
"{32199E94-CA76-4BA8-B0B6-76A856A5DA98}" = QBWebConnector
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E917089-4AE9-447F-A45D-6999CB726CAD}" = ICam
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5540F934-06D9-4DCE-B7D4-93DBA58D0338}" = WorldShip
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{75480068-162F-4D6B-B38E-76606A4E5320}_is1" = Dolphin Futures XPS Viewer version 1.1.0
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{80859780-5BC8-404A-A0F3-3C8E6A23D0D9}" = INTERMAC - StoneCam 3.3
"{810428F2-1BED-4517-937E-DEC6372F74E8}_is1" = eCC
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{98C4DE92-27C8-482C-8431-514828756E80}" = Reconciler
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AECEAAD4-6724-4810-B223-E07EB4E8978A}" = eCC Merge Module
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{b86754dd-2ddb-4ac0-9015-cb487277254e}" = InCD Help
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE0CD30D-69A6-4B3A-857D-218C2C32E912}" = Acronis True Image Home 2012
"{BE0CD30D-69A6-4B3A-857D-218C2C32E912}Visible" = Acronis True Image Home 2012
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{c5d6ac31-f3f6-4fc7-acf2-a0e182a58753}" = Nero 9 Essentials
"{C5F49A22-28A7-4738-AC9B-322EFCA29FB9}" = FOSS
"{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}" = ReportServer
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEC9BEF4-4E53-48B3-9742-F014AA0A9E55}" = LogoTag Free
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E85B767C-AD1B-41FA-8CEF-C927ABB1D275}" = AlignmentUtility
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{F6FB7A4E-3306-4E06-8B29-CA8EB19BC90B}" = SolidWorks eDrawings 2012
"{FAAF59A3-4B9A-4B8F-A43F-821E8DA8DA95}" = WSShared
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FE893E2C-11B4-47CB-88F6-6647D90C6A13}" = ScanSoft OmniPage SE 4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AutoCAD LT Online Trial" = AutoCAD LT Online Trial
"Autodesk Player Plugin" = Autodesk Player Plugin
"Canon MX850 series User Registration" = Canon MX850 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FastStone Capture" = FastStone Capture 6.9
"FileZilla Client" = FileZilla Client 3.5.3
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GTWorks Demo" = GTWorks Demo
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{4E917089-4AE9-447F-A45D-6999CB726CAD}" = ICam
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"LeapFTP 3.0_is1" = LeapFTP 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealVNC_is1" = VNC Enterprise Edition E4.6.3
"UPS WorldShip" = UPS WorldShip
"VLC media player" = VLC media player 2.0.0
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.7.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2012 9:51:27 AM | Computer Name = PMC-MAIN | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 8/14/2012 11:56:55 AM | Computer Name = PMC-MAIN | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": Connection
Error:Invalid user ID or passwo

Error - 8/14/2012 11:56:55 AM | Computer Name = PMC-MAIN | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\PrecisionMetalCrafts.QBW;ENG=QB_data_engine_21;DBN=0cc9f19c119c47e69eb4d32503066c

Error - 8/14/2012 11:56:55 AM | Computer Name = PMC-MAIN | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2011": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
function:'DBMgr::DBConnPool::ini

Error - 8/14/2012 7:01:14 PM | Computer Name = PMC-MAIN | Source = Application Error | ID = 1000
Description = Faulting application prl_stat.exe, version 15.0.0.7119, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x000149d1.

Error - 8/15/2012 7:06:21 PM | Computer Name = PMC-MAIN | Source = Application Error | ID = 1000
Description = Faulting application prl_stat.exe, version 15.0.0.7119, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x000149d1.

Error - 8/16/2012 11:24:42 PM | Computer Name = PMC-MAIN | Source = Application Error | ID = 1000
Description = Faulting application prl_stat.exe, version 15.0.0.7119, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x000149d1.

Error - 8/17/2012 9:37:43 AM | Computer Name = PMC-MAIN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/17/2012 9:37:48 AM | Computer Name = PMC-MAIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/17/2012 12:15:01 PM | Computer Name = PMC-MAIN | Source = Application Error | ID = 1000
Description = Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe,
version 0.0.0.0, fault address 0x00081dc9.

[ System Events ]
Error - 8/17/2012 12:30:49 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:30:49 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:30:49 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:30:49 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:30:50 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:30:50 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:31:13 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:35:53 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/17/2012 12:35:54 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/17/2012 12:54:34 PM | Computer Name = PMC-MAIN | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there two programmes for you to run

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of th erecovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#4
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ran combo fix, the status bar goes all the way to the right, closes, but i dont see a log at C:\
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK continue with FSS for now please
  • 0

#6
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Farbar Service Scanner Version: 06-08-2012
Ran by PMC (administrator) on 17-08-2012 at 12:50:44
Running from "C:\Documents and Settings\PMC\Desktop\CleanUP"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached Zip file to your desktop
[attachment=59834:wuauserv.zip]
Extract all three registry files
Double click each in turn and allow to merge

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#8
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
13:20:41.0406 4148 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
13:20:41.0671 4148 ============================================================
13:20:41.0671 4148 Current date / time: 2012/08/17 13:20:41.0671
13:20:41.0671 4148 SystemInfo:
13:20:41.0671 4148
13:20:41.0671 4148 OS Version: 5.1.2600 ServicePack: 3.0
13:20:41.0671 4148 Product type: Workstation
13:20:41.0671 4148 ComputerName: PMC-MAIN
13:20:41.0671 4148 UserName: PMC
13:20:41.0671 4148 Windows directory: C:\WINDOWS
13:20:41.0671 4148 System windows directory: C:\WINDOWS
13:20:41.0671 4148 Processor architecture: Intel x86
13:20:41.0671 4148 Number of processors: 4
13:20:41.0671 4148 Page size: 0x1000
13:20:41.0671 4148 Boot type: Normal boot
13:20:41.0671 4148 ============================================================
13:20:42.0171 4148 BG loaded
13:20:42.0328 4148 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:20:42.0328 4148 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:20:42.0375 4148 ============================================================
13:20:42.0375 4148 \Device\Harddisk0\DR0:
13:20:42.0375 4148 MBR partitions:
13:20:42.0375 4148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11773701
13:20:42.0375 4148 \Device\Harddisk1\DR2:
13:20:42.0375 4148 MBR partitions:
13:20:42.0375 4148 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:20:42.0375 4148 ============================================================
13:20:42.0390 4148 C: <-> \Device\Harddisk0\DR0\Partition1
13:20:42.0406 4148 F: <-> \Device\Harddisk1\DR2\Partition1
13:20:42.0406 4148 ============================================================
13:20:42.0406 4148 Initialize success
13:20:42.0406 4148 ============================================================
13:22:10.0421 4256 ============================================================
13:22:10.0421 4256 Scan started
13:22:10.0421 4256 Mode: Manual; SigCheck; TDLFS;
13:22:10.0421 4256 ============================================================
13:22:10.0500 4256 ================ Scan services =============================
13:22:10.0562 4256 Abiosdsk - ok
13:22:10.0562 4256 abp480n5 - ok
13:22:10.0593 4256 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:22:11.0265 4256 ACPI - ok
13:22:11.0281 4256 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:22:11.0375 4256 ACPIEC - ok
13:22:11.0437 4256 [ b0406ca173f5ddcbfa713ae83b181bbc ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
13:22:11.0453 4256 AcrSch2Svc - ok
13:22:11.0484 4256 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:22:11.0500 4256 AdobeFlashPlayerUpdateSvc - ok
13:22:11.0500 4256 adpu160m - ok
13:22:11.0515 4256 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:22:11.0593 4256 aec - ok
13:22:11.0609 4256 [ 158ed54ce49cf828c1e46a811fff8804 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
13:22:11.0640 4256 afcdp - ok
13:22:11.0703 4256 [ 5555e5ce43de53fe4c2f19a1163c49a0 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
13:22:11.0765 4256 afcdpsrv - ok
13:22:11.0781 4256 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:22:11.0796 4256 AFD - ok
13:22:11.0812 4256 Aha154x - ok
13:22:11.0812 4256 aic78u2 - ok
13:22:11.0828 4256 aic78xx - ok
13:22:11.0843 4256 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:22:11.0906 4256 Alerter - ok
13:22:11.0906 4256 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
13:22:11.0984 4256 ALG - ok
13:22:11.0984 4256 AliIde - ok
13:22:12.0031 4256 [ f6af59d6eee5e1c304f7f73706ad11d8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
13:22:12.0109 4256 Ambfilt - ok
13:22:12.0140 4256 [ 3f1194bf1864a6e7c8843d343e675de3 ] AMD_RAIDXpert C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
13:22:12.0156 4256 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
13:22:12.0156 4256 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
13:22:12.0156 4256 amsint - ok
13:22:12.0171 4256 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:22:12.0250 4256 AppMgmt - ok
13:22:12.0250 4256 asc - ok
13:22:12.0250 4256 asc3350p - ok
13:22:12.0265 4256 asc3550 - ok
13:22:12.0328 4256 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:22:12.0359 4256 aspnet_state - ok
13:22:12.0375 4256 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:22:12.0437 4256 AsyncMac - ok
13:22:12.0437 4256 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:22:12.0515 4256 atapi - ok
13:22:12.0515 4256 Atdisk - ok
13:22:12.0531 4256 [ 42e4e2cf0406394bbce7eb358ae4e208 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:22:12.0546 4256 Ati HotKey Poller - ok
13:22:12.0562 4256 [ 460741befbfc91c88934620bc546d172 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
13:22:12.0578 4256 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
13:22:12.0578 4256 ATI Smart - detected UnsignedFile.Multi.Generic (1)
13:22:12.0625 4256 [ 81c3e6674d0609aa84c07681bca252de ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:22:12.0703 4256 ati2mtag - ok
13:22:12.0718 4256 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:22:12.0781 4256 Atmarpc - ok
13:22:12.0796 4256 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:22:12.0875 4256 AudioSrv - ok
13:22:12.0875 4256 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:22:12.0953 4256 audstub - ok
13:22:12.0953 4256 BCMH43XX - ok
13:22:12.0968 4256 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:22:13.0046 4256 Beep - ok
13:22:13.0046 4256 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:22:13.0125 4256 BITS - ok
13:22:13.0156 4256 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
13:22:13.0171 4256 Browser - ok
13:22:13.0187 4256 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:22:13.0250 4256 cbidf2k - ok
13:22:13.0265 4256 cd20xrnt - ok
13:22:13.0265 4256 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:22:13.0328 4256 Cdaudio - ok
13:22:13.0343 4256 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:22:13.0390 4256 Cdfs - ok
13:22:13.0406 4256 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:22:13.0468 4256 Cdrom - ok
13:22:13.0468 4256 Changer - ok
13:22:13.0484 4256 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:22:13.0546 4256 CiSvc - ok
13:22:13.0562 4256 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:22:13.0625 4256 ClipSrv - ok
13:22:13.0656 4256 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:13.0703 4256 clr_optimization_v2.0.50727_32 - ok
13:22:13.0718 4256 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:13.0734 4256 clr_optimization_v4.0.30319_32 - ok
13:22:13.0734 4256 CmdIde - ok
13:22:13.0750 4256 COMSysApp - ok
13:22:13.0765 4256 Cpqarray - ok
13:22:13.0796 4256 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:22:13.0859 4256 CryptSvc - ok
13:22:13.0859 4256 dac2w2k - ok
13:22:13.0875 4256 dac960nt - ok
13:22:13.0890 4256 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:22:13.0937 4256 DcomLaunch - ok
13:22:13.0953 4256 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:22:14.0015 4256 Dhcp - ok
13:22:14.0015 4256 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:22:14.0093 4256 Disk - ok
13:22:14.0093 4256 dmadmin - ok
13:22:14.0109 4256 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:22:14.0187 4256 dmboot - ok
13:22:14.0203 4256 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:22:14.0265 4256 dmio - ok
13:22:14.0265 4256 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:22:14.0343 4256 dmload - ok
13:22:14.0359 4256 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:22:14.0406 4256 dmserver - ok
13:22:14.0421 4256 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:22:14.0484 4256 DMusic - ok
13:22:14.0484 4256 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:22:14.0546 4256 Dnscache - ok
13:22:14.0546 4256 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:22:14.0609 4256 Dot3svc - ok
13:22:14.0625 4256 dpti2o - ok
13:22:14.0640 4256 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:22:14.0703 4256 drmkaud - ok
13:22:14.0703 4256 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:22:14.0765 4256 EapHost - ok
13:22:14.0781 4256 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:22:14.0859 4256 ERSvc - ok
13:22:14.0859 4256 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:22:14.0890 4256 Eventlog - ok
13:22:14.0906 4256 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
13:22:14.0937 4256 EventSystem - ok
13:22:14.0953 4256 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:22:15.0015 4256 Fastfat - ok
13:22:15.0031 4256 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:22:15.0062 4256 FastUserSwitchingCompatibility - ok
13:22:15.0062 4256 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:22:15.0140 4256 Fdc - ok
13:22:15.0140 4256 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:22:15.0218 4256 Fips - ok
13:22:15.0234 4256 [ 869bde240b7fe9c7b25bd80df85641c8 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
13:22:15.0250 4256 FlipShare Service - ok
13:22:15.0281 4256 [ 9c330b7ddee9492373041e75da01f80c ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
13:22:15.0296 4256 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
13:22:15.0296 4256 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
13:22:15.0312 4256 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:22:15.0390 4256 Flpydisk - ok
13:22:15.0390 4256 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:22:15.0453 4256 FltMgr - ok
13:22:15.0468 4256 [ 17119d86fb4a43a99bf5242dd3038394 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
13:22:15.0468 4256 fltsrv - ok
13:22:15.0500 4256 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:22:15.0500 4256 FontCache3.0.0.0 - ok
13:22:15.0515 4256 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:22:15.0578 4256 Fs_Rec - ok
13:22:15.0593 4256 [ 782f67cfc6c362257916bbb50bc55de9 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
13:22:15.0609 4256 FTDIBUS - ok
13:22:15.0609 4256 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:22:15.0687 4256 Ftdisk - ok
13:22:15.0687 4256 [ 4a995111f44cd6f35775865903f4f41e ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
13:22:15.0687 4256 FTSER2K - ok
13:22:15.0703 4256 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:22:15.0765 4256 Gpc - ok
13:22:15.0781 4256 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:22:15.0796 4256 gupdate - ok
13:22:15.0796 4256 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:22:15.0796 4256 gupdatem - ok
13:22:15.0812 4256 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:22:15.0875 4256 HDAudBus - ok
13:22:15.0906 4256 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:22:15.0968 4256 helpsvc - ok
13:22:15.0984 4256 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:22:16.0046 4256 HidServ - ok
13:22:16.0062 4256 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:22:16.0109 4256 hidusb - ok
13:22:16.0125 4256 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:22:16.0187 4256 hkmsvc - ok
13:22:16.0203 4256 hpn - ok
13:22:16.0218 4256 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:22:16.0250 4256 HTTP - ok
13:22:16.0265 4256 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:22:16.0328 4256 HTTPFilter - ok
13:22:16.0328 4256 i2omgmt - ok
13:22:16.0328 4256 i2omp - ok
13:22:16.0375 4256 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:22:16.0390 4256 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:22:16.0390 4256 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:22:16.0421 4256 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:22:16.0468 4256 idsvc - ok
13:22:16.0500 4256 [ 51516252dbbfed36f70b341dba263167 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
13:22:16.0500 4256 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
13:22:16.0500 4256 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
13:22:16.0515 4256 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:22:16.0578 4256 Imapi - ok
13:22:16.0593 4256 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:22:16.0656 4256 ImapiService - ok
13:22:16.0671 4256 ini910u - ok
13:22:16.0750 4256 [ f9bb9063a6557098dbaf7396e026c922 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:22:16.0859 4256 IntcAzAudAddService - ok
13:22:16.0875 4256 IntelIde - ok
13:22:16.0890 4256 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:22:16.0937 4256 Ip6Fw - ok
13:22:16.0968 4256 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:22:17.0031 4256 IpFilterDriver - ok
13:22:17.0031 4256 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:22:17.0093 4256 IpInIp - ok
13:22:17.0109 4256 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:22:17.0171 4256 IpNat - ok
13:22:17.0171 4256 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:22:17.0234 4256 IPSec - ok
13:22:17.0250 4256 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:22:17.0312 4256 IRENUM - ok
13:22:17.0312 4256 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:22:17.0375 4256 isapnp - ok
13:22:17.0421 4256 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:22:17.0437 4256 JavaQuickStarterService - ok
13:22:17.0437 4256 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:22:17.0500 4256 Kbdclass - ok
13:22:17.0500 4256 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:22:17.0562 4256 kbdhid - ok
13:22:17.0578 4256 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:22:17.0625 4256 kmixer - ok
13:22:17.0640 4256 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:22:17.0671 4256 KSecDD - ok
13:22:17.0671 4256 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:22:17.0703 4256 lanmanserver - ok
13:22:17.0718 4256 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:22:17.0734 4256 lanmanworkstation - ok
13:22:17.0734 4256 lbrtfdc - ok
13:22:17.0765 4256 [ fcbdcc6f1801e32244235608e1277752 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:22:17.0781 4256 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:22:17.0781 4256 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:22:17.0796 4256 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:22:17.0859 4256 LmHosts - ok
13:22:17.0875 4256 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:22:17.0875 4256 MBAMProtector - ok
13:22:17.0921 4256 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:22:17.0937 4256 MBAMService - ok
13:22:17.0953 4256 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:22:18.0015 4256 Messenger - ok
13:22:18.0031 4256 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:22:18.0093 4256 mnmdd - ok
13:22:18.0109 4256 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:22:18.0156 4256 mnmsrvc - ok
13:22:18.0171 4256 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:22:18.0250 4256 Modem - ok
13:22:18.0265 4256 [ 9fa7207d1b1adead88ae8eed9cdbbaa5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
13:22:18.0328 4256 Monfilt - ok
13:22:18.0328 4256 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:22:18.0390 4256 Mouclass - ok
13:22:18.0406 4256 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:22:18.0468 4256 mouhid - ok
13:22:18.0484 4256 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:22:18.0531 4256 MountMgr - ok
13:22:18.0562 4256 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:22:18.0562 4256 MozillaMaintenance - ok
13:22:18.0578 4256 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:22:18.0593 4256 MpFilter - ok
13:22:18.0593 4256 mraid35x - ok
13:22:18.0609 4256 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:22:18.0671 4256 MRxDAV - ok
13:22:18.0687 4256 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:22:18.0718 4256 MRxSmb - ok
13:22:18.0734 4256 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:22:18.0796 4256 MSDTC - ok
13:22:18.0812 4256 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:22:18.0859 4256 Msfs - ok
13:22:18.0859 4256 MSIServer - ok
13:22:18.0875 4256 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:22:18.0937 4256 MSKSSRV - ok
13:22:18.0968 4256 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:22:18.0968 4256 MsMpSvc - ok
13:22:18.0984 4256 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:22:19.0046 4256 MSPCLOCK - ok
13:22:19.0046 4256 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:22:19.0109 4256 MSPQM - ok
13:22:19.0125 4256 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:22:19.0171 4256 mssmbios - ok
13:22:19.0203 4256 MSSQL$ECC - ok
13:22:19.0218 4256 MSSQL$SHIPWORKS - ok
13:22:19.0234 4256 MSSQL$UPSWSDBSERVER - ok
13:22:19.0265 4256 [ 1d89eb4e2a99cabd4e81225f4f4c4b25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:22:19.0265 4256 MSSQLServerADHelper - ok
13:22:19.0312 4256 [ 8e8e74c953eb0c4f8828d99d6f27fd6f ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:22:19.0312 4256 MSSQLServerADHelper100 - ok
13:22:19.0390 4256 [ 73fa09b84b23a1897809a84f976d5d99 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
13:22:19.0468 4256 msvsmon80 - ok
13:22:19.0484 4256 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:22:19.0515 4256 Mup - ok
13:22:19.0531 4256 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:22:19.0609 4256 napagent - ok
13:22:19.0625 4256 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:22:19.0687 4256 NDIS - ok
13:22:19.0703 4256 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:22:19.0703 4256 NdisTapi - ok
13:22:19.0718 4256 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:22:19.0781 4256 Ndisuio - ok
13:22:19.0796 4256 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:22:19.0859 4256 NdisWan - ok
13:22:19.0859 4256 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:22:19.0890 4256 NDProxy - ok
13:22:19.0937 4256 [ b90e093e7a7250906f1054418b5339c0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:22:19.0953 4256 Nero BackItUp Scheduler 4.0 - ok
13:22:19.0968 4256 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:22:20.0031 4256 NetBIOS - ok
13:22:20.0046 4256 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:22:20.0109 4256 NetBT - ok
13:22:20.0125 4256 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
13:22:20.0187 4256 NetDDE - ok
13:22:20.0187 4256 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:22:20.0250 4256 NetDDEdsdm - ok
13:22:20.0265 4256 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:22:20.0328 4256 Netlogon - ok
13:22:20.0343 4256 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
13:22:20.0390 4256 Netman - ok
13:22:20.0406 4256 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:22:20.0421 4256 NetTcpPortSharing - ok
13:22:20.0437 4256 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:22:20.0468 4256 Nla - ok
13:22:20.0468 4256 NPF - ok
13:22:20.0484 4256 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:22:20.0546 4256 Npfs - ok
13:22:20.0546 4256 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:22:20.0609 4256 Ntfs - ok
13:22:20.0625 4256 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:22:20.0671 4256 NtLmSsp - ok
13:22:20.0687 4256 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:22:20.0750 4256 NtmsSvc - ok
13:22:20.0765 4256 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
13:22:20.0828 4256 Null - ok
13:22:20.0828 4256 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:22:20.0890 4256 NwlnkFlt - ok
13:22:20.0906 4256 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:22:20.0968 4256 NwlnkFwd - ok
13:22:21.0015 4256 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:22:21.0031 4256 odserv - ok
13:22:21.0062 4256 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:21.0062 4256 ose - ok
13:22:21.0078 4256 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:22:21.0140 4256 Parport - ok
13:22:21.0140 4256 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:22:21.0203 4256 PartMgr - ok
13:22:21.0218 4256 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:22:21.0281 4256 ParVdm - ok
13:22:21.0296 4256 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:22:21.0359 4256 PCI - ok
13:22:21.0359 4256 PCIDump - ok
13:22:21.0375 4256 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:22:21.0437 4256 PCIIde - ok
13:22:21.0453 4256 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:22:21.0515 4256 Pcmcia - ok
13:22:21.0515 4256 PDCOMP - ok
13:22:21.0531 4256 PDFRAME - ok
13:22:21.0531 4256 PDRELI - ok
13:22:21.0546 4256 PDRFRAME - ok
13:22:21.0546 4256 perc2 - ok
13:22:21.0562 4256 perc2hib - ok
13:22:21.0593 4256 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:22:21.0609 4256 PlugPlay - ok
13:22:21.0609 4256 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:22:21.0671 4256 PolicyAgent - ok
13:22:21.0671 4256 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:22:21.0718 4256 PptpMiniport - ok
13:22:21.0734 4256 [ a32bebaf723557681bfc6bd93e98bd26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:22:21.0781 4256 Processor - ok
13:22:21.0781 4256 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:22:21.0843 4256 ProtectedStorage - ok
13:22:21.0859 4256 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:22:21.0906 4256 PSched - ok
13:22:21.0921 4256 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:22:22.0000 4256 Ptilink - ok
13:22:22.0031 4256 [ 27e26a7dbc17860630ce5065019c348f ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
13:22:22.0031 4256 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
13:22:22.0031 4256 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
13:22:22.0046 4256 [ 6bee1814470dc12fa20c53dfc3c97ebb ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
13:22:22.0046 4256 QBFCService ( UnsignedFile.Multi.Generic ) - warning
13:22:22.0046 4256 QBFCService - detected UnsignedFile.Multi.Generic (1)
13:22:22.0078 4256 [ 78afb70dbe365bd6140e6740792ac3ea ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
13:22:22.0109 4256 QBVSS ( UnsignedFile.Multi.Generic ) - warning
13:22:22.0109 4256 QBVSS - detected UnsignedFile.Multi.Generic (1)
13:22:22.0109 4256 ql1080 - ok
13:22:22.0109 4256 Ql10wnt - ok
13:22:22.0125 4256 ql12160 - ok
13:22:22.0125 4256 ql1240 - ok
13:22:22.0140 4256 ql1280 - ok
13:22:22.0140 4256 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:22:22.0218 4256 RasAcd - ok
13:22:22.0234 4256 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:22:22.0296 4256 RasAuto - ok
13:22:22.0296 4256 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:22:22.0359 4256 Rasl2tp - ok
13:22:22.0375 4256 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:22:22.0437 4256 RasMan - ok
13:22:22.0437 4256 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:22:22.0500 4256 RasPppoe - ok
13:22:22.0500 4256 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:22:22.0578 4256 Raspti - ok
13:22:22.0593 4256 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:22:22.0640 4256 Rdbss - ok
13:22:22.0656 4256 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:22:22.0734 4256 RDPCDD - ok
13:22:22.0734 4256 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:22:22.0796 4256 rdpdr - ok
13:22:22.0828 4256 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:22:22.0859 4256 RDPWD - ok
13:22:22.0875 4256 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:22:22.0937 4256 RDSessMgr - ok
13:22:22.0937 4256 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:22:23.0000 4256 redbook - ok
13:22:23.0015 4256 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:22:23.0062 4256 RemoteAccess - ok
13:22:23.0093 4256 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:22:23.0156 4256 RemoteRegistry - ok
13:22:23.0156 4256 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
13:22:23.0218 4256 RpcLocator - ok
13:22:23.0218 4256 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:22:23.0250 4256 RpcSs - ok
13:22:23.0265 4256 [ a95840a95a9ff74b0009e5d848cddb39 ] RsFx0150 C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
13:22:23.0281 4256 RsFx0150 - ok
13:22:23.0296 4256 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:22:23.0359 4256 RSVP - ok
13:22:23.0375 4256 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:22:23.0421 4256 SamSs - ok
13:22:23.0421 4256 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:22:23.0484 4256 SCardSvr - ok
13:22:23.0515 4256 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:22:23.0562 4256 Schedule - ok
13:22:23.0578 4256 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:22:23.0640 4256 Secdrv - ok
13:22:23.0656 4256 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:22:23.0718 4256 seclogon - ok
13:22:23.0734 4256 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
13:22:23.0796 4256 SENS - ok
13:22:23.0812 4256 [ aebba7428a6c40cce3c5abde45190b24 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
13:22:23.0812 4256 Sentinel ( UnsignedFile.Multi.Generic ) - warning
13:22:23.0812 4256 Sentinel - detected UnsignedFile.Multi.Generic (1)
13:22:23.0828 4256 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:22:23.0890 4256 serenum - ok
13:22:23.0906 4256 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:22:23.0968 4256 Serial - ok
13:22:24.0000 4256 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:22:24.0062 4256 Sfloppy - ok
13:22:24.0078 4256 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:22:24.0156 4256 SharedAccess - ok
13:22:24.0156 4256 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:22:24.0171 4256 ShellHWDetection - ok
13:22:24.0171 4256 Simbad - ok
13:22:24.0250 4256 [ 0f97e7a47a52f4a36969f0fc319654c2 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:22:24.0328 4256 Skype C2C Service - ok
13:22:24.0343 4256 [ ea396139541706b4b433641d62ea53ce ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:22:24.0343 4256 SkypeUpdate - ok
13:22:24.0375 4256 [ 1bc68a9a70f92d5effbf0700ae2d7432 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
13:22:24.0375 4256 snapman - ok
13:22:24.0390 4256 [ a1ff7d99b199cea1f3df371ba70d2780 ] Sntnlusb C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
13:22:24.0406 4256 Sntnlusb - ok
13:22:24.0406 4256 Sparrow - ok
13:22:24.0421 4256 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:22:24.0468 4256 splitter - ok
13:22:24.0500 4256 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:22:24.0515 4256 Spooler - ok
13:22:24.0531 4256 [ 37761f6be2ebaed72cc0d43bd4c8c2a6 ] SQLAgent$SHIPWORKS C:\Program Files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE
13:22:24.0546 4256 SQLAgent$SHIPWORKS - ok
13:22:24.0562 4256 SQLAgent$UPSWSDBSERVER - ok
13:22:24.0578 4256 [ 7d67c07c63796775cc5492bcfeaff125 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:22:24.0578 4256 SQLBrowser - ok
13:22:24.0593 4256 [ 8e6e5cfa06769a417b03fd6faa29e010 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:22:24.0593 4256 SQLWriter - ok
13:22:24.0609 4256 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:22:24.0671 4256 sr - ok
13:22:24.0687 4256 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:22:24.0750 4256 srservice - ok
13:22:24.0765 4256 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:22:24.0781 4256 Srv - ok
13:22:24.0796 4256 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:22:24.0859 4256 SSDPSRV - ok
13:22:24.0859 4256 [ a9573045baa16eab9b1085205b82f1ed ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
13:22:24.0921 4256 StillCam - ok
13:22:24.0953 4256 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:22:25.0015 4256 stisvc - ok
13:22:25.0031 4256 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:22:25.0078 4256 swenum - ok
13:22:25.0093 4256 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:22:25.0156 4256 swmidi - ok
13:22:25.0156 4256 SwPrv - ok
13:22:25.0156 4256 symc810 - ok
13:22:25.0171 4256 symc8xx - ok
13:22:25.0171 4256 sym_hi - ok
13:22:25.0187 4256 sym_u3 - ok
13:22:25.0312 4256 [ caaeb44422474ed5c13d988ae7ca4a1c ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
13:22:25.0453 4256 syncagentsrv - ok
13:22:25.0453 4256 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:22:25.0515 4256 sysaudio - ok
13:22:25.0515 4256 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:22:25.0578 4256 SysmonLog - ok
13:22:25.0593 4256 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:22:25.0640 4256 TapiSrv - ok
13:22:25.0671 4256 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:22:25.0703 4256 Tcpip - ok
13:22:25.0718 4256 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:22:25.0781 4256 TDPIPE - ok
13:22:25.0796 4256 [ e04ab70501b2ad59da3612c175afd5d7 ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
13:22:25.0843 4256 tdrpman - ok
13:22:25.0843 4256 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:22:25.0906 4256 TDTCP - ok
13:22:25.0921 4256 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:22:25.0984 4256 TermDD - ok
13:22:26.0000 4256 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
13:22:26.0062 4256 TermService - ok
13:22:26.0078 4256 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
13:22:26.0078 4256 Themes - ok
13:22:26.0093 4256 [ 4e4ba74565e8300596025fdf8b271cd1 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
13:22:26.0125 4256 timounter - ok
13:22:26.0140 4256 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:22:26.0203 4256 TlntSvr - ok
13:22:26.0203 4256 TosIde - ok
13:22:26.0218 4256 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:22:26.0281 4256 TrkWks - ok
13:22:26.0296 4256 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:22:26.0359 4256 Udfs - ok
13:22:26.0359 4256 ultra - ok
13:22:26.0390 4256 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:22:26.0453 4256 Update - ok
13:22:26.0468 4256 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:22:26.0515 4256 upnphost - ok
13:22:26.0531 4256 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
13:22:26.0593 4256 UPS - ok
13:22:26.0609 4256 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:22:26.0671 4256 usbccgp - ok
13:22:26.0671 4256 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:22:26.0734 4256 usbehci - ok
13:22:26.0734 4256 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:22:26.0796 4256 usbhub - ok
13:22:26.0812 4256 [ 0daecce65366ea32b162f85f07c6753b ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:22:26.0875 4256 usbohci - ok
13:22:26.0890 4256 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:22:26.0953 4256 usbprint - ok
13:22:26.0968 4256 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:22:27.0031 4256 usbscan - ok
13:22:27.0046 4256 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:22:27.0093 4256 USBSTOR - ok
13:22:27.0093 4256 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:22:27.0156 4256 VgaSave - ok
13:22:27.0156 4256 ViaIde - ok
13:22:27.0171 4256 [ 9d71c424898e029e316fa93ad494950e ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
13:22:27.0187 4256 vididr - ok
13:22:27.0203 4256 [ 47ab6ac7635e40f3c55c5a32cc4b86a8 ] vidsflt67 C:\WINDOWS\system32\DRIVERS\vsflt67.sys
13:22:27.0203 4256 vidsflt67 - ok
13:22:27.0218 4256 [ 3b8f222b23917c041e4da29ccc57e7d0 ] vncmirror C:\WINDOWS\system32\DRIVERS\vncmirror.sys
13:22:27.0234 4256 vncmirror - ok
13:22:27.0250 4256 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:22:27.0312 4256 VolSnap - ok
13:22:27.0328 4256 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
13:22:27.0390 4256 VSS - ok
13:22:27.0406 4256 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
13:22:27.0468 4256 W32Time - ok
13:22:27.0468 4256 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:22:27.0531 4256 Wanarp - ok
13:22:27.0531 4256 WDICA - ok
13:22:27.0546 4256 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:22:27.0609 4256 wdmaud - ok
13:22:27.0640 4256 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:22:27.0687 4256 WebClient - ok
13:22:27.0734 4256 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:22:27.0781 4256 winmgmt - ok
13:22:27.0828 4256 [ 18f347402da544a780949b8fdf83351b ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:22:27.0875 4256 WinRM - ok
13:22:27.0921 4256 [ 3f1546b526a8a38f96b19b4e2826d79d ] WinVNC4 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
13:22:27.0953 4256 WinVNC4 - ok
13:22:27.0984 4256 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:22:28.0000 4256 WmdmPmSN - ok
13:22:28.0015 4256 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:22:28.0046 4256 Wmi - ok
13:22:28.0062 4256 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:22:28.0125 4256 WmiApSrv - ok
13:22:28.0156 4256 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:22:28.0203 4256 WMPNetworkSvc - ok
13:22:28.0234 4256 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:22:28.0250 4256 WPFFontCache_v0400 - ok
13:22:28.0281 4256 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:22:28.0343 4256 WS2IFSL - ok
13:22:28.0359 4256 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:22:28.0421 4256 wscsvc - ok
13:22:28.0421 4256 WSearch - ok
13:22:28.0453 4256 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:22:28.0515 4256 wuauserv - ok
13:22:28.0531 4256 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:22:28.0546 4256 WudfPf - ok
13:22:28.0546 4256 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:22:28.0562 4256 WudfRd - ok
13:22:28.0578 4256 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:22:28.0578 4256 WudfSvc - ok
13:22:28.0609 4256 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:22:28.0671 4256 WZCSVC - ok
13:22:28.0687 4256 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:22:28.0750 4256 xmlprov - ok
13:22:28.0765 4256 [ f44f7f71b3c84f8ee96c3bfd3915c25f ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:22:28.0796 4256 yukonwxp - ok
13:22:28.0796 4256 ================ Scan global ===============================
13:22:28.0828 4256 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
13:22:28.0843 4256 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
13:22:28.0843 4256 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
13:22:28.0859 4256 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:22:28.0859 4256 [Global] - ok
13:22:28.0859 4256 ================ Scan MBR ==================================
13:22:28.0859 4256 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:22:29.0000 4256 \Device\Harddisk0\DR0 - ok
13:22:29.0000 4256 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:22:29.0453 4256 \Device\Harddisk1\DR2 - ok
13:22:29.0453 4256 ================ Scan VBR ==================================
13:22:29.0453 4256 Boot (0x1200) (fb630b9762b4f667fba6447786010971) \Device\Harddisk0\DR0\Partition1
13:22:29.0453 4256 \Device\Harddisk0\DR0\Partition1 - ok
13:22:29.0468 4256 Boot (0x1200) (1990d76a76a24699f608948e0f146a49) \Device\Harddisk1\DR2\Partition1
13:22:29.0468 4256 \Device\Harddisk1\DR2\Partition1 - ok
13:22:29.0468 4256 ============================================================
13:22:29.0468 4256 Scan finished
13:22:29.0468 4256 ============================================================
13:22:29.0578 4536 Detected object count: 10
13:22:29.0578 4536 Actual detected object count: 10
13:29:24.0187 4536 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0187 4536 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0187 4536 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0187 4536 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0187 4536 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0187 4536 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0187 4536 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0187 4536 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0187 4536 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0187 4536 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0203 4536 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0203 4536 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0203 4536 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0203 4536 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0203 4536 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0203 4536 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0203 4536 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0203 4536 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:24.0218 4536 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:24.0218 4536 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#10
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: PMC [Admin rights]
Mode: Scan -- Date: 08/17/2012 14:33:26

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1500HLFS-01G6U1 +++++
--- User ---
[MBR] 678fb36e4caf6a8fa71efc20a237f614
[BSP] ca219ac05ebb09a1bc0a122ff425176a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
--- User ---
[MBR] a061607f1b9696b147b1345a19e5e04e
[BSP] 492874cf5d5456c56773ee0158b5126f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

Advertisements


#11
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: PMC [Admin rights]
Mode: Remove -- Date: 08/17/2012 14:34:20

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> NOT REMOVED, USE DNSFIX
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1500HLFS-01G6U1 +++++
--- User ---
[MBR] 678fb36e4caf6a8fa71efc20a237f614
[BSP] ca219ac05ebb09a1bc0a122ff425176a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
--- User ---
[MBR] a061607f1b9696b147b1345a19e5e04e
[BSP] 492874cf5d5456c56773ee0158b5126f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#12
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: PMC [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/17/2012 14:36:43

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 31 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 219 / Fail 0
My documents: Success 2 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1039 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk2\DP(1)0-0+5 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the system now ?
  • 0

#14
skrlin182

skrlin182

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
better, i can update and firewall is on
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you happy for me to remove my tools ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP