Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Ransom - West Yorkshire Police Warning


  • Please log in to reply

#1
Steviep

Steviep

    Member

  • Member
  • PipPipPip
  • 311 posts
My friend has had a problem with their laptop becoming infected by the above, I am logged in in Safe Mode aand have run Malawarebytes and it found 4 entries which I deleted however when I restarted the laptop in normal mode the virus returned. I wonder if someone could assist with this here are the OTL logs and Malawarebytes:


OTL logfile created on: 8/29/2012 11:08:11 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\darjas\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 79.22% Memory free
7.60 Gb Paging File | 6.88 Gb Available in Paging File | 90.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.99 Gb Total Space | 376.56 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive D: | 21.47 Gb Total Space | 3.13 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 90.25 Mb Free Space | 91.14% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: darjas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 23:05:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\darjas\Desktop\OTL (1).exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/03/20 16:37:40 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/20 16:37:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/01/22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/18 23:04:08 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2010/01/06 09:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/12/30 20:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/12/29 22:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/16 22:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2012/08/24 15:22:17 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/05/01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/24 17:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/09 00:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/06 08:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/20 16:37:41 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/10 00:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/30 04:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 17:08:28 | 008,034,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/01/22 17:08:28 | 008,034,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/11 23:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/28 02:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/22 10:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\FantastiGames\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{F2A368A9-2DE8-4206-B5F5-B39E310AFD1F}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{F2A368A9-2DE8-4206-B5F5-B39E310AFD1F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\darjas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\darjas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/06/08 10:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2012/06/16 21:39:16 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\darjas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\darjas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\darjas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\darjas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S9BB2.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\darjas\AppData\Local\Microsoft\Windows\4764\TapiMigPlugin.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1731402E-4112-40EA-8168-FA80DAA42FAB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C00623A-E68A-48C5-810A-695DCD7152A7}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 23:05:41 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\darjas\Desktop\OTL (1).exe
[2012/08/29 22:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/29 22:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/29 22:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/29 22:40:14 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\hellomoto
[2012/08/29 19:51:04 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\Malwarebytes
[2012/08/29 19:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/29 19:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/29 19:50:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/29 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/26 13:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/08/26 13:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/08/19 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\darjas\Documents\UK Truck Simulator
[2012/08/19 19:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK Truck Simulator
[2012/08/19 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UK Truck Simulator
[2012/08/15 18:29:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 18:29:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 18:29:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 18:29:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 18:29:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 18:29:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 18:29:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 18:29:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 18:29:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 18:29:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 18:29:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 18:29:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 18:29:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 07:31:49 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 07:31:44 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 07:31:44 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 07:31:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 07:31:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 07:31:17 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 07:31:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 07:31:15 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 07:17:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/02 19:03:08 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\ViquaSoft
[2012/08/02 18:53:03 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012/08/02 18:52:59 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2012/08/02 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FantastiGames
[2012/08/02 18:52:56 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2012/08/02 18:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FantastiGames
[2012/08/02 18:49:54 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\vlc
[2012/08/02 18:49:29 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Local\Ilivid Player
[2012/08/02 18:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2012/08/02 18:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
[2012/08/02 18:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

========== Files - Modified Within 30 Days ==========

[2012/08/29 23:05:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\darjas\Desktop\OTL (1).exe
[2012/08/29 22:49:26 | 000,001,282 | ---- | M] () -- C:\Users\darjas\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/29 22:49:26 | 000,001,258 | ---- | M] () -- C:\Users\darjas\Desktop\Spybot - Search & Destroy.lnk
[2012/08/29 22:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/29 22:46:20 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 22:45:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 22:45:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 19:50:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 19:49:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-76527413-3281448900-1387326364-1000UA.job
[2012/08/26 15:19:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordarjas.job
[2012/08/26 13:03:44 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/25 23:49:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-76527413-3281448900-1387326364-1000Core.job
[2012/08/22 16:50:27 | 000,002,416 | ---- | M] () -- C:\Users\darjas\Desktop\Google Chrome.lnk
[2012/08/20 16:06:02 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\UK Truck Simulator.lnk
[2012/08/15 22:02:33 | 000,285,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 07:17:50 | 343,293,596 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/08/29 22:49:26 | 000,001,282 | ---- | C] () -- C:\Users\darjas\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/29 22:49:26 | 000,001,258 | ---- | C] () -- C:\Users\darjas\Desktop\Spybot - Search & Destroy.lnk
[2012/08/29 19:50:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 13:03:44 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/20 16:06:02 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\UK Truck Simulator.lnk
[2012/08/15 07:17:50 | 343,293,596 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/14 23:24:55 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/29 14:48:49 | 000,001,854 | ---- | C] () -- C:\Users\darjas\AppData\Roaming\GhostObjGAFix.xml
[2010/12/25 17:44:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

< End of report >

OTL Extras logfile created on: 8/29/2012 11:08:11 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\darjas\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 79.22% Memory free
7.60 Gb Paging File | 6.88 Gb Available in Paging File | 90.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.99 Gb Total Space | 376.56 Gb Free Space | 84.81% Space Free | Partition Type: NTFS
Drive D: | 21.47 Gb Total Space | 3.13 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 90.25 Mb Free Space | 91.14% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: darjas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17FD1702-0B02-4678-AFD6-52B1A38B7B89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{327C30F9-7903-4775-8679-3EAC149EDD1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3E76F8-BDE7-467C-AD35-21613EA18644}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0FF2BBED-7482-46F5-BAFE-F75E2A45D879}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{18CFD0C0-1A45-4C46-AB46-DB60C4CE3784}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{1D5F7D7B-6095-4B6A-A6D4-016085229A75}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{241A4F37-29FA-46F7-BA09-025843D30945}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{2D896954-DBC1-4811-8707-425CF0D80D31}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{38825681-6A36-4C1D-BF13-F5D05153BBAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{4104D0CF-0221-4F15-8887-41D72514CEE1}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{4B5AF9B6-901F-44DF-88A9-F0380FCBF9E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qp.exe |
"{4C065E6B-8A1F-4DFB-A9D7-F6203E616065}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{51B12446-8C7F-401D-8510-26F01BDBFC99}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{55CC095A-44C6-4914-9252-EBE0D19D2E0F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{594B18B5-380A-4E2D-A7EA-0C2A4D284713}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{768B5163-CC34-4D3D-8FCE-44B7682B85AA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{7841A1C2-BDDC-4466-AB60-28D7B8AF331C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{7D1BCC52-C8D1-443C-93AE-49E39C5EA24E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9726FFD6-949B-449C-A408-02D5F5D61CA3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
"{9BC18D91-9C4B-4FB0-BF99-FA3D2A9021F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F179D81-DAEA-49DF-91F5-31F620CC8BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{9F82CCF3-21B4-4941-8B05-E6A673067C8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCFA5FAA-6B5B-4241-A195-5B5D7F5DA981}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BDAB037D-7C7A-4B62-8918-E8F39A77749A}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{C4F7CAFE-DC78-42CF-86B1-FBDB489B5CC0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CE3DBA52-4BD5-444D-966F-2A86AFCBE993}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC3B8747-3B02-481A-9C54-3790F94B9D58}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DE73389F-4CA0-405F-9A69-B21C85461F93}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qpservice.exe |
"{E02A1829-9029-4F16-960D-022F2A71E1AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{E133CB7A-0616-4F36-B3F3-EE070360C733}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{ED4167A2-2591-479A-916E-3B7FB5BBDF4C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{FF6752E4-C6BD-478B-B2AD-475477E6D7E9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{F392F537-2796-46C4-8139-A68106D88FD2}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{FA12771F-622F-4A1D-A539-31CA7A45731C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EC72C7A8-377D-2A55-C6DD-7F78D8FDA75A}" = ccc-utility64
"{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}" = Validity Sensors DDK
"{F20DF0CA-5929-4C26-A501-FDB19FDF0A50}" = HP SimplePass Identity Protection
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F72FC7C5-5D2F-41EC-11DE-FD9F5F6D415A}" = ATI Catalyst Install Manager
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{08C94F9D-EB51-D748-E299-E347A2C14A81}" = PX Profile Update
"{0CD13A6E-02F9-F579-098C-85C97FEFFC50}" = Catalyst Control Center Graphics Full Existing
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{16EB4BD9-9F50-173A-ACE7-F79018319EC9}" = CCC Help Chinese Standard
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{188E3023-961F-2760-3A2B-A8226B9FC7BD}" = Catalyst Control Center Graphics Previews Common
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}" = HP User Guides 0176
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = FantastiGames
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{321DC370-3241-F037-05C4-5A675526BDD9}" = CCC Help Czech
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36069430-7A6F-72E6-EF30-CA411132DB56}" = Catalyst Control Center Graphics Light
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{43969854-00A9-264C-B75D-C0C6198DE080}" = CCC Help Turkish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{590A2658-60DD-35A8-1039-73DF201ADDAE}" = CCC Help Japanese
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64697847-F052-3DD7-545A-D738D98EDCB8}" = CCC Help French
"{64F7810B-1007-D5AC-5329-9ED3B58D280A}" = CCC Help Portuguese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{655E1AAC-FD77-AC36-8864-5084D321708F}" = CCC Help Thai
"{6ACF87EE-0C55-43DB-8861-84EC53EF3841}" = Catalyst Control Center Graphics Previews Vista
"{6BE14C99-7BA6-9BAF-556B-0EF9620326DB}" = CCC Help Italian
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B23F3F-FEE2-F533-92BA-900EC9D17FF1}" = CCC Help Spanish
"{7F4BC97F-4203-8544-F472-0A04B7694FE3}" = Catalyst Control Center Localization All
"{80DD44E8-3624-AAF2-9605-CE06299DC44E}" = CCC Help Finnish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{845B064A-E1E3-9427-9724-983C06BF3D54}" = CCC Help Danish
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0D6DC7-5B6D-3FA5-9634-17393849CD07}" = CCC Help Korean
"{8C69826D-0EEE-5786-7D26-30D238758174}" = CCC Help Chinese Traditional
"{8F0D054F-BE75-8AE7-33F0-B66A7A5732DC}" = CCC Help Dutch
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A05F9E5-B7CF-FAA4-27BF-1AB02B810C17}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABB092F-47B1-A5FE-A565-5F0B02E0370F}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{B9F4E4D8-19E3-12F7-ED3C-BD44D201B780}" = CCC Help Norwegian
"{BB553EAD-4EEC-C92E-41E3-64BFF5114635}" = CCC Help Greek
"{BDDDF6F6-7EC9-5921-98BA-83E5D727846E}" = CCC Help English
"{C1A0D5F7-02F3-4D95-872A-0E56CF968DC6}" = Catalyst Control Center - Branding
"{C371EF5D-ADA8-568F-2157-A61D266BE5E3}" = CCC Help Polish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBC09103-563D-87E6-FADA-BEDF944615D7}" = CCC Help Swedish
"{CC7553CB-AB4E-5BCA-DC44-54D823B83E60}" = Catalyst Control Center InstallProxy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D89272DE-CF29-8D5C-B01A-410F06E2E903}" = ccc-core-static
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EA407008-B75B-B657-0B1C-7D3394783D2A}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FBAFC032-87CF-7E5C-827D-E3BF924B1770}" = Catalyst Control Center Graphics Full New
"{FCCAFC12-0033-C4AA-A322-D086EAC3BE80}" = CCC Help Russian
"{FEC7B56F-A010-4866-809E-F5082CF5BB8C}" = HP ENVY Document Card Utilities
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bus Driver" = Bus Driver
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series Manual" = EPSON SX218 Series Manual
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Searchqu Toolbar" = Searchqu Toolbar
"Steam App 24010" = Train Simulator 2012
"Steam App 39800" = Nation Red
"Trucks & Trailers" = Trucks & Trailers 1.00
"UK Truck Simulator" = UK Truck Simulator 1.02
"Veetle TV" = Veetle TV
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082439" = Bus Driver
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082463" = Zuma's Revenge
"WT083484" = Escape Rosecliff Island
"WT083492" = Agatha Christie - Death on the Nile
"WTA-7238312e-b737-45d8-8ea9-5adc6c91aacf" = Airport Mania
"WTA-9d8058ae-3885-4c4f-91db-a96904839e4f" = Big City Adventure - Sydney

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2012 10:04:21 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 10:04:21 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 10:04:21 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 10:04:21 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 10:04:21 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 10:04:24 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 10:04:26 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 10:04:26 AM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 2:25:46 PM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/29/2012 5:10:13 PM | Computer Name = hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 4/3/2011 10:12:17 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041103031215.xml
File not created by asset agent

Error - 7/29/2011 9:48:49 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071129024841.xml
File not created by asset agent

Error - 8/29/2011 1:52:44 PM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081129065242.xml
File not created by asset agent

Error - 9/11/2011 10:27:24 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091111032722.xml
File not created by asset agent

Error - 10/23/2011 9:42:49 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101123024247.xml
File not created by asset agent

Error - 1/15/2012 6:32:01 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011215103157.xml
File not created by asset agent

Error - 8/28/2012 2:35:49 PM | Computer Name = hp | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 8/28/2012 2:35:59 PM | Computer Name = hp | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 40 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 8/29/2012 5:42:36 PM | Computer Name = hp | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 40 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ HP Wireless Assistant Events ]
Error - 8/5/2012 6:20:12 PM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/5/2012 7:11:48 PM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 4:00:10 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 6:28:51 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 10:28:38 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 11:14:38 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 6:38:59 PM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 4:02:54 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 8:52:04 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 9:53:37 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

[ System Events ]
Error - 8/29/2012 5:25:43 PM | Computer Name = hp | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/29/2012 5:25:43 PM | Computer Name = hp | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/29/2012 5:38:34 PM | Computer Name = hp | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/29/2012 5:46:33 PM | Computer Name = hp | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068

Error - 8/29/2012 5:46:36 PM | Computer Name = hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache DVMIO spldr Wanarpv6

Error - 8/29/2012 5:46:43 PM | Computer Name = hp | Source = DCOM | ID = 10005
Description =

Error - 8/29/2012 5:46:51 PM | Computer Name = hp | Source = DCOM | ID = 10005
Description =

Error - 8/29/2012 5:46:51 PM | Computer Name = hp | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll
Error
Code: 21

Error - 8/29/2012 5:46:53 PM | Computer Name = hp | Source = DCOM | ID = 10005
Description =

Error - 8/29/2012 5:46:53 PM | Computer Name = hp | Source = DCOM | ID = 10005
Description =


< End of report >

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.09

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
darjas :: HP [administrator]

Protection: Disabled

29/08/2012 23:19:00
mbam-log-2012-08-29 (23-19-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226296
Time elapsed: 14 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\darjas\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\darjas\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\darjas\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKCU..\Run: [TapiMigPlugin] O4 - O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\darjas\AppData\Local\Microsoft\Windows\4764\TapiMigPlugin.exe ()
O4 - HKCU..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S9BB2.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\FantastiGames\GPlayer.exe (Exent Technologies Ltd.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O33 - MountPoints2\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
[2012/08/02 19:03:08 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\ViquaSoft
[2012/08/02 18:53:03 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012/08/02 18:52:59 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2012/08/02 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FantastiGames
[2012/08/02 18:49:54 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\vlc
[2012/08/02 18:49:29 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Local\Ilivid Player
[2012/08/02 18:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2012/08/02 18:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
[2012/08/02 18:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

:files
C:\Users\darjas\AppData\Local\Microsoft\Windows\4764
C:\Users\darjas\AppData\Roaming\hellomoto
C:\Program Files (x86)\Searchqu Toolbar
C:\Program Files (x86)\FantastiGames
sc delete X5XSEx /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\082232012-some number.log.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Thanks for the reply Ron, I'm at work now and wont be able to try this until around 6.30pm however can I ask that when computer reboots should I press F8 to put it into safe mode because whenever it starts normally I get the Police warning screen ?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
I think I got the bug with the OTL script so you should be able to go into regular mode. IF not then reboot and go into Safe Mode with Networking.
  • 0

#5
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi Ron, no more warning screens so thank you, here are the logs:

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully.
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
File C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)O4 - HKCU..\Run: [TapiMigPlugin] O4 - O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\darjas\AppData\Local\Microsoft\Windows\4764\TapiMigPlugin.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON SX218 Series deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.
C:\Program Files (x86)\FantastiGames\GPlayer.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {6A060448-60F9-11D5-A6CD-0002B31F7455}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9fd6227-1002-11e0-8cdc-806e6f6e6963}\ not found.
File F:\autorun.exe not found.
C:\Users\darjas\AppData\Roaming\ViquaSoft\First Class Flurry folder moved successfully.
C:\Users\darjas\AppData\Roaming\ViquaSoft folder moved successfully.
C:\Users\darjas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\First Class Flurry folder moved successfully.
C:\Users\darjas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\7 Wonders II folder moved successfully.
C:\Users\darjas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games folder moved successfully.
C:\Remote Programs\Unlikely Suspects\PredictLog folder moved successfully.
C:\Remote Programs\Unlikely Suspects\Default\GPlrLanc folder moved successfully.
C:\Remote Programs\Unlikely Suspects\Default\GameInfo folder moved successfully.
C:\Remote Programs\Unlikely Suspects\Default folder moved successfully.
C:\Remote Programs\Unlikely Suspects folder moved successfully.
C:\Remote Programs\Treasures of Montezuma\PredictLog folder moved successfully.
C:\Remote Programs\Treasures of Montezuma\Default\GPlrLanc folder moved successfully.
C:\Remote Programs\Treasures of Montezuma\Default\GameInfo folder moved successfully.
C:\Remote Programs\Treasures of Montezuma\Default folder moved successfully.
C:\Remote Programs\Treasures of Montezuma folder moved successfully.
C:\Remote Programs\Roads of Rome\PredictLog folder moved successfully.
C:\Remote Programs\Roads of Rome\Default\GPlrLanc folder moved successfully.
C:\Remote Programs\Roads of Rome\Default\GameInfo folder moved successfully.
C:\Remote Programs\Roads of Rome\Default folder moved successfully.
C:\Remote Programs\Roads of Rome folder moved successfully.
C:\Remote Programs\First Class Flurry\PredictLog folder moved successfully.
C:\Remote Programs\First Class Flurry\Ini folder moved successfully.
C:\Remote Programs\First Class Flurry\Default\GPlrLanc folder moved successfully.
C:\Remote Programs\First Class Flurry\Default\GameInfo folder moved successfully.
C:\Remote Programs\First Class Flurry\Default folder moved successfully.
C:\Remote Programs\First Class Flurry folder moved successfully.
C:\Remote Programs\7 Wonders 2\PredictLog folder moved successfully.
C:\Remote Programs\7 Wonders 2\Default\GPlrLanc folder moved successfully.
C:\Remote Programs\7 Wonders 2\Default\GameInfo folder moved successfully.
C:\Remote Programs\7 Wonders 2\Default folder moved successfully.
C:\Remote Programs\7 Wonders 2 folder moved successfully.
C:\Remote Programs folder moved successfully.
C:\ProgramData\FantastiGames folder moved successfully.
C:\Users\darjas\AppData\Roaming\vlc folder moved successfully.
C:\Users\darjas\AppData\Local\Ilivid Player folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\skins\fonts folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\skins folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\sdk\lib\pkgconfig folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\sdk\lib folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\sdk\include\vlc\plugins folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\sdk\include\vlc folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\sdk\include folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\sdk folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\plugins folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\osdmenu\default\volume folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\osdmenu\default\selection folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\osdmenu\default\selected folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\osdmenu\default folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\osdmenu folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\NSIS folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\mozilla folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\sd folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\playlist folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\modules folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\meta\reader folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\meta\fetcher folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\meta\art folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\meta folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\intf\modules folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\intf folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\http\requests folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\http\js folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\http\images folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\http\dialogs folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\http folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua\extensions folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\lua folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\zu\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\zu folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\zh_TW\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\zh_TW folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\zh_CN\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\zh_CN folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\wa\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\wa folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\vi\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\vi folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\uk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\uk folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\tr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\tr folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\tl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\tl folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\th\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\th folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\tet\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\tet folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ta\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ta folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sv\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sv folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sr folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sq\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sq folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sl folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\sk folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\si\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\si folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ru\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ru folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ro\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ro folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\qt4 folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pt_PT\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pt_PT folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pt_BR\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pt_BR folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ps\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ps folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pl folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pa\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\pa folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\oc\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\oc folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\nn\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\nn folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\nl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\nl folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ne\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ne folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\nb\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\nb folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\my\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\my folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ms\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ms folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\mn\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\mn folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ml\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ml folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\mk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\mk folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\lv\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\lv folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\lt\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\lt folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\lg\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\lg folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ko\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ko folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\km\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\km folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\kk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\kk folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ka\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ka folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ja\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ja folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\it folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\is\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\is folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\id\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\id folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hy\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hy folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hu\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hu folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hr folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hi\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\hi folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\he\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\he folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\gl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\gl folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ga\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ga folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fur\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fur folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fr folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fi\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fi folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ff\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ff folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fa\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\fa folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\eu\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\eu folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\et\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\et folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\es\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\es folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\en_GB\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\en_GB folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\el\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\el folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\de\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\de folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\da\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\da folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\cs\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\cs folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\co\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\co folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ckb\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ckb folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\cgg\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\cgg folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ca\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ca folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\br\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\br folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\bn\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\bn folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\bg\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\bg folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\be\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\be folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ast\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ast folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ar\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ar folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\am\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\am folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\af\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\af folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ach\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale\ach folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\locale folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\languages folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\http\requests folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\http\js folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\http\images folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\http\dialogs folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\http folder moved successfully.
C:\Program Files (x86)\iLivid\VLC\activex folder moved successfully.
C:\Program Files (x86)\iLivid\VLC folder moved successfully.
C:\Program Files (x86)\iLivid\imageformats folder moved successfully.
C:\Program Files (x86)\iLivid\fantastic folder moved successfully.
C:\Program Files (x86)\iLivid folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Searchqu Toolbar folder moved successfully.
C:\ProgramData\boost_interprocess\59B2B598D270CD01 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
========== FILES ==========
C:\Users\darjas\AppData\Local\Microsoft\Windows\4764 folder moved successfully.
C:\Users\darjas\AppData\Roaming\hellomoto folder moved successfully.
File\Folder C:\Program Files (x86)\Searchqu Toolbar not found.
C:\Program Files (x86)\FantastiGames\Upgrades folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\sound folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\Popups\1 folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\Popups folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\NIBmps folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\mask folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\Langs\0409 folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\Langs folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\icon folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\sound folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\pl folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\js\YUI folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\js\skin_events folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\js folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\img\skinUI folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\img\preRoll folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\img\masks folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\img\dialogBox folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\img\btn folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\img folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider\css folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Provider folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Exent\gplayer folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Exent\classes\gmt folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Exent\classes folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin\Exent folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html\Skin folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\html folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\GameInfoDefault folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005\dat folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins\000005 folder moved successfully.
C:\Program Files (x86)\FantastiGames\Skins folder moved successfully.
C:\Program Files (x86)\FantastiGames\Licenses folder moved successfully.
C:\Program Files (x86)\FantastiGames\Info folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL\8000500\resources\js folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL\8000500\resources\img\DialogWindow folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL\8000500\resources\img folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL\8000500\resources\css folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL\8000500\resources folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL\8000500 folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL\2000120 folder moved successfully.
C:\Program Files (x86)\FantastiGames\IGL folder moved successfully.
C:\Program Files (x86)\FantastiGames folder moved successfully.
< sc delete X5XSEx /c >
[SC] DeleteService SUCCESS
C:\Users\darjas\Desktop\cmd.bat deleted successfully.
C:\Users\darjas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: darjas
->Flash cache emptied: 1293 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: darjas
->Java cache emptied: 60283 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 08302012_182549


ComboFix 12-08-29.04 - darjas 30/08/2012 19:34:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3894.2135 [GMT 1:00]
Running from: c:\users\darjas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\darjas\AppData\Local\Microsoft\Windows\4764\TapiMigPlugin.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 18:51 . 2012-08-30 18:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20497924-4809-4F4D-9771-D70CADDD17E2}\offreg.dll
2012-08-30 18:51 . 2012-08-30 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-30 18:02 . 2012-08-30 18:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-30 18:02 . 2012-08-30 18:01 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-30 18:02 . 2012-08-30 18:01 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 18:01 . 2012-08-30 18:01 -------- d-----w- c:\program files (x86)\Java
2012-08-30 17:25 . 2012-08-30 17:25 -------- d-----w- C:\_OTL
2012-08-29 21:49 . 2012-08-29 21:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-29 21:49 . 2012-08-29 21:50 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-29 21:45 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20497924-4809-4F4D-9771-D70CADDD17E2}\mpengine.dll
2012-08-29 18:51 . 2012-08-29 18:51 -------- d-----w- c:\users\darjas\AppData\Roaming\Malwarebytes
2012-08-29 18:50 . 2012-08-29 18:50 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 18:50 . 2012-08-29 18:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 18:50 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-26 12:02 . 2012-08-26 12:02 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-08-19 18:41 . 2012-08-19 18:41 -------- d-----w- c:\program files (x86)\UK Truck Simulator
2012-08-15 17:30 . 2012-07-06 19:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 06:31 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 06:31 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 06:31 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 06:31 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 06:31 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe
2012-08-15 06:31 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 06:31 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 06:31 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 06:31 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 06:31 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 06:31 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 06:31 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2012-08-02 17:52 . 2012-03-21 16:12 53314 ------w- c:\windows\ExentInfo.exe
2012-08-02 17:52 . 2002-07-25 01:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-08-02 17:52 . 2001-09-06 14:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-08-02 17:52 . 2001-09-05 21:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-08-02 17:52 . 2001-09-05 21:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-08-02 17:52 . 2001-09-05 21:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 05:30 . 2012-07-11 07:18 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 07:18 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 07:18 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 07:18 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 07:18 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-22 16:12 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 16:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 16:12 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 16:12 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 16:12 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 16:12 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 16:12 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 16:12 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 16:12 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-11 07:18 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 07:18 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 07:18 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 07:18 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 07:18 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 07:18 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 07:18 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 07:18 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 07:18 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-13 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-03-20 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-01-22 8034368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76527413-3281448900-1387326364-1000Core.job
- c:\users\darjas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 20:03]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76527413-3281448900-1387326364-1000UA.job
- c:\users\darjas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 20:03]
.
2012-08-26 c:\windows\Tasks\HPCeeScheduleFordarjas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-22 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-22 410136]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-18 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-20 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-TapiMigPlugin - c:\users\darjas\AppData\Local\Microsoft\Windows\4764\TapiMigPlugin.exe
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\FantastiGames\GPlayer.exe
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-iLivid - c:\program files (x86)\iLivid\uninstall.exe
AddRemove-Searchqu Toolbar - c:\program files (x86)\Searchqu Toolbar\uninstall.exe
AddRemove-{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} - c:\program files (x86)\FantastiGames\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-30 20:11:26
ComboFix-quarantined-files.txt 2012-08-30 19:11
.
Pre-Run: 404,072,845,312 bytes free
Post-Run: 407,030,358,016 bytes free
.
- - End Of File - - B52F5926014919CBFC7A021EE0D6472B


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 19:07:52
-----------------------------
19:07:52.045 OS Version: Windows x64 6.1.7600
19:07:52.045 Number of processors: 4 586 0x2502
19:07:52.045 ComputerName: HP UserName:
19:07:53.028 Initialize success
19:08:19.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:08:19.682 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
19:08:19.698 Disk 0 MBR read successfully
19:08:19.698 Disk 0 MBR scan
19:08:19.698 Disk 0 unknown MBR code
19:08:19.713 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:08:19.729 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454648 MB offset 409600
19:08:19.760 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21988 MB offset 931528704
19:08:19.776 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:08:19.822 Disk 0 scanning C:\Windows\system32\drivers
19:08:26.390 Service scanning
19:08:40.570 Modules scanning
19:08:40.586 Scan finished successfully
19:08:55.422 Disk 0 MBR has been saved successfully to "C:\Users\darjas\Desktop\MBR.dat"
19:08:55.453 The log file has been saved successfully to "C:\Users\darjas\Desktop\aswMBR.txt"



20:15:25.0894 4816 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:15:26.0018 4816 ============================================================
20:15:26.0018 4816 Current date / time: 2012/08/30 20:15:26.0018
20:15:26.0018 4816 SystemInfo:
20:15:26.0018 4816
20:15:26.0018 4816 OS Version: 6.1.7600 ServicePack: 0.0
20:15:26.0018 4816 Product type: Workstation
20:15:26.0018 4816 ComputerName: HP
20:15:26.0018 4816 UserName: darjas
20:15:26.0018 4816 Windows directory: C:\Windows
20:15:26.0018 4816 System windows directory: C:\Windows
20:15:26.0018 4816 Running under WOW64
20:15:26.0018 4816 Processor architecture: Intel x64
20:15:26.0018 4816 Number of processors: 4
20:15:26.0018 4816 Page size: 0x1000
20:15:26.0018 4816 Boot type: Normal boot
20:15:26.0018 4816 ============================================================
20:15:26.0393 4816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:26.0393 4816 ============================================================
20:15:26.0393 4816 \Device\Harddisk0\DR0:
20:15:26.0393 4816 MBR partitions:
20:15:26.0408 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:15:26.0408 4816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x377FC000
20:15:26.0408 4816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37860000, BlocksNum 0x2AF2000
20:15:26.0408 4816 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:15:26.0408 4816 ============================================================
20:15:26.0424 4816 C: <-> \Device\Harddisk0\DR0\Partition2
20:15:26.0471 4816 D: <-> \Device\Harddisk0\DR0\Partition3
20:15:26.0486 4816 E: <-> \Device\Harddisk0\DR0\Partition4
20:15:26.0486 4816 ============================================================
20:15:26.0486 4816 Initialize success
20:15:26.0486 4816 ============================================================
20:15:30.0418 5584 ============================================================
20:15:30.0418 5584 Scan started
20:15:30.0418 5584 Mode: Manual;
20:15:30.0418 5584 ============================================================
20:15:31.0478 5584 ================ Scan system memory ========================
20:15:31.0478 5584 System memory - ok
20:15:31.0494 5584 ================ Scan services =============================
20:15:31.0681 5584 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:15:31.0697 5584 1394ohci - ok
20:15:31.0790 5584 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
20:15:31.0790 5584 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
20:15:31.0822 5584 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:15:31.0822 5584 Accelerometer - ok
20:15:31.0868 5584 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:15:31.0868 5584 ACPI - ok
20:15:31.0900 5584 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:15:31.0900 5584 AcpiPmi - ok
20:15:31.0915 5584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:15:31.0931 5584 adp94xx - ok
20:15:31.0962 5584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:15:31.0962 5584 adpahci - ok
20:15:31.0978 5584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:15:31.0993 5584 adpu320 - ok
20:15:32.0009 5584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:15:32.0009 5584 AeLookupSvc - ok
20:15:32.0087 5584 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:15:32.0087 5584 AESTFilters - ok
20:15:32.0149 5584 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:15:32.0149 5584 AFD - ok
20:15:32.0180 5584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:15:32.0180 5584 agp440 - ok
20:15:32.0196 5584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:15:32.0196 5584 ALG - ok
20:15:32.0227 5584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:15:32.0227 5584 aliide - ok
20:15:32.0258 5584 [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:15:32.0274 5584 AMD External Events Utility - ok
20:15:32.0290 5584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:15:32.0290 5584 amdide - ok
20:15:32.0305 5584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:15:32.0305 5584 AmdK8 - ok
20:15:32.0461 5584 [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
20:15:32.0586 5584 amdkmdag - ok
20:15:32.0633 5584 [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:15:32.0633 5584 amdkmdap - ok
20:15:32.0633 5584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:15:32.0648 5584 AmdPPM - ok
20:15:32.0664 5584 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:15:32.0664 5584 amdsata - ok
20:15:32.0695 5584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:15:32.0695 5584 amdsbs - ok
20:15:32.0711 5584 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:15:32.0711 5584 amdxata - ok
20:15:32.0742 5584 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:15:32.0742 5584 AppID - ok
20:15:32.0773 5584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:15:32.0773 5584 AppIDSvc - ok
20:15:32.0789 5584 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:15:32.0789 5584 Appinfo - ok
20:15:32.0882 5584 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:15:32.0882 5584 Apple Mobile Device - ok
20:15:32.0929 5584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:15:32.0929 5584 arc - ok
20:15:32.0945 5584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:15:32.0945 5584 arcsas - ok
20:15:33.0085 5584 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:15:33.0085 5584 aspnet_state - ok
20:15:33.0116 5584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:15:33.0132 5584 AsyncMac - ok
20:15:33.0148 5584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:15:33.0148 5584 atapi - ok
20:15:33.0210 5584 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:15:33.0288 5584 athr - ok
20:15:33.0335 5584 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:15:33.0335 5584 AtiHdmiService - ok
20:15:33.0382 5584 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:15:33.0413 5584 AudioEndpointBuilder - ok
20:15:33.0428 5584 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:15:33.0428 5584 AudioSrv - ok
20:15:33.0460 5584 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:15:33.0460 5584 AxInstSV - ok
20:15:33.0491 5584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:15:33.0506 5584 b06bdrv - ok
20:15:33.0522 5584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:15:33.0538 5584 b57nd60a - ok
20:15:33.0569 5584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:15:33.0584 5584 BDESVC - ok
20:15:33.0600 5584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:15:33.0600 5584 Beep - ok
20:15:33.0647 5584 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:15:33.0662 5584 BFE - ok
20:15:33.0709 5584 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
20:15:33.0725 5584 BITS - ok
20:15:33.0756 5584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:15:33.0756 5584 blbdrive - ok
20:15:33.0834 5584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:15:33.0850 5584 Bonjour Service - ok
20:15:33.0881 5584 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:15:33.0881 5584 bowser - ok
20:15:33.0896 5584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:15:33.0896 5584 BrFiltLo - ok
20:15:33.0912 5584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:15:33.0912 5584 BrFiltUp - ok
20:15:33.0928 5584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:15:33.0928 5584 BridgeMP - ok
20:15:33.0959 5584 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
20:15:33.0959 5584 Browser - ok
20:15:33.0990 5584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:15:33.0990 5584 Brserid - ok
20:15:34.0006 5584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:15:34.0006 5584 BrSerWdm - ok
20:15:34.0037 5584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:15:34.0037 5584 BrUsbMdm - ok
20:15:34.0052 5584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:15:34.0052 5584 BrUsbSer - ok
20:15:34.0099 5584 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:15:34.0099 5584 BthEnum - ok
20:15:34.0115 5584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:15:34.0115 5584 BTHMODEM - ok
20:15:34.0146 5584 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:15:34.0146 5584 BthPan - ok
20:15:34.0224 5584 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:15:34.0240 5584 BTHPORT - ok
20:15:34.0286 5584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:15:34.0286 5584 bthserv - ok
20:15:34.0318 5584 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:15:34.0318 5584 BTHUSB - ok
20:15:34.0349 5584 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:15:34.0349 5584 btwaudio - ok
20:15:34.0364 5584 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
20:15:34.0380 5584 btwavdt - ok
20:15:34.0427 5584 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:15:34.0458 5584 btwdins - ok
20:15:34.0458 5584 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:15:34.0474 5584 btwl2cap - ok
20:15:34.0474 5584 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:15:34.0489 5584 btwrchid - ok
20:15:34.0489 5584 catchme - ok
20:15:34.0520 5584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:15:34.0520 5584 cdfs - ok
20:15:34.0536 5584 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:15:34.0552 5584 cdrom - ok
20:15:34.0567 5584 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:15:34.0567 5584 CertPropSvc - ok
20:15:34.0583 5584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:15:34.0583 5584 circlass - ok
20:15:34.0614 5584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:15:34.0614 5584 CLFS - ok
20:15:34.0661 5584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:15:34.0661 5584 clr_optimization_v2.0.50727_32 - ok
20:15:34.0692 5584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:15:34.0708 5584 clr_optimization_v2.0.50727_64 - ok
20:15:34.0801 5584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:15:34.0817 5584 clr_optimization_v4.0.30319_32 - ok
20:15:34.0832 5584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:15:34.0832 5584 clr_optimization_v4.0.30319_64 - ok
20:15:34.0848 5584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:15:34.0848 5584 CmBatt - ok
20:15:34.0864 5584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:15:34.0864 5584 cmdide - ok
20:15:34.0926 5584 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
20:15:34.0942 5584 CNG - ok
20:15:34.0973 5584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:15:34.0973 5584 Compbatt - ok
20:15:34.0988 5584 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:15:34.0988 5584 CompositeBus - ok
20:15:35.0004 5584 COMSysApp - ok
20:15:35.0020 5584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:15:35.0020 5584 crcdisk - ok
20:15:35.0051 5584 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:15:35.0066 5584 CryptSvc - ok
20:15:35.0191 5584 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:15:35.0191 5584 cvhsvc - ok
20:15:35.0238 5584 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:15:35.0238 5584 DcomLaunch - ok
20:15:35.0269 5584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:15:35.0269 5584 defragsvc - ok
20:15:35.0300 5584 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:15:35.0300 5584 DfsC - ok
20:15:35.0332 5584 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:15:35.0347 5584 Dhcp - ok
20:15:35.0363 5584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:15:35.0363 5584 discache - ok
20:15:35.0410 5584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:15:35.0410 5584 Disk - ok
20:15:35.0441 5584 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:15:35.0441 5584 Dnscache - ok
20:15:35.0456 5584 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:15:35.0456 5584 dot3svc - ok
20:15:35.0519 5584 [ 8CBE9EB5088E36DB88013D9D5858B87F ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
20:15:35.0534 5584 DpHost - ok
20:15:35.0550 5584 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:15:35.0550 5584 DPS - ok
20:15:35.0566 5584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:15:35.0566 5584 drmkaud - ok
20:15:35.0597 5584 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
20:15:35.0597 5584 DVMIO - ok
20:15:35.0659 5584 [ 291A3DEE24999EE4618ED0C7A9A8DB7A ] DvmMDES C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
20:15:35.0675 5584 DvmMDES - ok
20:15:35.0722 5584 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:15:35.0737 5584 DXGKrnl - ok
20:15:35.0768 5584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:15:35.0768 5584 EapHost - ok
20:15:35.0862 5584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:15:35.0940 5584 ebdrv - ok
20:15:35.0987 5584 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:15:36.0002 5584 EFS - ok
20:15:36.0065 5584 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:15:36.0096 5584 ehRecvr - ok
20:15:36.0112 5584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:15:36.0127 5584 ehSched - ok
20:15:36.0158 5584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:15:36.0174 5584 elxstor - ok
20:15:36.0174 5584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:15:36.0174 5584 ErrDev - ok
20:15:36.0221 5584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:15:36.0221 5584 EventSystem - ok
20:15:36.0268 5584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:15:36.0268 5584 exfat - ok
20:15:36.0283 5584 ezSharedSvc - ok
20:15:36.0299 5584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:15:36.0314 5584 fastfat - ok
20:15:36.0346 5584 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:15:36.0361 5584 Fax - ok
20:15:36.0377 5584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:15:36.0377 5584 fdc - ok
20:15:36.0392 5584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:15:36.0392 5584 fdPHost - ok
20:15:36.0408 5584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:15:36.0408 5584 FDResPub - ok
20:15:36.0424 5584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:15:36.0424 5584 FileInfo - ok
20:15:36.0439 5584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:15:36.0439 5584 Filetrace - ok
20:15:36.0455 5584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:15:36.0455 5584 flpydisk - ok
20:15:36.0486 5584 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:15:36.0486 5584 FltMgr - ok
20:15:36.0533 5584 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
20:15:36.0548 5584 FontCache - ok
20:15:36.0595 5584 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:15:36.0595 5584 FontCache3.0.0.0 - ok
20:15:36.0611 5584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:15:36.0611 5584 FsDepends - ok
20:15:36.0642 5584 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:15:36.0658 5584 Fs_Rec - ok
20:15:36.0689 5584 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:15:36.0689 5584 fvevol - ok
20:15:36.0720 5584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:15:36.0720 5584 gagp30kx - ok
20:15:36.0782 5584 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:15:36.0782 5584 GameConsoleService - ok
20:15:36.0814 5584 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:15:36.0814 5584 GEARAspiWDM - ok
20:15:36.0860 5584 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:15:36.0892 5584 gpsvc - ok
20:15:36.0892 5584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:15:36.0907 5584 hcw85cir - ok
20:15:36.0938 5584 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:15:36.0938 5584 HdAudAddService - ok
20:15:36.0954 5584 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:15:36.0970 5584 HDAudBus - ok
20:15:36.0985 5584 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:15:36.0985 5584 HECIx64 - ok
20:15:37.0001 5584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:15:37.0001 5584 HidBatt - ok
20:15:37.0032 5584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:15:37.0032 5584 HidBth - ok
20:15:37.0048 5584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:15:37.0063 5584 HidIr - ok
20:15:37.0079 5584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:15:37.0079 5584 hidserv - ok
20:15:37.0094 5584 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:15:37.0094 5584 HidUsb - ok
20:15:37.0126 5584 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:15:37.0126 5584 hkmsvc - ok
20:15:37.0141 5584 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:15:37.0157 5584 HomeGroupListener - ok
20:15:37.0172 5584 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:15:37.0188 5584 HomeGroupProvider - ok
20:15:37.0266 5584 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:15:37.0266 5584 HP Support Assistant Service - ok
20:15:37.0313 5584 [ A2DE0A67C77EBC6DFAD3D55232790ADD ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:15:37.0313 5584 HP Wireless Assistant Service - ok
20:15:37.0328 5584 [ CECF7CB10E778F921CF41858C653EA15 ] hpdoccardsvc C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
20:15:37.0328 5584 hpdoccardsvc - ok
20:15:37.0391 5584 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:15:37.0391 5584 HPDrvMntSvc.exe - ok
20:15:37.0406 5584 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:15:37.0406 5584 hpdskflt - ok
20:15:37.0453 5584 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:15:37.0453 5584 hpqwmiex - ok
20:15:37.0484 5584 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:15:37.0500 5584 HpSAMD - ok
20:15:37.0516 5584 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
20:15:37.0516 5584 hpsrv - ok
20:15:37.0562 5584 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:15:37.0562 5584 HPWMISVC - ok
20:15:37.0594 5584 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:15:37.0625 5584 HTTP - ok
20:15:37.0625 5584 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:15:37.0625 5584 hwpolicy - ok
20:15:37.0656 5584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:15:37.0656 5584 i8042prt - ok
20:15:37.0687 5584 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:15:37.0687 5584 iaStor - ok
20:15:37.0718 5584 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:15:37.0718 5584 iaStorV - ok
20:15:37.0765 5584 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:15:37.0796 5584 idsvc - ok
20:15:37.0952 5584 [ 6CBFC48E5C663EA8493AE3E75A6BF511 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:15:38.0124 5584 igfx - ok
20:15:38.0124 5584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:15:38.0140 5584 iirsp - ok
20:15:38.0171 5584 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:15:38.0186 5584 IKEEXT - ok
20:15:38.0218 5584 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
20:15:38.0218 5584 Impcd - ok
20:15:38.0233 5584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:15:38.0233 5584 intelide - ok
20:15:38.0389 5584 [ 6CBFC48E5C663EA8493AE3E75A6BF511 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
20:15:38.0561 5584 intelkmd - ok
20:15:38.0592 5584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:15:38.0592 5584 intelppm - ok
20:15:38.0608 5584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:15:38.0608 5584 IPBusEnum - ok
20:15:38.0623 5584 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:15:38.0639 5584 IpFilterDriver - ok
20:15:38.0654 5584 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:15:38.0654 5584 iphlpsvc - ok
20:15:38.0670 5584 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:15:38.0686 5584 IPMIDRV - ok
20:15:38.0686 5584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:15:38.0686 5584 IPNAT - ok
20:15:38.0764 5584 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:15:38.0764 5584 iPod Service - ok
20:15:38.0795 5584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:15:38.0795 5584 IRENUM - ok
20:15:38.0826 5584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:15:38.0826 5584 isapnp - ok
20:15:38.0857 5584 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:15:38.0857 5584 iScsiPrt - ok
20:15:38.0873 5584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:15:38.0873 5584 kbdclass - ok
20:15:38.0888 5584 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:15:38.0888 5584 kbdhid - ok
20:15:38.0920 5584 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:15:38.0920 5584 KeyIso - ok
20:15:38.0951 5584 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:15:38.0966 5584 KSecDD - ok
20:15:38.0982 5584 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:15:38.0982 5584 KSecPkg - ok
20:15:38.0998 5584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:15:38.0998 5584 ksthunk - ok
20:15:39.0013 5584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:15:39.0029 5584 KtmRm - ok
20:15:39.0076 5584 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:15:39.0076 5584 LanmanServer - ok
20:15:39.0107 5584 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:15:39.0107 5584 LanmanWorkstation - ok
20:15:39.0154 5584 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:15:39.0154 5584 LightScribeService - ok
20:15:39.0169 5584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:15:39.0169 5584 lltdio - ok
20:15:39.0185 5584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:15:39.0185 5584 lltdsvc - ok
20:15:39.0216 5584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:15:39.0216 5584 lmhosts - ok
20:15:39.0278 5584 [ 6D515466AB8BFE61184092B635AE6EB4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:15:39.0294 5584 LMS - ok
20:15:39.0310 5584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:15:39.0325 5584 LSI_FC - ok
20:15:39.0341 5584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:15:39.0341 5584 LSI_SAS - ok
20:15:39.0356 5584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:15:39.0356 5584 LSI_SAS2 - ok
20:15:39.0388 5584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:15:39.0388 5584 LSI_SCSI - ok
20:15:39.0403 5584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:15:39.0403 5584 luafv - ok
20:15:39.0450 5584 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:15:39.0450 5584 MBAMProtector - ok
20:15:39.0528 5584 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:15:39.0544 5584 MBAMService - ok
20:15:39.0590 5584 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:15:39.0590 5584 Mcx2Svc - ok
20:15:39.0606 5584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:15:39.0606 5584 megasas - ok
20:15:39.0622 5584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:15:39.0637 5584 MegaSR - ok
20:15:39.0653 5584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:15:39.0653 5584 MMCSS - ok
20:15:39.0668 5584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:15:39.0668 5584 Modem - ok
20:15:39.0684 5584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:15:39.0684 5584 monitor - ok
20:15:39.0700 5584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:15:39.0700 5584 mouclass - ok
20:15:39.0731 5584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:15:39.0731 5584 mouhid - ok
20:15:39.0762 5584 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:15:39.0762 5584 mountmgr - ok
20:15:39.0778 5584 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:15:39.0778 5584 mpio - ok
20:15:39.0793 5584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:15:39.0793 5584 mpsdrv - ok
20:15:39.0824 5584 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:15:39.0840 5584 MpsSvc - ok
20:15:39.0871 5584 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:15:39.0871 5584 MRxDAV - ok
20:15:39.0902 5584 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:15:39.0902 5584 mrxsmb - ok
20:15:39.0949 5584 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:15:39.0949 5584 mrxsmb10 - ok
20:15:39.0980 5584 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:15:39.0980 5584 mrxsmb20 - ok
20:15:39.0996 5584 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:15:39.0996 5584 msahci - ok
20:15:40.0012 5584 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:15:40.0027 5584 msdsm - ok
20:15:40.0043 5584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:15:40.0043 5584 MSDTC - ok
20:15:40.0074 5584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:15:40.0074 5584 Msfs - ok
20:15:40.0074 5584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:15:40.0074 5584 mshidkmdf - ok
20:15:40.0090 5584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:15:40.0090 5584 msisadrv - ok
20:15:40.0105 5584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:15:40.0121 5584 MSiSCSI - ok
20:15:40.0121 5584 msiserver - ok
20:15:40.0136 5584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:15:40.0152 5584 MSKSSRV - ok
20:15:40.0152 5584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:15:40.0168 5584 MSPCLOCK - ok
20:15:40.0168 5584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:15:40.0168 5584 MSPQM - ok
20:15:40.0199 5584 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:15:40.0199 5584 MsRPC - ok
20:15:40.0214 5584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:15:40.0214 5584 mssmbios - ok
20:15:40.0230 5584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:15:40.0230 5584 MSTEE - ok
20:15:40.0230 5584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:15:40.0246 5584 MTConfig - ok
20:15:40.0246 5584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:15:40.0246 5584 Mup - ok
20:15:40.0292 5584 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:15:40.0292 5584 napagent - ok
20:15:40.0308 5584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:15:40.0324 5584 NativeWifiP - ok
20:15:40.0339 5584 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:15:40.0370 5584 NDIS - ok
20:15:40.0386 5584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:15:40.0386 5584 NdisCap - ok
20:15:40.0417 5584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:15:40.0417 5584 NdisTapi - ok
20:15:40.0417 5584 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:15:40.0433 5584 Ndisuio - ok
20:15:40.0433 5584 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:15:40.0448 5584 NdisWan - ok
20:15:40.0448 5584 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:15:40.0448 5584 NDProxy - ok
20:15:40.0448 5584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:15:40.0448 5584 NetBIOS - ok
20:15:40.0464 5584 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:15:40.0480 5584 NetBT - ok
20:15:40.0495 5584 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:15:40.0495 5584 Netlogon - ok
20:15:40.0542 5584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:15:40.0558 5584 Netman - ok
20:15:40.0604 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:40.0604 5584 NetMsmqActivator - ok
20:15:40.0604 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:40.0604 5584 NetPipeActivator - ok
20:15:40.0620 5584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:15:40.0636 5584 netprofm - ok
20:15:40.0636 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:40.0636 5584 NetTcpActivator - ok
20:15:40.0651 5584 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:40.0651 5584 NetTcpPortSharing - ok
20:15:40.0776 5584 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:15:40.0932 5584 netw5v64 - ok
20:15:40.0979 5584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:15:40.0979 5584 nfrd960 - ok
20:15:40.0994 5584 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:15:41.0010 5584 NlaSvc - ok
20:15:41.0010 5584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:15:41.0010 5584 Npfs - ok
20:15:41.0026 5584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:15:41.0026 5584 nsi - ok
20:15:41.0041 5584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:15:41.0041 5584 nsiproxy - ok
20:15:41.0088 5584 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:15:41.0119 5584 Ntfs - ok
20:15:41.0135 5584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:15:41.0135 5584 Null - ok
20:15:41.0166 5584 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:15:41.0166 5584 nvraid - ok
20:15:41.0213 5584 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:15:41.0213 5584 nvstor - ok
20:15:41.0228 5584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:15:41.0228 5584 nv_agp - ok
20:15:41.0244 5584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:15:41.0244 5584 ohci1394 - ok
20:15:41.0275 5584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:15:41.0275 5584 ose - ok
20:15:41.0462 5584 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:15:41.0556 5584 osppsvc - ok
20:15:41.0587 5584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:15:41.0587 5584 p2pimsvc - ok
20:15:41.0618 5584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:15:41.0618 5584 p2psvc - ok
20:15:41.0650 5584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:15:41.0650 5584 Parport - ok
20:15:41.0681 5584 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:15:41.0681 5584 partmgr - ok
20:15:41.0712 5584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:15:41.0728 5584 PcaSvc - ok
20:15:41.0790 5584 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:15:41.0806 5584 pci - ok
20:15:41.0821 5584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:15:41.0821 5584 pciide - ok
20:15:41.0852 5584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:15:41.0852 5584 pcmcia - ok
20:15:41.0868 5584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:15:41.0868 5584 pcw - ok
20:15:41.0884 5584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:15:41.0915 5584 PEAUTH - ok
20:15:41.0977 5584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:15:41.0977 5584 PerfHost - ok
20:15:42.0024 5584 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:15:42.0055 5584 pla - ok
20:15:42.0118 5584 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:15:42.0133 5584 PlugPlay - ok
20:15:42.0149 5584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:15:42.0149 5584 PNRPAutoReg - ok
20:15:42.0180 5584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:15:42.0180 5584 PNRPsvc - ok
20:15:42.0227 5584 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:15:42.0242 5584 PolicyAgent - ok
20:15:42.0274 5584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:15:42.0274 5584 Power - ok
20:15:42.0305 5584 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:15:42.0305 5584 PptpMiniport - ok
20:15:42.0320 5584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:15:42.0320 5584 Processor - ok
20:15:42.0352 5584 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
20:15:42.0367 5584 ProfSvc - ok
20:15:42.0383 5584 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:15:42.0383 5584 ProtectedStorage - ok
20:15:42.0383 5584 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:15:42.0383 5584 Psched - ok
20:15:42.0445 5584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:15:42.0492 5584 ql2300 - ok
20:15:42.0508 5584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:15:42.0508 5584 ql40xx - ok
20:15:42.0523 5584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:15:42.0523 5584 QWAVE - ok
20:15:42.0539 5584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:15:42.0539 5584 QWAVEdrv - ok
20:15:42.0554 5584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:15:42.0554 5584 RasAcd - ok
20:15:42.0570 5584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:15:42.0570 5584 RasAgileVpn - ok
20:15:42.0586 5584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:15:42.0586 5584 RasAuto - ok
20:15:42.0617 5584 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:15:42.0617 5584 Rasl2tp - ok
20:15:42.0632 5584 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:15:42.0648 5584 RasMan - ok
20:15:42.0648 5584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:15:42.0664 5584 RasPppoe - ok
20:15:42.0664 5584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:15:42.0679 5584 RasSstp - ok
20:15:42.0695 5584 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:15:42.0695 5584 rdbss - ok
20:15:42.0710 5584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:15:42.0710 5584 rdpbus - ok
20:15:42.0726 5584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:15:42.0726 5584 RDPCDD - ok
20:15:42.0742 5584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:15:42.0742 5584 RDPENCDD - ok
20:15:42.0742 5584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:15:42.0742 5584 RDPREFMP - ok
20:15:42.0773 5584 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:15:42.0773 5584 RDPWD - ok
20:15:42.0788 5584 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:15:42.0804 5584 rdyboost - ok
20:15:42.0835 5584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:15:42.0835 5584 RemoteAccess - ok
20:15:42.0851 5584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:15:42.0851 5584 RemoteRegistry - ok
20:15:42.0882 5584 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:15:42.0882 5584 RFCOMM - ok
20:15:42.0913 5584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:15:42.0913 5584 RpcEptMapper - ok
20:15:42.0929 5584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:15:42.0944 5584 RpcLocator - ok
20:15:42.0960 5584 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
20:15:42.0960 5584 RpcSs - ok
20:15:42.0960 5584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:15:42.0976 5584 rspndr - ok
20:15:42.0991 5584 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:15:42.0991 5584 RSUSBSTOR - ok
20:15:43.0022 5584 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:15:43.0038 5584 RTL8167 - ok
20:15:43.0054 5584 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:15:43.0054 5584 SamSs - ok
20:15:43.0085 5584 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:15:43.0085 5584 sbp2port - ok
20:15:43.0194 5584 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:15:43.0194 5584 SBSDWSCService - ok
20:15:43.0241 5584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:15:43.0256 5584 SCardSvr - ok
20:15:43.0256 5584 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:15:43.0272 5584 scfilter - ok
20:15:43.0303 5584 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:15:43.0334 5584 Schedule - ok
20:15:43.0366 5584 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:15:43.0366 5584 SCPolicySvc - ok
20:15:43.0381 5584 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:15:43.0381 5584 sdbus - ok
20:15:43.0412 5584 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:15:43.0412 5584 SDRSVC - ok
20:15:43.0444 5584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:15:43.0444 5584 secdrv - ok
20:15:43.0459 5584 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:15:43.0459 5584 seclogon - ok
20:15:43.0475 5584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:15:43.0475 5584 SENS - ok
20:15:43.0506 5584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:15:43.0506 5584 SensrSvc - ok
20:15:43.0522 5584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:15:43.0522 5584 Serenum - ok
20:15:43.0553 5584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:15:43.0553 5584 Serial - ok
20:15:43.0568 5584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:15:43.0568 5584 sermouse - ok
20:15:43.0584 5584 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:15:43.0600 5584 SessionEnv - ok
20:15:43.0600 5584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:15:43.0615 5584 sffdisk - ok
20:15:43.0631 5584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:15:43.0631 5584 sffp_mmc - ok
20:15:43.0646 5584 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:15:43.0646 5584 sffp_sd - ok
20:15:43.0662 5584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:15:43.0662 5584 sfloppy - ok
20:15:43.0709 5584 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:15:43.0740 5584 Sftfs - ok
20:15:43.0802 5584 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:15:43.0818 5584 sftlist - ok
20:15:43.0834 5584 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:15:43.0834 5584 Sftplay - ok
20:15:43.0865 5584 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:15:43.0865 5584 Sftredir - ok
20:15:43.0896 5584 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:15:43.0896 5584 Sftvol - ok
20:15:43.0927 5584 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:15:43.0927 5584 sftvsa - ok
20:15:43.0974 5584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:15:43.0974 5584 SharedAccess - ok
20:15:44.0005 5584 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:15:44.0005 5584 ShellHWDetection - ok
20:15:44.0036 5584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:15:44.0036 5584 SiSRaid2 - ok
20:15:44.0068 5584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:15:44.0068 5584 SiSRaid4 - ok
20:15:44.0099 5584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:15:44.0099 5584 Smb - ok
20:15:44.0130 5584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:15:44.0130 5584 SNMPTRAP - ok
20:15:44.0146 5584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:15:44.0146 5584 spldr - ok
20:15:44.0192 5584 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
20:15:44.0208 5584 Spooler - ok
20:15:44.0317 5584 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:15:44.0395 5584 sppsvc - ok
20:15:44.0411 5584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:15:44.0411 5584 sppuinotify - ok
20:15:44.0442 5584 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:15:44.0442 5584 srv - ok
20:15:44.0458 5584 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:15:44.0473 5584 srv2 - ok
20:15:44.0489 5584 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:15:44.0504 5584 SrvHsfHDA - ok
20:15:44.0536 5584 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:15:44.0567 5584 SrvHsfV92 - ok
20:15:44.0598 5584 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:15:44.0614 5584 SrvHsfWinac - ok
20:15:44.0629 5584 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:15:44.0645 5584 srvnet - ok
20:15:44.0660 5584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:15:44.0660 5584 SSDPSRV - ok
20:15:44.0676 5584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:15:44.0692 5584 SstpSvc - ok
20:15:44.0738 5584 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:15:44.0754 5584 STacSV - ok
20:15:44.0785 5584 Steam Client Service - ok
20:15:44.0816 5584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:15:44.0816 5584 stexstor - ok
20:15:44.0863 5584 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:15:44.0863 5584 STHDA - ok
20:15:44.0894 5584 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:15:44.0910 5584 stisvc - ok
20:15:44.0941 5584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:15:44.0941 5584 swenum - ok
20:15:44.0957 5584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:15:44.0972 5584 swprv - ok
20:15:45.0019 5584 [ 7369D6268E21481A8DCB8E94063C47B1 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:15:45.0019 5584 SynTP - ok
20:15:45.0066 5584 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:15:45.0113 5584 SysMain - ok
20:15:45.0128 5584 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:15:45.0128 5584 TabletInputService - ok
20:15:45.0160 5584 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:15:45.0160 5584 TapiSrv - ok
20:15:45.0175 5584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:15:45.0191 5584 TBS - ok
20:15:45.0269 5584 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:15:45.0316 5584 Tcpip - ok
20:15:45.0394 5584 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:15:45.0409 5584 TCPIP6 - ok
20:15:45.0440 5584 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:15:45.0440 5584 tcpipreg - ok
20:15:45.0472 5584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:15:45.0472 5584 TDPIPE - ok
20:15:45.0503 5584 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:15:45.0503 5584 TDTCP - ok
20:15:45.0518 5584 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:15:45.0518 5584 tdx - ok
20:15:45.0534 5584 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:15:45.0534 5584 TermDD - ok
20:15:45.0550 5584 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:15:45.0581 5584 TermService - ok
20:15:45.0596 5584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:15:45.0596 5584 Themes - ok
20:15:45.0612 5584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:15:45.0612 5584 THREADORDER - ok
20:15:45.0643 5584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:15:45.0643 5584 TrkWks - ok
20:15:45.0690 5584 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:15:45.0690 5584 TrustedInstaller - ok
20:15:45.0706 5584 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:15:45.0706 5584 tssecsrv - ok
20:15:45.0737 5584 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:15:45.0737 5584 tunnel - ok
20:15:45.0752 5584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:15:45.0752 5584 uagp35 - ok
20:15:45.0784 5584 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:15:45.0784 5584 udfs - ok
20:15:45.0815 5584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:15:45.0815 5584 UI0Detect - ok
20:15:45.0830 5584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:15:45.0830 5584 uliagpkx - ok
20:15:45.0846 5584 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:15:45.0846 5584 umbus - ok
20:15:45.0877 5584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:15:45.0877 5584 UmPass - ok
20:15:45.0971 5584 [ 0FADD949576A164B4E51E716F46B6C33 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:15:46.0002 5584 UNS - ok
20:15:46.0018 5584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:15:46.0033 5584 upnphost - ok
20:15:46.0064 5584 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:15:46.0064 5584 USBAAPL64 - ok
20:15:46.0096 5584 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:15:46.0111 5584 usbccgp - ok
20:15:46.0127 5584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:15:46.0127 5584 usbcir - ok
20:15:46.0142 5584 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:15:46.0158 5584 usbehci - ok
20:15:46.0189 5584 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:15:46.0189 5584 usbhub - ok
20:15:46.0205 5584 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:15:46.0205 5584 usbohci - ok
20:15:46.0236 5584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:15:46.0236 5584 usbprint - ok
20:15:46.0267 5584 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:15:46.0267 5584 usbscan - ok
20:15:46.0283 5584 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:15:46.0298 5584 USBSTOR - ok
20:15:46.0314 5584 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:15:46.0314 5584 usbuhci - ok
20:15:46.0345 5584 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:15:46.0361 5584 usbvideo - ok
20:15:46.0376 5584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:15:46.0392 5584 UxSms - ok
20:15:46.0408 5584 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:15:46.0439 5584 VaultSvc - ok
20:15:46.0517 5584 [ 8159F83408230045F731C6C7799A7D44 ] vcsFPService C:\Windows\system32\vcsFPService.exe
20:15:46.0595 5584 vcsFPService - ok
20:15:46.0626 5584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:15:46.0626 5584 vdrvroot - ok
20:15:46.0657 5584 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:15:46.0673 5584 vds - ok
20:15:46.0688 5584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:15:46.0688 5584 vga - ok
20:15:46.0704 5584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:15:46.0704 5584 VgaSave - ok
20:15:46.0735 5584 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:15:46.0751 5584 vhdmp - ok
20:15:46.0751 5584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:15:46.0751 5584 viaide - ok
20:15:46.0766 5584 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:15:46.0766 5584 volmgr - ok
20:15:46.0782 5584 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:15:46.0798 5584 volmgrx - ok
20:15:46.0813 5584 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:15:46.0813 5584 volsnap - ok
20:15:46.0829 5584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:15:46.0844 5584 vsmraid - ok
20:15:46.0876 5584 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:15:46.0907 5584 VSS - ok
20:15:46.0922 5584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:15:46.0922 5584 vwifibus - ok
20:15:46.0922 5584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:15:46.0938 5584 vwififlt - ok
20:15:46.0938 5584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:15:46.0954 5584 W32Time - ok
20:15:46.0985 5584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:15:46.0985 5584 WacomPen - ok
20:15:47.0000 5584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:15:47.0000 5584 WANARP - ok
20:15:47.0000 5584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:15:47.0000 5584 Wanarpv6 - ok
20:15:47.0063 5584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:15:47.0094 5584 WatAdminSvc - ok
20:15:47.0141 5584 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:15:47.0219 5584 wbengine - ok
20:15:47.0234 5584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:15:47.0250 5584 WbioSrvc - ok
20:15:47.0281 5584 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:15:47.0281 5584 wcncsvc - ok
20:15:47.0297 5584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:15:47.0312 5584 WcsPlugInService - ok
20:15:47.0328 5584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:15:47.0328 5584 Wd - ok
20:15:47.0359 5584 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:15:47.0375 5584 Wdf01000 - ok
20:15:47.0390 5584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:15:47.0406 5584 WdiServiceHost - ok
20:15:47.0406 5584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:15:47.0406 5584 WdiSystemHost - ok
20:15:47.0437 5584 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
20:15:47.0437 5584 WebClient - ok
20:15:47.0453 5584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:15:47.0468 5584 Wecsvc - ok
20:15:47.0484 5584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:15:47.0484 5584 wercplsupport - ok
20:15:47.0500 5584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:15:47.0500 5584 WerSvc - ok
20:15:47.0515 5584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:15:47.0515 5584 WfpLwf - ok
20:15:47.0531 5584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:15:47.0546 5584 WIMMount - ok
20:15:47.0546 5584 WinDefend - ok
20:15:47.0562 5584 WinHttpAutoProxySvc - ok
20:15:47.0656 5584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:15:47.0671 5584 Winmgmt - ok
20:15:47.0718 5584 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:15:47.0796 5584 WinRM - ok
20:15:47.0843 5584 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:15:47.0843 5584 WinUSB - ok
20:15:47.0858 5584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:15:47.0890 5584 Wlansvc - ok
20:15:48.0014 5584 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:15:48.0061 5584 wlidsvc - ok
20:15:48.0077 5584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:15:48.0092 5584 WmiAcpi - ok
20:15:48.0108 5584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:15:48.0108 5584 wmiApSrv - ok
20:15:48.0124 5584 WMPNetworkSvc - ok
20:15:48.0139 5584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:15:48.0155 5584 WPCSvc - ok
20:15:48.0170 5584 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:15:48.0170 5584 WPDBusEnum - ok
20:15:48.0186 5584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:15:48.0186 5584 ws2ifsl - ok
20:15:48.0217 5584 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
20:15:48.0217 5584 wscsvc - ok
20:15:48.0233 5584 WSearch - ok
20:15:48.0311 5584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:15:48.0358 5584 wuauserv - ok
20:15:48.0389 5584 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:15:48.0389 5584 WudfPf - ok
20:15:48.0420 5584 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:15:48.0420 5584 WUDFRd - ok
20:15:48.0436 5584 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:15:48.0451 5584 wudfsvc - ok
20:15:48.0467 5584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:15:48.0467 5584 WwanSvc - ok
20:15:48.0498 5584 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:15:48.0514 5584 yukonw7 - ok
20:15:48.0529 5584 ================ Scan global ===============================
20:15:48.0545 5584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:15:48.0592 5584 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:15:48.0607 5584 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:15:48.0623 5584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:15:48.0638 5584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:15:48.0638 5584 [Global] - ok
20:15:48.0638 5584 ================ Scan MBR ==================================
20:15:48.0654 5584 [ 58414DEC5E3EB1A96FCCA98C1CE742E4 ] \Device\Harddisk0\DR0
20:15:48.0935 5584 \Device\Harddisk0\DR0 - ok
20:15:48.0935 5584 ================ Scan VBR ==================================
20:15:48.0935 5584 [ 91CE6409BDB0FD9368F991958E5A47B8 ] \Device\Harddisk0\DR0\Partition1
20:15:48.0935 5584 \Device\Harddisk0\DR0\Partition1 - ok
20:15:48.0966 5584 [ D494E084AB43E91C7CB2D07B05CD7958 ] \Device\Harddisk0\DR0\Partition2
20:15:48.0966 5584 \Device\Harddisk0\DR0\Partition2 - ok
20:15:48.0997 5584 [ B95FDDC6BA88166679BBA7158E941C29 ] \Device\Harddisk0\DR0\Partition3
20:15:48.0997 5584 \Device\Harddisk0\DR0\Partition3 - ok
20:15:49.0013 5584 [ 68A3E4EF29E43B9B00EAFE6F235E5708 ] \Device\Harddisk0\DR0\Partition4
20:15:49.0013 5584 \Device\Harddisk0\DR0\Partition4 - ok
20:15:49.0013 5584 ============================================================
20:15:49.0013 5584 Scan finished
20:15:49.0013 5584 ============================================================
20:15:49.0028 2464 Detected object count: 0
20:15:49.0028 2464 Actual detected object count: 0
20:17:18.0151 4212 ============================================================
20:17:18.0151 4212 Scan started
20:17:18.0151 4212 Mode: Manual; SigCheck; TDLFS;
20:17:18.0151 4212 ============================================================
20:17:18.0479 4212 ================ Scan system memory ========================
20:17:18.0479 4212 System memory - ok
20:17:18.0479 4212 ================ Scan services =============================
20:17:18.0900 4212 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:17:19.0025 4212 1394ohci - ok
20:17:19.0119 4212 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
20:17:19.0165 4212 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
20:17:19.0197 4212 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:17:19.0197 4212 Accelerometer - ok
20:17:19.0228 4212 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:17:19.0243 4212 ACPI - ok
20:17:19.0259 4212 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:17:19.0337 4212 AcpiPmi - ok
20:17:19.0368 4212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:17:19.0399 4212 adp94xx - ok
20:17:19.0431 4212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:17:19.0446 4212 adpahci - ok
20:17:19.0462 4212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:17:19.0477 4212 adpu320 - ok
20:17:19.0509 4212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:17:19.0587 4212 AeLookupSvc - ok
20:17:19.0649 4212 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:17:19.0696 4212 AESTFilters - ok
20:17:19.0758 4212 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:17:19.0836 4212 AFD - ok
20:17:19.0867 4212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:17:19.0899 4212 agp440 - ok
20:17:19.0899 4212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:17:19.0914 4212 ALG - ok
20:17:19.0930 4212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:17:19.0945 4212 aliide - ok
20:17:19.0961 4212 [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:17:20.0008 4212 AMD External Events Utility - ok
20:17:20.0023 4212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:17:20.0039 4212 amdide - ok
20:17:20.0055 4212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:17:20.0070 4212 AmdK8 - ok
20:17:20.0195 4212 [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
20:17:20.0273 4212 amdkmdag - ok
20:17:20.0304 4212 [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:17:20.0335 4212 amdkmdap - ok
20:17:20.0351 4212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:17:20.0367 4212 AmdPPM - ok
20:17:20.0398 4212 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:17:20.0429 4212 amdsata - ok
20:17:20.0460 4212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:17:20.0476 4212 amdsbs - ok
20:17:20.0491 4212 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:17:20.0507 4212 amdxata - ok
20:17:20.0538 4212 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:17:20.0569 4212 AppID - ok
20:17:20.0585 4212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:17:20.0647 4212 AppIDSvc - ok
20:17:20.0663 4212 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:17:20.0694 4212 Appinfo - ok
20:17:20.0772 4212 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:17:20.0788 4212 Apple Mobile Device - ok
20:17:20.0803 4212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:17:20.0803 4212 arc - ok
20:17:20.0819 4212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:17:20.0835 4212 arcsas - ok
20:17:20.0959 4212 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:17:20.0975 4212 aspnet_state - ok
20:17:20.0991 4212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:17:21.0053 4212 AsyncMac - ok
20:17:21.0069 4212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:17:21.0069 4212 atapi - ok
20:17:21.0147 4212 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:17:21.0193 4212 athr - ok
20:17:21.0225 4212 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:17:21.0225 4212 AtiHdmiService - ok
20:17:21.0256 4212 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:17:21.0318 4212 AudioEndpointBuilder - ok
20:17:21.0334 4212 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:17:21.0381 4212 AudioSrv - ok
20:17:21.0396 4212 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:17:21.0427 4212 AxInstSV - ok
20:17:21.0443 4212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:17:21.0459 4212 b06bdrv - ok
20:17:21.0490 4212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:17:21.0505 4212 b57nd60a - ok
20:17:21.0521 4212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:17:21.0552 4212 BDESVC - ok
20:17:21.0568 4212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:17:21.0615 4212 Beep - ok
20:17:21.0630 4212 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:17:21.0677 4212 BFE - ok
20:17:21.0708 4212 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
20:17:21.0755 4212 BITS - ok
20:17:21.0771 4212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:17:21.0786 4212 blbdrive - ok
20:17:21.0833 4212 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:17:21.0849 4212 Bonjour Service - ok
20:17:21.0880 4212 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:17:21.0911 4212 bowser - ok
20:17:21.0927 4212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:17:21.0942 4212 BrFiltLo - ok
20:17:21.0958 4212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:17:21.0973 4212 BrFiltUp - ok
20:17:21.0989 4212 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:17:22.0036 4212 BridgeMP - ok
20:17:22.0067 4212 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
20:17:22.0083 4212 Browser - ok
20:17:22.0098 4212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:17:22.0129 4212 Brserid - ok
20:17:22.0145 4212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:17:22.0161 4212 BrSerWdm - ok
20:17:22.0176 4212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:17:22.0223 4212 BrUsbMdm - ok
20:17:22.0254 4212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:17:22.0270 4212 BrUsbSer - ok
20:17:22.0301 4212 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:17:22.0348 4212 BthEnum - ok
20:17:22.0363 4212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:17:22.0395 4212 BTHMODEM - ok
20:17:22.0410 4212 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:17:22.0441 4212 BthPan - ok
20:17:22.0488 4212 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:17:22.0519 4212 BTHPORT - ok
20:17:22.0551 4212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:17:22.0597 4212 bthserv - ok
20:17:22.0613 4212 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:17:22.0644 4212 BTHUSB - ok
20:17:22.0675 4212 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:17:22.0675 4212 btwaudio - ok
20:17:22.0691 4212 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
20:17:22.0707 4212 btwavdt - ok
20:17:22.0753 4212 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:17:22.0800 4212 btwdins - ok
20:17:22.0800 4212 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:17:22.0816 4212 btwl2cap - ok
20:17:22.0816 4212 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:17:22.0831 4212 btwrchid - ok
20:17:22.0831 4212 catchme - ok
20:17:22.0863 4212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:17:22.0909 4212 cdfs - ok
20:17:22.0925 4212 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:17:22.0941 4212 cdrom - ok
20:17:22.0956 4212 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:17:23.0034 4212 CertPropSvc - ok
20:17:23.0050 4212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:17:23.0065 4212 circlass - ok
20:17:23.0081 4212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:17:23.0097 4212 CLFS - ok
20:17:23.0143 4212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:23.0159 4212 clr_optimization_v2.0.50727_32 - ok
20:17:23.0190 4212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:17:23.0206 4212 clr_optimization_v2.0.50727_64 - ok
20:17:23.0299 4212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:23.0315 4212 clr_optimization_v4.0.30319_32 - ok
20:17:23.0331 4212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:17:23.0346 4212 clr_optimization_v4.0.30319_64 - ok
20:17:23.0362 4212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:17:23.0377 4212 CmBatt - ok
20:17:23.0393 4212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:17:23.0409 4212 cmdide - ok
20:17:23.0440 4212 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
20:17:23.0455 4212 CNG - ok
20:17:23.0471 4212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:17:23.0487 4212 Compbatt - ok
20:17:23.0502 4212 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:17:23.0533 4212 CompositeBus - ok
20:17:23.0533 4212 COMSysApp - ok
20:17:23.0565 4212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:17:23.0565 4212 crcdisk - ok
20:17:23.0596 4212 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:17:23.0611 4212 CryptSvc - ok
20:17:23.0705 4212 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:17:23.0752 4212 cvhsvc - ok
20:17:23.0783 4212 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:17:23.0830 4212 DcomLaunch - ok
20:17:23.0861 4212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:17:23.0939 4212 defragsvc - ok
20:17:23.0970 4212 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:17:24.0017 4212 DfsC - ok
20:17:24.0064 4212 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:17:24.0111 4212 Dhcp - ok
20:17:24.0126 4212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:17:24.0204 4212 discache - ok
20:17:24.0220 4212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:17:24.0235 4212 Disk - ok
20:17:24.0267 4212 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:17:24.0298 4212 Dnscache - ok
20:17:24.0313 4212 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:17:24.0360 4212 dot3svc - ok
20:17:24.0407 4212 [ 8CBE9EB5088E36DB88013D9D5858B87F ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
20:17:24.0423 4212 DpHost - ok
20:17:24.0438 4212 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:17:24.0485 4212 DPS - ok
20:17:24.0501 4212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:17:24.0516 4212 drmkaud - ok
20:17:24.0532 4212 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
20:17:24.0547 4212 DVMIO - ok
20:17:24.0625 4212 [ 291A3DEE24999EE4618ED0C7A9A8DB7A ] DvmMDES C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
20:17:24.0657 4212 DvmMDES - ok
20:17:24.0703 4212 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:17:24.0750 4212 DXGKrnl - ok
20:17:24.0766 4212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:17:24.0813 4212 EapHost - ok
20:17:24.0906 4212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:17:24.0984 4212 ebdrv - ok
20:17:25.0000 4212 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:17:25.0047 4212 EFS - ok
20:17:25.0109 4212 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:17:25.0156 4212 ehRecvr - ok
20:17:25.0171 4212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:17:25.0203 4212 ehSched - ok
20:17:25.0234 4212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:17:25.0265 4212 elxstor - ok
20:17:25.0281 4212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:17:25.0296 4212 ErrDev - ok
20:17:25.0327 4212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:17:25.0374 4212 EventSystem - ok
20:17:25.0390 4212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:17:25.0437 4212 exfat - ok
20:17:25.0437 4212 ezSharedSvc - ok
20:17:25.0468 4212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:17:25.0515 4212 fastfat - ok
20:17:25.0546 4212 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:17:25.0561 4212 Fax - ok
20:17:25.0577 4212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:17:25.0608 4212 fdc - ok
20:17:25.0624 4212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:17:25.0671 4212 fdPHost - ok
20:17:25.0686 4212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:17:25.0764 4212 FDResPub - ok
20:17:25.0795 4212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:17:25.0811 4212 FileInfo - ok
20:17:25.0842 4212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:17:25.0905 4212 Filetrace - ok
20:17:25.0920 4212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:17:25.0951 4212 flpydisk - ok
20:17:25.0967 4212 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:17:25.0983 4212 FltMgr - ok
20:17:26.0014 4212 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
20:17:26.0045 4212 FontCache - ok
20:17:26.0076 4212 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:26.0092 4212 FontCache3.0.0.0 - ok
20:17:26.0107 4212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:17:26.0107 4212 FsDepends - ok
20:17:26.0139 4212 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:17:26.0154 4212 Fs_Rec - ok
20:17:26.0201 4212 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:17:26.0232 4212 fvevol - ok
20:17:26.0248 4212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:17:26.0248 4212 gagp30kx - ok
20:17:26.0310 4212 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:17:26.0326 4212 GameConsoleService - ok
20:17:26.0373 4212 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:17:26.0373 4212 GEARAspiWDM - ok
20:17:26.0419 4212 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:17:26.0466 4212 gpsvc - ok
20:17:26.0482 4212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:17:26.0497 4212 hcw85cir - ok
20:17:26.0513 4212 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:26.0544 4212 HdAudAddService - ok
20:17:26.0560 4212 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:17:26.0591 4212 HDAudBus - ok
20:17:26.0622 4212 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:17:26.0622 4212 HECIx64 - ok
20:17:26.0638 4212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:17:26.0669 4212 HidBatt - ok
20:17:26.0685 4212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:17:26.0716 4212 HidBth - ok
20:17:26.0731 4212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:17:26.0747 4212 HidIr - ok
20:17:26.0763 4212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:17:26.0825 4212 hidserv - ok
20:17:26.0841 4212 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:17:26.0856 4212 HidUsb - ok
20:17:26.0872 4212 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:17:26.0934 4212 hkmsvc - ok
20:17:26.0950 4212 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:26.0981 4212 HomeGroupListener - ok
20:17:26.0997 4212 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:27.0028 4212 HomeGroupProvider - ok
20:17:27.0106 4212 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:17:27.0121 4212 HP Support Assistant Service - ok
20:17:27.0153 4212 [ A2DE0A67C77EBC6DFAD3D55232790ADD ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:17:27.0168 4212 HP Wireless Assistant Service - ok
20:17:27.0184 4212 [ CECF7CB10E778F921CF41858C653EA15 ] hpdoccardsvc C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
20:17:27.0199 4212 hpdoccardsvc - ok
20:17:27.0231 4212 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:17:27.0262 4212 HPDrvMntSvc.exe - ok
20:17:27.0277 4212 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:17:27.0277 4212 hpdskflt - ok
20:17:27.0309 4212 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:17:27.0340 4212 hpqwmiex - ok
20:17:27.0355 4212 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:17:27.0371 4212 HpSAMD - ok
20:17:27.0387 4212 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
20:17:27.0387 4212 hpsrv - ok
20:17:27.0418 4212 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:17:27.0433 4212 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
20:17:27.0433 4212 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
20:17:27.0480 4212 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:17:27.0558 4212 HTTP - ok
20:17:27.0558 4212 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:17:27.0574 4212 hwpolicy - ok
20:17:27.0589 4212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:17:27.0605 4212 i8042prt - ok
20:17:27.0636 4212 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:17:27.0652 4212 iaStor - ok
20:17:27.0667 4212 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:17:27.0683 4212 iaStorV - ok
20:17:27.0730 4212 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:27.0745 4212 idsvc - ok
20:17:27.0917 4212 [ 6CBFC48E5C663EA8493AE3E75A6BF511 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:17:28.0042 4212 igfx - ok
20:17:28.0057 4212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:17:28.0073 4212 iirsp - ok
20:17:28.0104 4212 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:17:28.0151 4212 IKEEXT - ok
20:17:28.0182 4212 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
20:17:28.0213 4212 Impcd - ok
20:17:28.0229 4212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:17:28.0245 4212 intelide - ok
20:17:28.0401 4212 [ 6CBFC48E5C663EA8493AE3E75A6BF511 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
20:17:28.0494 4212 intelkmd - ok
20:17:28.0525 4212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:17:28.0557 4212 intelppm - ok
20:17:28.0572 4212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:17:28.0619 4212 IPBusEnum - ok
20:17:28.0635 4212 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:28.0681 4212 IpFilterDriver - ok
20:17:28.0681 4212 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:17:28.0728 4212 iphlpsvc - ok
20:17:28.0744 4212 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:17:28.0775 4212 IPMIDRV - ok
20:17:28.0775 4212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:17:28.0822 4212 IPNAT - ok
20:17:28.0869 4212 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:17:28.0915 4212 iPod Service - ok
20:17:28.0931 4212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:17:28.0947 4212 IRENUM - ok
20:17:28.0962 4212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:17:28.0978 4212 isapnp - ok
20:17:29.0009 4212 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:17:29.0025 4212 iScsiPrt - ok
20:17:29.0056 4212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:17:29.0071 4212 kbdclass - ok
20:17:29.0087 4212 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:17:29.0103 4212 kbdhid - ok
20:17:29.0134 4212 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:17:29.0149 4212 KeyIso - ok
20:17:29.0181 4212 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:17:29.0196 4212 KSecDD - ok
20:17:29.0212 4212 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:17:29.0212 4212 KSecPkg - ok
20:17:29.0227 4212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:17:29.0274 4212 ksthunk - ok
20:17:29.0305 4212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:17:29.0352 4212 KtmRm - ok
20:17:29.0383 4212 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:17:29.0415 4212 LanmanServer - ok
20:17:29.0430 4212 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:29.0477 4212 LanmanWorkstation - ok
20:17:29.0508 4212 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:17:29.0508 4212 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:17:29.0508 4212 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:17:29.0524 4212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:17:29.0586 4212 lltdio - ok
20:17:29.0602 4212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:17:29.0649 4212 lltdsvc - ok
20:17:29.0680 4212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:17:29.0711 4212 lmhosts - ok
20:17:29.0773 4212 [ 6D515466AB8BFE61184092B635AE6EB4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:17:29.0805 4212 LMS - ok
20:17:29.0820 4212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:17:29.0836 4212 LSI_FC - ok
20:17:29.0851 4212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:17:29.0867 4212 LSI_SAS - ok
20:17:29.0898 4212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:17:29.0914 4212 LSI_SAS2 - ok
20:17:29.0929 4212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:17:29.0929 4212 LSI_SCSI - ok
20:17:29.0945 4212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:17:30.0007 4212 luafv - ok
20:17:30.0070 4212 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:17:30.0085 4212 MBAMProtector - ok
20:17:30.0117 4212 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:17:30.0148 4212 MBAMService - ok
20:17:30.0163 4212 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:17:30.0179 4212 Mcx2Svc - ok
20:17:30.0195 4212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:17:30.0210 4212 megasas - ok
20:17:30.0241 4212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:17:30.0257 4212 MegaSR - ok
20:17:30.0273 4212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:17:30.0319 4212 MMCSS - ok
20:17:30.0335 4212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:17:30.0382 4212 Modem - ok
20:17:30.0397 4212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:17:30.0429 4212 monitor - ok
20:17:30.0429 4212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:17:30.0444 4212 mouclass - ok
20:17:30.0460 4212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:17:30.0475 4212 mouhid - ok
20:17:30.0491 4212 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:17:30.0507 4212 mountmgr - ok
20:17:30.0507 4212 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:17:30.0522 4212 mpio - ok
20:17:30.0538 4212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:17:30.0585 4212 mpsdrv - ok
20:17:30.0600 4212 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:17:30.0647 4212 MpsSvc - ok
20:17:30.0678 4212 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:17:30.0694 4212 MRxDAV - ok
20:17:30.0725 4212 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:30.0772 4212 mrxsmb - ok
20:17:30.0803 4212 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:30.0850 4212 mrxsmb10 - ok
20:17:30.0865 4212 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:30.0897 4212 mrxsmb20 - ok
20:17:30.0912 4212 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:17:30.0943 4212 msahci - ok
20:17:30.0959 4212 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:17:30.0975 4212 msdsm - ok
20:17:30.0990 4212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:17:31.0021 4212 MSDTC - ok
20:17:31.0053 4212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:17:31.0084 4212 Msfs - ok
20:17:31.0099 4212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:17:31.0146 4212 mshidkmdf - ok
20:17:31.0146 4212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:17:31.0162 4212 msisadrv - ok
20:17:31.0177 4212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:17:31.0224 4212 MSiSCSI - ok
20:17:31.0224 4212 msiserver - ok
20:17:31.0224 4212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:17:31.0271 4212 MSKSSRV - ok
20:17:31.0287 4212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:31.0333 4212 MSPCLOCK - ok
20:17:31.0349 4212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:17:31.0396 4212 MSPQM - ok
20:17:31.0427 4212 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:17:31.0443 4212 MsRPC - ok
20:17:31.0443 4212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:17:31.0458 4212 mssmbios - ok
20:17:31.0458 4212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:17:31.0489 4212 MSTEE - ok
20:17:31.0521 4212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:17:31.0521 4212 MTConfig - ok
20:17:31.0536 4212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:17:31.0536 4212 Mup - ok
20:17:31.0567 4212 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:17:31.0630 4212 napagent - ok
20:17:31.0645 4212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:17:31.0692 4212 NativeWifiP - ok
20:17:31.0708 4212 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:17:31.0739 4212 NDIS - ok
20:17:31.0755 4212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:31.0786 4212 NdisCap - ok
20:17:31.0786 4212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:31.0833 4212 NdisTapi - ok
20:17:31.0848 4212 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:31.0879 4212 Ndisuio - ok
20:17:31.0895 4212 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:31.0942 4212 NdisWan - ok
20:17:31.0942 4212 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:17:32.0004 4212 NDProxy - ok
20:17:32.0004 4212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:17:32.0051 4212 NetBIOS - ok
20:17:32.0067 4212 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:17:32.0113 4212 NetBT - ok
20:17:32.0145 4212 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:17:32.0145 4212 Netlogon - ok
20:17:32.0191 4212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:17:32.0269 4212 Netman - ok
20:17:32.0285 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:32.0301 4212 NetMsmqActivator - ok
20:17:32.0316 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:32.0316 4212 NetPipeActivator - ok
20:17:32.0332 4212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:17:32.0379 4212 netprofm - ok
20:17:32.0394 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:32.0410 4212 NetTcpActivator - ok
20:17:32.0425 4212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:32.0425 4212 NetTcpPortSharing - ok
20:17:32.0550 4212 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:17:32.0613 4212 netw5v64 - ok
20:17:32.0644 4212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:17:32.0644 4212 nfrd960 - ok
20:17:32.0691 4212 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:17:32.0737 4212 NlaSvc - ok
20:17:32.0737 4212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:17:32.0784 4212 Npfs - ok
20:17:32.0800 4212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:17:32.0847 4212 nsi - ok
20:17:32.0862 4212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:17:32.0893 4212 nsiproxy - ok
20:17:32.0940 4212 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:17:32.0987 4212 Ntfs - ok
20:17:33.0003 4212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:17:33.0034 4212 Null - ok
20:17:33.0049 4212 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:17:33.0065 4212 nvraid - ok
20:17:33.0096 4212 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:17:33.0112 4212 nvstor - ok
20:17:33.0127 4212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:17:33.0143 4212 nv_agp - ok
20:17:33.0159 4212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:17:33.0159 4212 ohci1394 - ok
20:17:33.0205 4212 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:17:33.0205 4212 ose - ok
20:17:33.0377 4212 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:17:33.0471 4212 osppsvc - ok
20:17:33.0502 4212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:17:33.0533 4212 p2pimsvc - ok
20:17:33.0549 4212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:17:33.0564 4212 p2psvc - ok
20:17:33.0595 4212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:17:33.0611 4212 Parport - ok
20:17:33.0642 4212 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:17:33.0658 4212 partmgr - ok
20:17:33.0673 4212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:17:33.0705 4212 PcaSvc - ok
20:17:33.0720 4212 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:17:33.0736 4212 pci - ok
20:17:33.0751 4212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:17:33.0767 4212 pciide - ok
20:17:33.0798 4212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:17:33.0814 4212 pcmcia - ok
20:17:33.0814 4212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:17:33.0829 4212 pcw - ok
20:17:33.0845 4212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:17:33.0907 4212 PEAUTH - ok
20:17:33.0970 4212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:17:34.0001 4212 PerfHost - ok
20:17:34.0032 4212 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:17:34.0110 4212 pla - ok
20:17:34.0141 4212 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:17:34.0157 4212 PlugPlay - ok
20:17:34.0173 4212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:17:34.0188 4212 PNRPAutoReg - ok
20:17:34.0204 4212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:17:34.0219 4212 PNRPsvc - ok
20:17:34.0266 4212 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:17:34.0329 4212 PolicyAgent - ok
20:17:34.0360 4212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:17:34.0407 4212 Power - ok
20:17:34.0422 4212 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:17:34.0485 4212 PptpMiniport - ok
20:17:34.0485 4212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:17:34.0516 4212 Processor - ok
20:17:34.0547 4212 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
20:17:34.0578 4212 ProfSvc - ok
20:17:34.0656 4212 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:17:34.0687 4212 ProtectedStorage - ok
20:17:34.0703 4212 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:17:34.0750 4212 Psched - ok
20:17:34.0797 4212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:17:34.0828 4212 ql2300 - ok
20:17:34.0843 4212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:17:34.0859 4212 ql40xx - ok
20:17:34.0890 4212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:17:34.0906 4212 QWAVE - ok
20:17:34.0921 4212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:17:34.0937 4212 QWAVEdrv - ok
20:17:34.0953 4212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:17:34.0984 4212 RasAcd - ok
20:17:34.0999 4212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:17:35.0046 4212 RasAgileVpn - ok
20:17:35.0062 4212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:17:35.0109 4212 RasAuto - ok
20:17:35.0124 4212 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:35.0171 4212 Rasl2tp - ok
20:17:35.0202 4212 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:17:35.0249 4212 RasMan - ok
20:17:35.0265 4212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:35.0311 4212 RasPppoe - ok
20:17:35.0311 4212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:17:35.0358 4212 RasSstp - ok
20:17:35.0374 4212 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:17:35.0421 4212 rdbss - ok
20:17:35.0452 4212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:17:35.0483 4212 rdpbus - ok
20:17:35.0499 4212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:35.0561 4212 RDPCDD - ok
20:17:35.0561 4212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:17:35.0623 4212 RDPENCDD - ok
20:17:35.0623 4212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:17:35.0670 4212 RDPREFMP - ok
20:17:35.0686 4212 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:17:35.0701 4212 RDPWD - ok
20:17:35.0717 4212 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:17:35.0733 4212 rdyboost - ok
20:17:35.0748 4212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:17:35.0811 4212 RemoteAccess - ok
20:17:35.0826 4212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:17:35.0873 4212 RemoteRegistry - ok
20:17:35.0904 4212 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:17:35.0935 4212 RFCOMM - ok
20:17:35.0951 4212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:17:35.0998 4212 RpcEptMapper - ok
20:17:36.0013 4212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:17:36.0029 4212 RpcLocator - ok
20:17:36.0060 4212 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
20:17:36.0107 4212 RpcSs - ok
20:17:36.0123 4212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:17:36.0169 4212 rspndr - ok
20:17:36.0201 4212 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:17:36.0201 4212 RSUSBSTOR - ok
20:17:36.0232 4212 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:17:36.0279 4212 RTL8167 - ok
20:17:36.0294 4212 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:17:36.0310 4212 SamSs - ok
20:17:36.0325 4212 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:17:36.0341 4212 sbp2port - ok
20:17:36.0435 4212 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:17:36.0481 4212 SBSDWSCService - ok
20:17:36.0497 4212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:17:36.0544 4212 SCardSvr - ok
20:17:36.0559 4212 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:17:36.0606 4212 scfilter - ok
20:17:36.0637 4212 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:17:36.0669 4212 Schedule - ok
20:17:36.0684 4212 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:17:36.0731 4212 SCPolicySvc - ok
20:17:36.0747 4212 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:17:36.0762 4212 sdbus - ok
20:17:36.0778 4212 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:17:36.0809 4212 SDRSVC - ok
20:17:36.0809 4212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:17:36.0871 4212 secdrv - ok
20:17:36.0871 4212 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:17:36.0918 4212 seclogon - ok
20:17:36.0934 4212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:17:36.0996 4212 SENS - ok
20:17:37.0012 4212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:17:37.0027 4212 SensrSvc - ok
20:17:37.0043 4212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:17:37.0059 4212 Serenum - ok
20:17:37.0074 4212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:17:37.0090 4212 Serial - ok
20:17:37.0105 4212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:17:37.0121 4212 sermouse - ok
20:17:37.0137 4212 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:17:37.0183 4212 SessionEnv - ok
20:17:37.0199 4212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:17:37.0246 4212 sffdisk - ok
20:17:37.0261 4212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:17:37.0277 4212 sffp_mmc - ok
20:17:37.0293 4212 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:17:37.0308 4212 sffp_sd - ok
20:17:37.0308 4212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:17:37.0339 4212 sfloppy - ok
20:17:37.0371 4212 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:17:37.0402 4212 Sftfs - ok
20:17:37.0464 4212 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:17:37.0511 4212 sftlist - ok
20:17:37.0527 4212 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:17:37.0542 4212 Sftplay - ok
20:17:37.0558 4212 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:17:37.0573 4212 Sftredir - ok
20:17:37.0589 4212 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:17:37.0605 4212 Sftvol - ok
20:17:37.0620 4212 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:17:37.0636 4212 sftvsa - ok
20:17:37.0651 4212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:17:37.0698 4212 SharedAccess - ok
20:17:37.0729 4212 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:37.0745 4212 ShellHWDetection - ok
20:17:37.0776 4212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:17:37.0776 4212 SiSRaid2 - ok
20:17:37.0792 4212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:17:37.0807 4212 SiSRaid4 - ok
20:17:37.0823 4212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:17:37.0870 4212 Smb - ok
20:17:37.0885 4212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:17:37.0917 4212 SNMPTRAP - ok
20:17:37.0932 4212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:17:37.0932 4212 spldr - ok
20:17:37.0979 4212 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
20:17:38.0041 4212 Spooler - ok
20:17:38.0119 4212 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:17:38.0182 4212 sppsvc - ok
20:17:38.0197 4212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:17:38.0244 4212 sppuinotify - ok
20:17:38.0275 4212 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:17:38.0307 4212 srv - ok
20:17:38.0322 4212 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:17:38.0369 4212 srv2 - ok
20:17:38.0400 4212 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:17:38.0416 4212 SrvHsfHDA - ok
20:17:38.0463 4212 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:17:38.0509 4212 SrvHsfV92 - ok
20:17:38.0525 4212 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:17:38.0556 4212 SrvHsfWinac - ok
20:17:38.0587 4212 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:17:38.0603 4212 srvnet - ok
20:17:38.0634 4212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:17:38.0681 4212 SSDPSRV - ok
20:17:38.0697 4212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:17:38.0743 4212 SstpSvc - ok
20:17:38.0790 4212 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:17:38.0853 4212 STacSV - ok
20:17:38.0868 4212 Steam Client Service - ok
20:17:38.0915 4212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:17:38.0931 4212 stexstor - ok
20:17:38.0962 4212 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:17:38.0993 4212 STHDA - ok
20:17:39.0024 4212 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:17:39.0055 4212 stisvc - ok
20:17:39.0071 4212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:17:39.0087 4212 swenum - ok
20:17:39.0102 4212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:17:39.0149 4212 swprv - ok
20:17:39.0180 4212 [ 7369D6268E21481A8DCB8E94063C47B1 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:17:39.0196 4212 SynTP - ok
20:17:39.0227 4212 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:17:39.0274 4212 SysMain - ok
20:17:39.0289 4212 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:39.0321 4212 TabletInputService - ok
20:17:39.0336 4212 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:17:39.0383 4212 TapiSrv - ok
20:17:39.0399 4212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:17:39.0445 4212 TBS - ok
20:17:39.0508 4212 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:17:39.0555 4212 Tcpip - ok
20:17:39.0601 4212 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:17:39.0648 4212 TCPIP6 - ok
20:17:39.0679 4212 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:17:39.0742 4212 tcpipreg - ok
20:17:39.0757 4212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:17:39.0773 4212 TDPIPE - ok
20:17:39.0804 4212 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:17:39.0820 4212 TDTCP - ok
20:17:39.0835 4212 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:17:39.0882 4212 tdx - ok
20:17:39.0882 4212 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:17:39.0898 4212 TermDD - ok
20:17:39.0913 4212 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:17:39.0976 4212 TermService - ok
20:17:40.0007 4212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:17:40.0054 4212 Themes - ok
20:17:40.0069 4212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:17:40.0132 4212 THREADORDER - ok
20:17:40.0147 4212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:17:40.0179 4212 TrkWks - ok
20:17:40.0225 4212 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:40.0257 4212 TrustedInstaller - ok
20:17:40.0288 4212 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:40.0350 4212 tssecsrv - ok
20:17:40.0366 4212 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:17:40.0413 4212 tunnel - ok
20:17:40.0428 4212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:17:40.0444 4212 uagp35 - ok
20:17:40.0459 4212 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:17:40.0491 4212 udfs - ok
20:17:40.0506 4212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:17:40.0522 4212 UI0Detect - ok
20:17:40.0522 4212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:17:40.0537 4212 uliagpkx - ok
20:17:40.0553 4212 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:17:40.0569 4212 umbus - ok
20:17:40.0584 4212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:17:40.0600 4212 UmPass - ok
20:17:40.0709 4212 [ 0FADD949576A164B4E51E716F46B6C33 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:17:40.0756 4212 UNS - ok
20:17:40.0787 4212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:17:40.0834 4212 upnphost - ok
20:17:40.0865 4212 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:17:40.0896 4212 USBAAPL64 - ok
20:17:40.0927 4212 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:40.0943 4212 usbccgp - ok
20:17:40.0959 4212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:17:40.0990 4212 usbcir - ok
20:17:41.0021 4212 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:17:41.0037 4212 usbehci - ok
20:17:41.0052 4212 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:17:41.0068 4212 usbhub - ok
20:17:41.0099 4212 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:17:41.0115 4212 usbohci - ok
20:17:41.0130 4212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:17:41.0146 4212 usbprint - ok
20:17:41.0177 4212 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:17:41.0208 4212 usbscan - ok
20:17:41.0224 4212 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:17:41.0255 4212 USBSTOR - ok
20:17:41.0286 4212 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:17:41.0302 4212 usbuhci - ok
20:17:41.0317 4212 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:17:41.0349 4212 usbvideo - ok
20:17:41.0380 4212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:17:41.0427 4212 UxSms - ok
20:17:41.0473 4212 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:17:41.0489 4212 VaultSvc - ok
20:17:41.0567 4212 [ 8159F83408230045F731C6C7799A7D44 ] vcsFPService C:\Windows\system32\vcsFPService.exe
20:17:41.0614 4212 vcsFPService - ok
20:17:41.0645 4212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:17:41.0645 4212 vdrvroot - ok
20:17:41.0676 4212 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:17:41.0707 4212 vds - ok
20:17:41.0723 4212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:41.0754 4212 vga - ok
20:17:41.0754 4212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:17:41.0801 4212 VgaSave - ok
20:17:41.0832 4212 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:17:41.0848 4212 vhdmp - ok
20:17:41.0863 4212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:17:41.0879 4212 viaide - ok
20:17:41.0895 4212 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:17:41.0910 4212 volmgr - ok
20:17:41.0926 4212 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:17:41.0941 4212 volmgrx - ok
20:17:41.0957 4212 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:17:41.0973 4212 volsnap - ok
20:17:41.0988 4212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:17:41.0988 4212 vsmraid - ok
20:17:42.0035 4212 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:17:42.0066 4212 VSS - ok
20:17:42.0082 4212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:17:42.0097 4212 vwifibus - ok
20:17:42.0113 4212 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:17:42.0144 4212 vwififlt - ok
20:17:42.0160 4212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:17:42.0207 4212 W32Time - ok
20:17:42.0222 4212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:17:42.0238 4212 WacomPen - ok
20:17:42.0238 4212 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:17:42.0285 4212 WANARP - ok
20:17:42.0285 4212 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:17:42.0331 4212 Wanarpv6 - ok
20:17:42.0378 4212 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:17:42.0409 4212 WatAdminSvc - ok
20:17:42.0441 4212 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:17:42.0472 4212 wbengine - ok
20:17:42.0487 4212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:17:42.0519 4212 WbioSrvc - ok
20:17:42.0534 4212 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:17:42.0565 4212 wcncsvc - ok
20:17:42.0581 4212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:42.0597 4212 WcsPlugInService - ok
20:17:42.0612 4212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:17:42.0643 4212 Wd - ok
20:17:42.0659 4212 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:17:42.0690 4212 Wdf01000 - ok
20:17:42.0706 4212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:17:42.0721 4212 WdiServiceHost - ok
20:17:42.0737 4212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:17:42.0753 4212 WdiSystemHost - ok
20:17:42.0784 4212 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
20:17:42.0799 4212 WebClient - ok
20:17:42.0799 4212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:17:42.0877 4212 Wecsvc - ok
20:17:42.0893 4212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:17:42.0940 4212 wercplsupport - ok
20:17:42.0955 4212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:17:43.0002 4212 WerSvc - ok
20:17:43.0018 4212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:17:43.0065 4212 WfpLwf - ok
20:17:43.0080 4212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:17:43.0080 4212 WIMMount - ok
20:17:43.0096 4212 WinDefend - ok
20:17:43.0096 4212 WinHttpAutoProxySvc - ok
20:17:43.0143 4212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:17:43.0221 4212 Winmgmt - ok
20:17:43.0267 4212 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:17:43.0345 4212 WinRM - ok
20:17:43.0377 4212 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:17:43.0408 4212 WinUSB - ok
20:17:43.0439 4212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:17:43.0470 4212 Wlansvc - ok
20:17:43.0579 4212 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:17:43.0642 4212 wlidsvc - ok
20:17:43.0657 4212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:17:43.0657 4212 WmiAcpi - ok
20:17:43.0689 4212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:17:43.0704 4212 wmiApSrv - ok
20:17:43.0720 4212 WMPNetworkSvc - ok
20:17:43.0735 4212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:17:43.0751 4212 WPCSvc - ok
20:17:43.0767 4212 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:17:43.0813 4212 WPDBusEnum - ok
20:17:43.0860 4212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:17:43.0923 4212 ws2ifsl - ok
20:17:43.0954 4212 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
20:17:43.0969 4212 wscsvc - ok
20:17:43.0985 4212 WSearch - ok
20:17:44.0063 4212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:17:44.0141 4212 wuauserv - ok
20:17:44.0157 4212 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:17:44.0204 4212 WudfPf - ok
20:17:44.0219 4212 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:17:44.0266 4212 WUDFRd - ok
20:17:44.0282 4212 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:17:44.0328 4212 wudfsvc - ok
20:17:44.0344 4212 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:17:44.0375 4212 WwanSvc - ok
20:17:44.0406 4212 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:17:44.0422 4212 yukonw7 - ok
20:17:44.0438 4212 ================ Scan global ===============================
20:17:44.0453 4212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:17:44.0500 4212 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:17:44.0516 4212 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:17:44.0547 4212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:17:44.0562 4212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:17:44.0578 4212 [Global] - ok
20:17:44.0578 4212 ================ Scan MBR ==================================
20:17:44.0594 4212 [ 58414DEC5E3EB1A96FCCA98C1CE742E4 ] \Device\Harddisk0\DR0
20:17:44.0937 4212 \Device\Harddisk0\DR0 - ok
20:17:44.0937 4212 ================ Scan VBR ==================================
20:17:44.0937 4212 [ 91CE6409BDB0FD9368F991958E5A47B8 ] \Device\Harddisk0\DR0\Partition1
20:17:44.0937 4212 \Device\Harddisk0\DR0\Partition1 - ok
20:17:44.0968 4212 [ D494E084AB43E91C7CB2D07B05CD7958 ] \Device\Harddisk0\DR0\Partition2
20:17:44.0984 4212 \Device\Harddisk0\DR0\Partition2 - ok
20:17:45.0015 4212 [ B95FDDC6BA88166679BBA7158E941C29 ] \Device\Harddisk0\DR0\Partition3
20:17:45.0015 4212 \Device\Harddisk0\DR0\Partition3 - ok
20:17:45.0030 4212 [ 68A3E4EF29E43B9B00EAFE6F235E5708 ] \Device\Harddisk0\DR0\Partition4
20:17:45.0030 4212 \Device\Harddisk0\DR0\Partition4 - ok
20:17:45.0030 4212 ============================================================
20:17:45.0030 4212 Scan finished
20:17:45.0030 4212 ============================================================
20:17:45.0046 2952 Detected object count: 2
20:17:45.0046 2952 Actual detected object count: 2
20:18:22.0363 2952 HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0363 2952 HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:22.0363 2952 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:22.0363 2952 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:19:16.0230 5596 Deinitialize success


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/08/2012 21:02:22

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2012 20:23:00
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/08/2012 18:09:58
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/08/2012 15:18:21
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/08/2012 15:36:06
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/08/2012 14:21:36
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/08/2012 18:56:35
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/08/2012 14:31:53
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/08/2012 18:00:39
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/08/2012 06:17:45
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/08/2012 21:46:43
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/08/2012 18:08:26
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 31/07/2012 22:39:04
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/07/2012 08:27:10
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/08/2012 18:54:05
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 30/08/2012 18:47:02
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 30/08/2012 18:42:13
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 30/08/2012 17:27:35
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

Log: 'System' Date/Time: 30/08/2012 17:27:19
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: discache DVMIO spldr Wanarpv6

Log: 'System' Date/Time: 30/08/2012 17:27:16
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 30/08/2012 17:18:00
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

Log: 'System' Date/Time: 30/08/2012 17:18:00
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 30/08/2012 17:18:00
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 30/08/2012 17:17:58
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 30/08/2012 17:17:50
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 30/08/2012 17:17:44
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: discache DVMIO spldr Wanarpv6

Log: 'System' Date/Time: 30/08/2012 17:17:42
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 30/08/2012 17:13:22
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

Log: 'System' Date/Time: 30/08/2012 17:13:23
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 30/08/2012 17:13:23
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 30/08/2012 17:13:22
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 30/08/2012 17:13:15
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 30/08/2012 17:13:06
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: discache DVMIO spldr Wanarpv6

Log: 'System' Date/Time: 30/08/2012 17:13:03
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/08/2012 19:41:00
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/08/2012 19:41:00
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 30/08/2012 19:21:36
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/08/2012 19:21:36
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 30/08/2012 18:21:23
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pixel.quantserve.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 18:21:22
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name imgcdn.geekstogo.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 18:21:20
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name p5-fytzwfirqa7qi-u2py5vptwxy7qpbx-679272-i1-v6exp3-ds.metric.gstatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 18:21:14
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name p5-fytzwfirqa7qi-u2py5vptwxy7qpbx-679272-i2-v6exp3-v4.metric.gstatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 18:20:20
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name p5-dyfbgbdcjid2g-g4eb5hfpnn6kt6rn-928745-i2-v6exp3-ds.metric.gstatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 18:20:12
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name tag.admeld.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 17:30:43
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 17:29:56
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/08/2012 17:29:25
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 30/08/2012 17:28:23
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/08/2012 17:27:19
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 30/08/2012 17:26:11
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/08/2012 17:17:45
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 30/08/2012 17:16:27
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/08/2012 17:13:06
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 29/08/2012 22:42:06
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.08

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
darjas :: HP [administrator]

Protection: Disabled

29/08/2012 19:51:46
mbam-log-2012-08-29 (19-51-46).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 574315
Time elapsed: 1 hour(s), 33 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\darjas\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\darjas\AppData\Local\Temp\install_0_msi.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\darjas\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\darjas\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)



OTL logfile created on: 8/30/2012 9:06:18 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\darjas\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 57.35% Memory free
7.60 Gb Paging File | 5.59 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.99 Gb Total Space | 378.90 Gb Free Space | 85.34% Space Free | Partition Type: NTFS
Drive D: | 21.47 Gb Total Space | 3.13 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 90.25 Mb Free Space | 91.14% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: darjas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 23:05:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\darjas\Desktop\OTL (1).exe
PRC - [2012/08/24 15:22:17 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/08/04 01:23:33 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/24 17:37:58 | 000,076,584 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
PRC - [2010/02/09 00:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/01/25 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/26 13:03:37 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/08/24 15:22:16 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/24 15:22:16 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/24 15:22:16 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/24 15:22:16 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/24 15:22:16 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/06/14 21:21:18 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012/06/14 21:20:40 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012/05/14 20:00:30 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012/05/10 16:46:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 16:45:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 16:45:47 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/10 16:44:49 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/10 16:44:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/10 16:44:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/10 16:44:32 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 16:44:10 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/28 01:06:00 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/01/28 01:06:00 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/01/28 01:05:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/01/28 01:05:58 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/01/28 01:05:58 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/01/28 01:05:56 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/01/28 01:05:56 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/01/28 01:05:52 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/22 18:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/22 18:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/22 18:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 22:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/03/20 16:37:40 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/20 16:37:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/01/22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/18 23:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2010/01/06 09:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/12/30 20:22:12 | 000,444,680 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2009/12/29 22:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/16 22:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2012/08/24 15:22:17 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/05/01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/24 17:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/09 00:48:24 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/06 08:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/20 16:37:41 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/10 00:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/30 04:30:10 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 17:08:28 | 008,034,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/01/22 17:08:28 | 008,034,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/11 23:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/28 02:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{F2A368A9-2DE8-4206-B5F5-B39E310AFD1F}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{F2A368A9-2DE8-4206-B5F5-B39E310AFD1F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\FantastiGames\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\darjas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\darjas\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/06/08 10:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2012/06/16 21:39:16 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\darjas\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\darjas\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\darjas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\darjas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\darjas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/30 19:53:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (HP SimplePass Identity Protection Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1731402E-4112-40EA-8168-FA80DAA42FAB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C00623A-E68A-48C5-810A-695DCD7152A7}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 20:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/30 20:26:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 20:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/30 20:24:37 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\darjas\Desktop\mbam-setup-1.62.0.1300 (1).exe
[2012/08/30 20:23:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/30 20:14:29 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\darjas\Desktop\tdsskiller.exe
[2012/08/30 19:51:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/30 19:32:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/30 19:32:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/30 19:32:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/30 19:19:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/30 19:19:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/30 19:13:45 | 000,000,000 | ---D | C] -- C:\Users\darjas\Desktop\Combofix by sUBs - Geeks to Go Forums_files
[2012/08/30 19:12:31 | 004,742,169 | R--- | C] (Swearware) -- C:\Users\darjas\Desktop\ComboFix.exe
[2012/08/30 19:07:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\darjas\Desktop\aswMBR (2).exe
[2012/08/30 19:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/08/30 19:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/30 19:02:06 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/08/30 19:02:06 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/30 19:02:06 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/08/30 19:02:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/08/30 19:02:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/08/30 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/08/30 18:25:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/29 23:05:41 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\darjas\Desktop\OTL (1).exe
[2012/08/29 22:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/29 22:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/29 22:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/29 19:51:04 | 000,000,000 | ---D | C] -- C:\Users\darjas\AppData\Roaming\Malwarebytes
[2012/08/29 19:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/26 13:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/08/26 13:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/08/19 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\darjas\Documents\UK Truck Simulator
[2012/08/19 19:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK Truck Simulator
[2012/08/19 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UK Truck Simulator
[2012/08/15 18:29:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 18:29:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 18:29:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 18:29:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 18:29:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 18:29:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 18:29:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 18:29:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 18:29:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 18:29:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 18:29:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 18:29:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 18:29:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 07:31:49 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 07:31:44 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 07:31:44 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 07:31:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 07:31:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 07:31:17 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 07:31:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 07:31:15 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 07:17:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/02 18:52:56 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe

========== Files - Modified Within 30 Days ==========

[2012/08/30 21:00:52 | 000,061,440 | ---- | M] ( ) -- C:\Users\darjas\Desktop\VEW.exe
[2012/08/30 20:49:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/30 20:49:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/30 20:49:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-76527413-3281448900-1387326364-1000UA.job
[2012/08/30 20:41:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/30 20:41:42 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/30 20:26:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/30 20:24:45 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\darjas\Desktop\mbam-setup-1.62.0.1300 (1).exe
[2012/08/30 20:14:31 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\darjas\Desktop\tdsskiller.exe
[2012/08/30 19:53:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/30 19:18:50 | 004,742,169 | R--- | M] (Swearware) -- C:\Users\darjas\Desktop\ComboFix.exe
[2012/08/30 19:14:24 | 000,089,843 | ---- | M] () -- C:\Users\darjas\Desktop\download.htm
[2012/08/30 19:13:45 | 000,112,526 | ---- | M] () -- C:\Users\darjas\Desktop\Combofix by sUBs - Geeks to Go Forums.htm
[2012/08/30 19:08:55 | 000,000,512 | ---- | M] () -- C:\Users\darjas\Desktop\MBR.dat
[2012/08/30 19:07:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\darjas\Desktop\aswMBR (2).exe
[2012/08/30 19:01:58 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/08/30 19:01:58 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/30 19:01:58 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/08/30 19:01:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/08/30 19:01:58 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/08/29 23:05:35 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\darjas\Desktop\OTL (1).exe
[2012/08/29 22:49:26 | 000,001,282 | ---- | M] () -- C:\Users\darjas\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/29 22:49:26 | 000,001,258 | ---- | M] () -- C:\Users\darjas\Desktop\Spybot - Search & Destroy.lnk
[2012/08/26 15:19:59 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordarjas.job
[2012/08/26 13:03:44 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/25 23:49:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-76527413-3281448900-1387326364-1000Core.job
[2012/08/22 16:50:27 | 000,002,416 | ---- | M] () -- C:\Users\darjas\Desktop\Google Chrome.lnk
[2012/08/20 16:06:02 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\UK Truck Simulator.lnk
[2012/08/15 22:02:33 | 000,285,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 07:17:50 | 343,293,596 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/08/30 21:00:51 | 000,061,440 | ---- | C] ( ) -- C:\Users\darjas\Desktop\VEW.exe
[2012/08/30 20:26:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/30 19:32:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/30 19:32:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/30 19:32:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/30 19:32:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/30 19:32:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/30 19:14:28 | 000,089,843 | ---- | C] () -- C:\Users\darjas\Desktop\download.htm
[2012/08/30 19:13:43 | 000,112,526 | ---- | C] () -- C:\Users\darjas\Desktop\Combofix by sUBs - Geeks to Go Forums.htm
[2012/08/30 19:08:55 | 000,000,512 | ---- | C] () -- C:\Users\darjas\Desktop\MBR.dat
[2012/08/29 22:49:26 | 000,001,282 | ---- | C] () -- C:\Users\darjas\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/29 22:49:26 | 000,001,258 | ---- | C] () -- C:\Users\darjas\Desktop\Spybot - Search & Destroy.lnk
[2012/08/26 13:03:44 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/20 16:06:02 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\UK Truck Simulator.lnk
[2012/08/15 07:17:50 | 343,293,596 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/14 23:24:55 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/29 14:48:49 | 000,001,854 | ---- | C] () -- C:\Users\darjas\AppData\Roaming\GhostObjGAFix.xml
[2010/12/25 17:44:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9500420AS
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 444.00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 21.00GB
Starting Offset: 476942696448
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 499998785536
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/03/25 19:10:23 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Adobe
[2012/05/16 18:46:37 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Apple Computer
[2010/12/25 10:55:05 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\ATI
[2012/05/28 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\CyberLink
[2010/12/25 10:45:39 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\DigitalPersona
[2011/04/18 18:35:51 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Epson
[2011/02/24 22:30:49 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Hewlett-Packard
[2011/02/06 15:28:06 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\HP Support Assistant
[2011/02/13 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\hpqlog
[2011/02/06 15:28:06 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\HpUpdate
[2010/12/25 10:53:41 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Identities
[2011/03/29 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\InstallShield
[2010/12/25 16:09:01 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Macromedia
[2012/08/29 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Malwarebytes
[2010/06/08 10:33:08 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Media Center Programs
[2012/06/15 20:52:34 | 000,000,000 | --SD | M] -- C:\Users\darjas\AppData\Roaming\Microsoft
[2012/08/30 20:42:50 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Skype
[2012/07/02 18:16:09 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\SoftGrid Client
[2012/06/15 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\TP
[2010/12/25 11:35:23 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\WildTangent
[2011/03/22 23:37:32 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\Windows Live Writer
[2012/01/31 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\darjas\AppData\Roaming\_MDLogs

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/05/18 15:43:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/05/18 15:40:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/05/18 15:43:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/05/18 15:40:30 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/05/18 15:43:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/05/18 15:40:30 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/05/18 15:43:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/05/18 15:40:30 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\erdnt\cache86\mswsock.dll
[2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\SysWOW64\mswsock.dll
[2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 14:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 13:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/14 02:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\erdnt\cache64\mswsock.dll
[2009/07/14 02:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\SysNative\mswsock.dll
[2009/07/14 02:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/14 02:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/14 02:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\SysWOW64\nlaapi.dll
[2009/07/14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2010/11/20 13:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 14:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2009/07/14 02:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\SysNative\nlaapi.dll
[2009/07/14 02:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/14 02:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/14 02:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 02:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/14 02:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/05/18 15:43:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/05/18 15:43:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/05/18 15:43:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/05/18 15:43:08 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 02:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/14 02:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\darjas\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\darjas\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\darjas\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\darjas\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/21 18:03:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/21 18:03:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/21 18:03:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\DARJAS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\DARJAS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\DARJAS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\DARJAS\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/21 18:03:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/21 18:03:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/21 18:03:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >



OTL Extras logfile created on: 8/30/2012 9:06:18 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\darjas\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 57.35% Memory free
7.60 Gb Paging File | 5.59 Gb Available in Paging File | 73.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.99 Gb Total Space | 378.90 Gb Free Space | 85.34% Space Free | Partition Type: NTFS
Drive D: | 21.47 Gb Total Space | 3.13 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 90.25 Mb Free Space | 91.14% Space Free | Partition Type: FAT32

Computer Name: HP | User Name: darjas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\darjas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17FD1702-0B02-4678-AFD6-52B1A38B7B89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{327C30F9-7903-4775-8679-3EAC149EDD1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3E76F8-BDE7-467C-AD35-21613EA18644}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0FF2BBED-7482-46F5-BAFE-F75E2A45D879}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{18CFD0C0-1A45-4C46-AB46-DB60C4CE3784}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{1D5F7D7B-6095-4B6A-A6D4-016085229A75}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{241A4F37-29FA-46F7-BA09-025843D30945}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{2D896954-DBC1-4811-8707-425CF0D80D31}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{38825681-6A36-4C1D-BF13-F5D05153BBAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{4104D0CF-0221-4F15-8887-41D72514CEE1}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{4B5AF9B6-901F-44DF-88A9-F0380FCBF9E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qp.exe |
"{4C065E6B-8A1F-4DFB-A9D7-F6203E616065}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{51B12446-8C7F-401D-8510-26F01BDBFC99}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{55CC095A-44C6-4914-9252-EBE0D19D2E0F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{594B18B5-380A-4E2D-A7EA-0C2A4D284713}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{768B5163-CC34-4D3D-8FCE-44B7682B85AA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{7841A1C2-BDDC-4466-AB60-28D7B8AF331C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{7D1BCC52-C8D1-443C-93AE-49E39C5EA24E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9726FFD6-949B-449C-A408-02D5F5D61CA3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
"{9BC18D91-9C4B-4FB0-BF99-FA3D2A9021F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F179D81-DAEA-49DF-91F5-31F620CC8BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{9F82CCF3-21B4-4941-8B05-E6A673067C8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCFA5FAA-6B5B-4241-A195-5B5D7F5DA981}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BDAB037D-7C7A-4B62-8918-E8F39A77749A}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{C4F7CAFE-DC78-42CF-86B1-FBDB489B5CC0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CE3DBA52-4BD5-444D-966F-2A86AFCBE993}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC3B8747-3B02-481A-9C54-3790F94B9D58}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DE73389F-4CA0-405F-9A69-B21C85461F93}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qpservice.exe |
"{E02A1829-9029-4F16-960D-022F2A71E1AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{E133CB7A-0616-4F36-B3F3-EE070360C733}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{ED4167A2-2591-479A-916E-3B7FB5BBDF4C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{FF6752E4-C6BD-478B-B2AD-475477E6D7E9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{F392F537-2796-46C4-8139-A68106D88FD2}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{FA12771F-622F-4A1D-A539-31CA7A45731C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EC72C7A8-377D-2A55-C6DD-7F78D8FDA75A}" = ccc-utility64
"{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}" = Validity Sensors DDK
"{F20DF0CA-5929-4C26-A501-FDB19FDF0A50}" = HP SimplePass Identity Protection
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F72FC7C5-5D2F-41EC-11DE-FD9F5F6D415A}" = ATI Catalyst Install Manager
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{08C94F9D-EB51-D748-E299-E347A2C14A81}" = PX Profile Update
"{0CD13A6E-02F9-F579-098C-85C97FEFFC50}" = Catalyst Control Center Graphics Full Existing
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{16EB4BD9-9F50-173A-ACE7-F79018319EC9}" = CCC Help Chinese Standard
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{188E3023-961F-2760-3A2B-A8226B9FC7BD}" = Catalyst Control Center Graphics Previews Common
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}" = HP User Guides 0176
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java™ 6 Update 34
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = FantastiGames
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{321DC370-3241-F037-05C4-5A675526BDD9}" = CCC Help Czech
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36069430-7A6F-72E6-EF30-CA411132DB56}" = Catalyst Control Center Graphics Light
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{43969854-00A9-264C-B75D-C0C6198DE080}" = CCC Help Turkish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{590A2658-60DD-35A8-1039-73DF201ADDAE}" = CCC Help Japanese
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64697847-F052-3DD7-545A-D738D98EDCB8}" = CCC Help French
"{64F7810B-1007-D5AC-5329-9ED3B58D280A}" = CCC Help Portuguese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{655E1AAC-FD77-AC36-8864-5084D321708F}" = CCC Help Thai
"{6ACF87EE-0C55-43DB-8861-84EC53EF3841}" = Catalyst Control Center Graphics Previews Vista
"{6BE14C99-7BA6-9BAF-556B-0EF9620326DB}" = CCC Help Italian
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B23F3F-FEE2-F533-92BA-900EC9D17FF1}" = CCC Help Spanish
"{7F4BC97F-4203-8544-F472-0A04B7694FE3}" = Catalyst Control Center Localization All
"{80DD44E8-3624-AAF2-9605-CE06299DC44E}" = CCC Help Finnish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{845B064A-E1E3-9427-9724-983C06BF3D54}" = CCC Help Danish
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0D6DC7-5B6D-3FA5-9634-17393849CD07}" = CCC Help Korean
"{8C69826D-0EEE-5786-7D26-30D238758174}" = CCC Help Chinese Traditional
"{8F0D054F-BE75-8AE7-33F0-B66A7A5732DC}" = CCC Help Dutch
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A05F9E5-B7CF-FAA4-27BF-1AB02B810C17}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABB092F-47B1-A5FE-A565-5F0B02E0370F}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{B9F4E4D8-19E3-12F7-ED3C-BD44D201B780}" = CCC Help Norwegian
"{BB553EAD-4EEC-C92E-41E3-64BFF5114635}" = CCC Help Greek
"{BDDDF6F6-7EC9-5921-98BA-83E5D727846E}" = CCC Help English
"{C1A0D5F7-02F3-4D95-872A-0E56CF968DC6}" = Catalyst Control Center - Branding
"{C371EF5D-ADA8-568F-2157-A61D266BE5E3}" = CCC Help Polish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBC09103-563D-87E6-FADA-BEDF944615D7}" = CCC Help Swedish
"{CC7553CB-AB4E-5BCA-DC44-54D823B83E60}" = Catalyst Control Center InstallProxy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D89272DE-CF29-8D5C-B01A-410F06E2E903}" = ccc-core-static
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EA407008-B75B-B657-0B1C-7D3394783D2A}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FBAFC032-87CF-7E5C-827D-E3BF924B1770}" = Catalyst Control Center Graphics Full New
"{FCCAFC12-0033-C4AA-A322-D086EAC3BE80}" = CCC Help Russian
"{FEC7B56F-A010-4866-809E-F5082CF5BB8C}" = HP ENVY Document Card Utilities
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bus Driver" = Bus Driver
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series Manual" = EPSON SX218 Series Manual
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Searchqu Toolbar" = Searchqu Toolbar
"Steam App 24010" = Train Simulator 2012
"Steam App 39800" = Nation Red
"Trucks & Trailers" = Trucks & Trailers 1.00
"UK Truck Simulator" = UK Truck Simulator 1.02
"Veetle TV" = Veetle TV
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082439" = Bus Driver
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082463" = Zuma's Revenge
"WT083484" = Escape Rosecliff Island
"WT083492" = Agatha Christie - Death on the Nile
"WTA-7238312e-b737-45d8-8ea9-5adc6c91aacf" = Airport Mania
"WTA-9d8058ae-3885-4c4f-91db-a96904839e4f" = Big City Adventure - Sydney

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 4/3/2011 10:12:17 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041103031215.xml
File not created by asset agent

Error - 7/29/2011 9:48:49 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071129024841.xml
File not created by asset agent

Error - 8/29/2011 1:52:44 PM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081129065242.xml
File not created by asset agent

Error - 9/11/2011 10:27:24 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091111032722.xml
File not created by asset agent

Error - 10/23/2011 9:42:49 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101123024247.xml
File not created by asset agent

Error - 1/15/2012 6:32:01 AM | Computer Name = hp | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011215103157.xml
File not created by asset agent

Error - 8/28/2012 2:35:49 PM | Computer Name = hp | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 8/28/2012 2:35:59 PM | Computer Name = hp | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 40 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 8/29/2012 5:42:36 PM | Computer Name = hp | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 40 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ HP Wireless Assistant Events ]
Error - 8/6/2012 6:28:51 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 10:28:38 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 11:14:38 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/6/2012 6:38:59 PM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 4:02:54 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 8:52:04 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 9:53:37 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 11:42:25 AM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 1:17:35 PM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/7/2012 3:32:14 PM | Computer Name = hp | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

[ System Events ]
Error - 8/30/2012 1:17:58 PM | Computer Name = hp | Source = DCOM | ID = 10005
Description =

Error - 8/30/2012 1:18:00 PM | Computer Name = hp | Source = DCOM | ID = 10005
Description =

Error - 8/30/2012 1:18:00 PM | Computer Name = hp | Source = DCOM | ID = 10005
Description =

Error - 8/30/2012 1:18:00 PM | Computer Name = hp | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll
Error
Code: 21

Error - 8/30/2012 1:27:16 PM | Computer Name = hp | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1068

Error - 8/30/2012 1:27:19 PM | Computer Name = hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache DVMIO spldr Wanarpv6

Error - 8/30/2012 1:27:35 PM | Computer Name = hp | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll
Error
Code: 21

Error - 8/30/2012 2:42:13 PM | Computer Name = hp | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/30/2012 2:47:02 PM | Computer Name = hp | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/30/2012 2:54:05 PM | Computer Name = hp | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Logs look pretty clean. Let's clean the temp files since some of the infection appears to live there.
We used to clean the temp files routinely but there is a virus now that removes all of the shortcuts from Start, All Programs and hides them there so we wait until we are sure that everything is OK.

Warning do not clear the temp files if you are missing the start menu links!

Download TFC by OldTimer

http://oldtimer.geekstogo.com/TFC.exe

to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Some variations on the malware actually encrypt all of your documents and pictures so you can't open them any more. Can you verify that this is not the case with yours?
  • 0

#7
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi Ron,

Ran that and all seems well, pictures, documents etc all open fine
  • 0

#8
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
sorry duplicate post

Edited by Steviep, 30 August 2012 - 04:07 PM.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
OK. I think it's clean. IF you have the time you can run the free online scan from ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

It may find files in C:\_OTL\ or C:\qoobox but these have already been removed so nothing to worry about.
  • 0

#10
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi Ron, here is the log:


[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b2e576dd68a36448d496c947f2fca83
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-30 11:22:27
# local_time=2012-08-31 12:22:27 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 4388 4388 0 0
# compatibility_mode=5893 16776574 100 94 2698 98830207 0 0
# compatibility_mode=8192 67108863 100 0 178 178 0 0
# scanned=170276
# found=0
# cleaned=0
# scan_time=3789
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b2e576dd68a36448d496c947f2fca83
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 01:15:51
# local_time=2012-08-31 02:15:51 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 8283 8283 0 0
# compatibility_mode=5893 16776574 100 94 6593 98834102 0 0
# compatibility_mode=8192 67108863 100 0 4073 4073 0 0
# scanned=327739
# found=4
# cleaned=4
# scan_time=6698
C:\_OTL\MovedFiles\08302012_182549\C_Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08302012_182549\C_Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08302012_182549\C_Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08302012_182549\C_Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b2e576dd68a36448d496c947f2fca83
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-01 12:00:14
# local_time=2012-09-01 01:00:14 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 95198 95198 0 0
# compatibility_mode=5893 16776574 100 94 93508 98921017 0 0
# compatibility_mode=8192 67108863 100 0 90988 90988 0 0
# scanned=48043
# found=0
# cleaned=0
# scan_time=1647
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b2e576dd68a36448d496c947f2fca83
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-01 12:29:42
# local_time=2012-09-01 01:29:42 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 128937 128937 0 0
# compatibility_mode=5893 16776574 100 94 127247 98954756 0 0
# compatibility_mode=8192 67108863 100 0 124727 124727 0 0
# scanned=329550
# found=0
# cleaned=0
# scan_time=12875
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b2e576dd68a36448d496c947f2fca83
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-01 08:50:41
# local_time=2012-09-01 09:50:41 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 159181 159181 0 0
# compatibility_mode=5893 16776574 100 94 157491 98985000 0 0
# compatibility_mode=8192 67108863 100 0 154971 154971 0 0
# scanned=329560
# found=0
# cleaned=0
# scan_time=12691
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Looks good. I think we got all of it. We can clean up now:

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently actually makes things worse.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#12
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Many thanks for your help Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP