Just a few points that came up during all the scans and logs.
1. I ran Combofix using the 'Run as Administrator' option, however when Combofix was running I did get a Warning window saying:
"Combofix is attempting to run. Access denied. Administrator priveleges are needed to use the selected options. Use an administrator command to prompt to complete these tasks. Attempting to create a new system restore point".
The scan still seemed to run ok, but there were a few Stages where it mentioned access had been denied.
2. When running TDSSkiller, I got an Error window 'Can't load driver', but just clicked OK, and it proceeded to run.
3. Everytime Windows loads now, it boots in Test mode 'Build 6002: Service Pack 2' with a blue screen. And Test mode is shown in the 4 corners of my screen. Is this normal?
Here are the following logs:
ComboFix 12-08-31.08 - Administrator 02/09/2012 2:41.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.10230.8502 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL458.tmp
c:\users\Administrator\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
c:\users\Administrator\g2mdlhlpx.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 01:51 . 2012-09-02 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 01:51 . 2012-09-02 01:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-01 21:51 . 2012-09-01 21:51 -------- d-----w- C:\_OTL
2012-08-30 10:37 . 2012-08-30 23:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-30 10:37 . 2012-08-30 10:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-30 07:43 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-30 07:43 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-30 07:43 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-30 07:43 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-30 07:43 . 2012-08-21 09:13 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-30 07:43 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-30 07:43 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-30 07:42 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-30 07:42 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-30 07:42 . 2012-08-30 07:42 -------- d-----w- c:\programdata\AVAST Software
2012-08-30 07:42 . 2012-08-30 07:42 -------- d-----w- c:\program files\AVAST Software
2012-08-30 07:26 . 2012-08-30 07:28 -------- d-----w- C:\c2a434b5512df75af25a19
2012-08-29 16:59 . 2012-08-29 16:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-29 16:58 . 2012-08-29 16:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-29 16:58 . 2012-08-29 16:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-29 16:56 . 2012-08-31 17:26 -------- d-----w- c:\program files (x86)\Citrix
2012-08-28 21:26 . 2012-08-28 21:26 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 13:29 . 2012-08-27 13:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\PDAppFlex
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\programdata\FLEXnet
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\users\Administrator\AppData\Local\Autodesk
2012-08-26 22:55 . 2012-08-26 22:55 -------- d-----w- c:\program files (x86)\Autodesk
2012-08-26 22:53 . 2012-08-26 22:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-26 22:49 . 2012-08-26 22:56 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-08-26 22:49 . 2012-08-26 22:54 -------- d-----w- c:\program files\Autodesk
2012-08-26 22:37 . 2012-08-27 11:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Autodesk
2012-08-26 22:37 . 2012-08-27 11:24 -------- d-----w- c:\programdata\Autodesk
2012-08-26 22:33 . 2012-08-26 22:33 -------- d-----w- C:\Autodesk
2012-08-26 22:30 . 2012-08-27 12:30 -------- d-----w- c:\users\Administrator\.nuke
2012-08-26 22:30 . 2012-08-26 22:30 -------- d-----w- c:\users\Administrator\AppData\Local\cache
2012-08-26 22:28 . 2012-08-26 22:30 -------- d-----w- c:\program files\Nuke6.3v8
2012-08-26 22:28 . 2012-08-26 22:28 -------- d-----w- c:\program files\The Foundry
2012-08-26 22:25 . 2012-08-26 22:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-26 22:24 . 2012-08-26 22:25 -------- d-----w- c:\program files\Adobe
2012-08-26 22:19 . 2012-08-26 22:25 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-26 20:57 . 2012-08-26 20:57 -------- d-----w- c:\users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-26 20:57 . 2012-08-26 20:57 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-08-26 15:44 . 2012-08-29 21:55 -------- d-----w- c:\users\Administrator\AppData\Local\Akamai
2012-08-14 22:28 . 2012-06-28 04:10 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-14 22:28 . 2012-06-28 03:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-14 22:27 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 22:22 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 22:22 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-14 22:22 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 16:57 . 2010-05-28 16:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 08:26 . 2012-08-28 23:48 9310152 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F0D4658-387A-484B-AAFC-BE0ABB45CCF3}\mpengine.dll
2012-08-14 22:24 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-01 23:45 . 2012-03-30 03:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 23:45 . 2011-05-30 23:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2009-05-28 11:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 17:59 . 2012-07-11 13:00 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 13:00 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 13:00 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 13:00 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 13:00 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 13:00 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-06 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ab4ace225aba4d0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
hsjxrndqv
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-30 09:12]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 19:16]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" [2008-08-20 3858432]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\ADMINI~1\AppData\Local\Temp\005E3B4.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ab4ace225aba4d0]
"ImagePath"="\SystemRoot\System32\Drivers\ab4ace225aba4d0.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="k:\\Games\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="k:\\Games\\Football Manager 2011"
"ScreenshotsDir"="k:\\Games\\Football Manager 2011"
"SaveDir"="k:\\Games\\Football Manager 2011\\"
"HistoryDir"="k:\\Games\\Football Manager 2011\\FM Genie Scout 11\\History Points"
"LangDB"="k:\\Games\\Football Manager 2011\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="k:\\Games\\Football Manager 2011\\games\\Man U 1st.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f5b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="A5-A2B0-EF5F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000005
"StaffSearchFeatureNum"=dword:00000003
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000006
"CompareFeatureNum"=dword:00000001
"ShortlistFeatureNum"=dword:00000002
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000009
"HintsFeatureNum"=dword:00000001
"GenieReportFeatureNum"=dword:00000004
"TopFormationFeatureNum"=dword:00000001
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
"VersionOf"=dword:0000007b
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Administrator\\Desktop\\Games\\Football Manager 2009\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"="k:\\Games\\Football Manager 2009\\Man Utd 2.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="A5-A2B0-EF5F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
ee,69,9a,47,00,aa,33,d1,a9,28,90,14,1d
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
ac,56,94,b9,5f,a9,e5,47,e0,c8,4c,f4,11
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cb,
09,9e,be,ea,0c,b0,9e,bd,17,8d,68,fc,dd
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
ca,76,f2,32,0d,a9,7c,db,65,c0,83,c9,b7
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:a3,af,f0,dd,54,f9,cb,01
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,29,97,36,1f,74,8f,43,af,b9,0d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,29,97,36,1f,74,8f,43,af,b9,0d,\
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\hjsplit.url"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3g2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gp2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gpp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aac"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ac3"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adt"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aif"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aifc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aiff"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amr"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ape"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.au"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b4s\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.b4s"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cda"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.divx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flac"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ifo"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m1v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2t"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2ts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u8"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mid"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mka"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mkv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mod"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp1"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpa"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpv2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NukeScript"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nsv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oga"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.pls"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ram"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmi"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmvb"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.snd"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tta"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vob"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wav"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.webm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wma"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wmv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:53,09,c2,34,e4,f3,53,34,8c,58,1e,e8,9e,89,09,3e,6b,83,15,38,e5,48,35,
24,15,da,a3,b7,45,21,60,3c,a3,37,3a,89,7b,a1,3d,78,90,7e,62,f3,1a,fe,d7,d3,\
"??"=hex:3d,e0,20,17,7e,19,c7,6d,da,21,90,a9,a1,a0,d7,c9
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\SecuROM\License information*]
"datasecu"=hex:68,dd,87,18,a6,81,21,7f,08,66,e2,4e,e4,c7,37,c5,b1,b2,28,81,77,
b5,c1,22,be,d8,8c,28,a6,5f,e1,c9,6f,10,9e,13,fe,91,b9,e3,9e,3b,96,07,7d,41,\
"rkeysecu"=hex:11,37,5f,48,de,df,82,d7,90,ec,35,6f,ef,95,25,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C6B80683-42E1-44BB-AB00-01DE6B82A393}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.474.0"
"UniqueId"="000D7EC04B7BD45B"
"ScannerBuild"=dword:000017cd
"ScannerVersionId"=dword:00001214
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
**************************************************************************
.
Completion time: 2012-09-02 03:01:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 02:01
.
Pre-Run: 301,718,245,376 bytes free
Post-Run: 302,293,180,416 bytes free
.
- - End Of File - - F3EB5E04BEB76FF46CBF0EFCCDE21434
03:03:52.0592 3708 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
03:03:52.0740 3708 ============================================================
03:03:52.0740 3708 Current date / time: 2012/09/02 03:03:52.0740
03:03:52.0740 3708 SystemInfo:
03:03:52.0740 3708
03:03:52.0740 3708 OS Version: 6.0.6002 ServicePack: 2.0
03:03:52.0740 3708 Product type: Workstation
03:03:52.0740 3708 ComputerName: 166005-PC
03:03:52.0740 3708 UserName: Administrator
03:03:52.0740 3708 Windows directory: C:\Windows
03:03:52.0740 3708 System windows directory: C:\Windows
03:03:52.0740 3708 Running under WOW64
03:03:52.0740 3708 Processor architecture: Intel x64
03:03:52.0740 3708 Number of processors: 8
03:03:52.0741 3708 Page size: 0x1000
03:03:52.0741 3708 Boot type: Normal boot
03:03:52.0741 3708 ============================================================
03:04:28.0173 3708 !crdlk
03:04:28.0181 3708 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
03:04:28.0188 3708 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
03:04:28.0251 3708 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
03:04:28.0315 3708 ============================================================
03:04:28.0315 3708 \Device\Harddisk0\DR0:
03:04:28.0315 3708 GPT partitions:
03:04:28.0315 3708 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F2870E7D-C4AB-469F-B229-E3168E3D4DC9}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
03:04:28.0315 3708 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {96219D75-2C08-41D1-8C5C-4CB2B9F9EAA8}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
03:04:28.0316 3708 MBR partitions:
03:04:28.0316 3708 \Device\Harddisk1\DR1:
03:04:28.0316 3708 GPT partitions:
03:04:28.0317 3708 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {68E16B53-9BF2-4AB9-86A7-020EFF1A9870}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
03:04:28.0317 3708 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {520ED50F-1A17-47B4-B359-7C3FDCB59CBD}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
03:04:28.0317 3708 MBR partitions:
03:04:28.0317 3708 \Device\Harddisk2\DR2:
03:04:28.0325 3708 MBR partitions:
03:04:28.0325 3708 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
03:04:28.0325 3708 ============================================================
03:04:28.0356 3708 C: <-> \Device\Harddisk2\DR2\Partition1
03:04:28.0398 3708 K: <-> \Device\Harddisk1\DR1\Partition2
03:04:28.0421 3708 M: <-> \Device\Harddisk0\DR0\Partition2
03:04:28.0421 3708 ============================================================
03:04:28.0421 3708 Initialize success
03:04:28.0421 3708 ============================================================
03:05:38.0079 1020 ============================================================
03:05:38.0079 1020 Scan started
03:05:38.0079 1020 Mode: Manual; SigCheck; TDLFS;
03:05:38.0079 1020 ============================================================
03:05:38.0721 1020 ================ Scan system memory ========================
03:05:38.0722 1020 System memory - ok
03:05:38.0722 1020 ================ Scan services =============================
03:05:38.0807 1020 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:05:38.0909 1020 !SASCORE - ok
03:05:38.0950 1020 Suspicious service (NoAccess): ab4ace225aba4d0
03:05:39.0032 1020 [ BB61CD9C8625395037F65A5C96AFF877 ] ab4ace225aba4d0 C:\Windows\System32\Drivers\ab4ace225aba4d0.sys
03:05:39.0032 1020 Suspicious file (NoAccess): C:\Windows\System32\Drivers\ab4ace225aba4d0.sys. md5: BB61CD9C8625395037F65A5C96AFF877
03:05:39.0086 1020 ab4ace225aba4d0 ( Rootkit.Win32.Necurs.gen ) - infected
03:05:39.0086 1020 ab4ace225aba4d0 - detected Rootkit.Win32.Necurs.gen (0)
03:05:39.0119 1020 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
03:05:39.0135 1020 ACPI - ok
03:05:39.0192 1020 [ 59AA63B5DCC9B99C25ACC1BC5E9E6816 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
03:05:39.0287 1020 ADIHdAudAddService - ok
03:05:39.0443 1020 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:05:39.0451 1020 AdobeARMservice - ok
03:05:39.0506 1020 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:05:39.0526 1020 adp94xx - ok
03:05:39.0568 1020 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:05:39.0584 1020 adpahci - ok
03:05:39.0648 1020 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
03:05:39.0659 1020 adpu160m - ok
03:05:39.0687 1020 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:05:39.0699 1020 adpu320 - ok
03:05:39.0796 1020 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
03:05:39.0826 1020 AEADIFilters - ok
03:05:39.0861 1020 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:05:39.0931 1020 AeLookupSvc - ok
03:05:40.0007 1020 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
03:05:40.0098 1020 AFD - ok
03:05:40.0162 1020 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:05:40.0170 1020 agp440 - ok
03:05:40.0210 1020 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
03:05:40.0220 1020 aic78xx - ok
03:05:40.0257 1020 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
03:05:40.0377 1020 ALG - ok
03:05:40.0427 1020 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
03:05:40.0435 1020 aliide - ok
03:05:40.0513 1020 ALSysIO - ok
03:05:40.0545 1020 [ 2AED9A422EA1574C7D7EF9359A417718 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:05:40.0597 1020 AMD External Events Utility - ok
03:05:40.0634 1020 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
03:05:40.0642 1020 amdide - ok
03:05:40.0693 1020 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:05:40.0718 1020 AmdK8 - ok
03:05:40.0970 1020 [ BFA5E854959D5546D8834CA61F4AD075 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:05:41.0271 1020 amdkmdag - ok
03:05:41.0321 1020 [ 92D664FFFCD9E742FB25254F7F458D88 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
03:05:41.0381 1020 amdkmdap - ok
03:05:41.0415 1020 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
03:05:41.0433 1020 Appinfo - ok
03:05:41.0487 1020 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:05:41.0496 1020 Apple Mobile Device - ok
03:05:41.0554 1020 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
03:05:41.0581 1020 arc - ok
03:05:41.0637 1020 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:05:41.0647 1020 arcsas - ok
03:05:41.0712 1020 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
03:05:41.0721 1020 aswFsBlk - ok
03:05:41.0757 1020 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
03:05:41.0764 1020 aswMonFlt - ok
03:05:41.0781 1020 [ 2CF56F9848BF7841FF420E9DD95029EE ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
03:05:41.0788 1020 AswRdr - ok
03:05:41.0813 1020 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
03:05:41.0872 1020 aswSnx - ok
03:05:41.0961 1020 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
03:05:41.0974 1020 aswSP - ok
03:05:42.0135 1020 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
03:05:42.0142 1020 aswTdi - ok
03:05:42.0184 1020 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:05:42.0207 1020 AsyncMac - ok
03:05:42.0252 1020 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
03:05:42.0261 1020 atapi - ok
03:05:42.0451 1020 [ BFA5E854959D5546D8834CA61F4AD075 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:05:42.0616 1020 atikmdag - ok
03:05:42.0741 1020 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:05:42.0814 1020 AudioEndpointBuilder - ok
03:05:42.0825 1020 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:05:42.0846 1020 AudioSrv - ok
03:05:42.0972 1020 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
03:05:42.0979 1020 avast! Antivirus - ok
03:05:42.0989 1020 Beep - ok
03:05:43.0023 1020 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
03:05:43.0060 1020 BFE - ok
03:05:43.0105 1020 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
03:05:43.0171 1020 BITS - ok
03:05:43.0285 1020 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
03:05:43.0349 1020 blbdrive - ok
03:05:43.0440 1020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:05:43.0456 1020 Bonjour Service - ok
03:05:43.0496 1020 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:05:43.0534 1020 bowser - ok
03:05:43.0588 1020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
03:05:43.0620 1020 BrFiltLo - ok
03:05:43.0647 1020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
03:05:43.0688 1020 BrFiltUp - ok
03:05:43.0710 1020 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
03:05:43.0737 1020 Browser - ok
03:05:43.0770 1020 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
03:05:43.0835 1020 Brserid - ok
03:05:43.0873 1020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
03:05:43.0915 1020 BrSerWdm - ok
03:05:43.0983 1020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
03:05:44.0020 1020 BrUsbMdm - ok
03:05:44.0037 1020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
03:05:44.0091 1020 BrUsbSer - ok
03:05:44.0121 1020 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:05:44.0212 1020 BTHMODEM - ok
03:05:44.0269 1020 catchme - ok
03:05:44.0296 1020 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:05:44.0327 1020 cdfs - ok
03:05:44.0381 1020 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:05:44.0398 1020 cdrom - ok
03:05:44.0436 1020 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
03:05:44.0454 1020 CertPropSvc - ok
03:05:44.0495 1020 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
03:05:44.0543 1020 circlass - ok
03:05:44.0568 1020 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
03:05:44.0585 1020 CLFS - ok
03:05:44.0649 1020 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:05:44.0657 1020 clr_optimization_v2.0.50727_32 - ok
03:05:44.0759 1020 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:05:44.0768 1020 clr_optimization_v2.0.50727_64 - ok
03:05:44.0837 1020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:05:44.0847 1020 clr_optimization_v4.0.30319_32 - ok
03:05:44.0878 1020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:05:44.0888 1020 clr_optimization_v4.0.30319_64 - ok
03:05:44.0922 1020 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:05:44.0930 1020 cmdide - ok
03:05:44.0947 1020 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
03:05:44.0956 1020 Compbatt - ok
03:05:44.0963 1020 COMSysApp - ok
03:05:44.0994 1020 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:05:45.0003 1020 crcdisk - ok
03:05:45.0040 1020 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:05:45.0051 1020 CryptSvc - ok
03:05:45.0089 1020 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
03:05:45.0117 1020 DcomLaunch - ok
03:05:45.0143 1020 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:05:45.0184 1020 DfsC - ok
03:05:45.0301 1020 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
03:05:45.0563 1020 DFSR - ok
03:05:45.0704 1020 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
03:05:45.0733 1020 Dhcp - ok
03:05:45.0756 1020 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
03:05:45.0769 1020 disk - ok
03:05:45.0804 1020 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:05:45.0842 1020 Dnscache - ok
03:05:45.0900 1020 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
03:05:45.0943 1020 dot3svc - ok
03:05:45.0980 1020 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
03:05:46.0028 1020 DPS - ok
03:05:46.0064 1020 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:05:46.0091 1020 drmkaud - ok
03:05:46.0154 1020 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:05:46.0185 1020 DXGKrnl - ok
03:05:46.0242 1020 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
03:05:46.0268 1020 E1G60 - ok
03:05:46.0316 1020 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
03:05:46.0345 1020 EapHost - ok
03:05:46.0387 1020 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
03:05:46.0398 1020 Ecache - ok
03:05:46.0455 1020 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:05:46.0497 1020 ehRecvr - ok
03:05:46.0509 1020 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
03:05:46.0519 1020 ehSched - ok
03:05:46.0537 1020 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
03:05:46.0555 1020 ehstart - ok
03:05:46.0625 1020 [ 15814B675E9D08953F2C64E4E5CCB4F4 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
03:05:46.0632 1020 ElbyCDIO - ok
03:05:46.0700 1020 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:05:46.0716 1020 elxstor - ok
03:05:46.0763 1020 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
03:05:46.0846 1020 EMDMgmt - ok
03:05:46.0861 1020 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:05:46.0889 1020 ErrDev - ok
03:05:46.0948 1020 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
03:05:46.0970 1020 EventSystem - ok
03:05:47.0055 1020 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
03:05:47.0118 1020 exfat - ok
03:05:47.0157 1020 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:05:47.0178 1020 fastfat - ok
03:05:47.0222 1020 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:05:47.0268 1020 fdc - ok
03:05:47.0304 1020 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
03:05:47.0330 1020 fdPHost - ok
03:05:47.0353 1020 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
03:05:47.0403 1020 FDResPub - ok
03:05:47.0420 1020 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:05:47.0430 1020 FileInfo - ok
03:05:47.0457 1020 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:05:47.0503 1020 Filetrace - ok
03:05:47.0602 1020 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
03:05:47.0710 1020 FLEXnet Licensing Service 64 - ok
03:05:47.0834 1020 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:05:47.0867 1020 flpydisk - ok
03:05:47.0912 1020 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:05:47.0929 1020 FltMgr - ok
03:05:47.0989 1020 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
03:05:48.0149 1020 FontCache - ok
03:05:48.0314 1020 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:05:48.0323 1020 FontCache3.0.0.0 - ok
03:05:48.0403 1020 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:05:48.0423 1020 Fs_Rec - ok
03:05:48.0483 1020 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:05:48.0483 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\gagp30kx.sys. md5: C8E416668D3DC2BE3D4FE4C79224997F
03:05:48.0487 1020 gagp30kx ( LockedFile.Multi.Generic ) - warning
03:05:48.0487 1020 gagp30kx - detected LockedFile.Multi.Generic (1)
03:05:48.0561 1020 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:05:48.0561 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: E403AACF8C7BB11375122D2464560311
03:05:48.0564 1020 GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
03:05:48.0564 1020 GEARAspiWDM - detected LockedFile.Multi.Generic (1)
03:05:48.0615 1020 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
03:05:48.0653 1020 gpsvc - ok
03:05:48.0729 1020 gupdate - ok
03:05:48.0760 1020 gupdatem - ok
03:05:48.0796 1020 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
03:05:48.0796 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hamachi.sys. md5: 1E6438D4EA6E1174A3B3B1EDC4DE660B
03:05:48.0829 1020 hamachi ( LockedFile.Multi.Generic ) - warning
03:05:48.0829 1020 hamachi - detected LockedFile.Multi.Generic (1)
03:05:48.0886 1020 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:05:48.0971 1020 HdAudAddService - ok
03:05:49.0047 1020 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:05:49.0143 1020 HDAudBus - ok
03:05:49.0203 1020 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
03:05:49.0203 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidbth.sys. md5: B4881C84A180E75B8C25DC1D726C375F
03:05:49.0223 1020 HidBth ( LockedFile.Multi.Generic ) - warning
03:05:49.0223 1020 HidBth - detected LockedFile.Multi.Generic (1)
03:05:49.0290 1020 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
03:05:49.0290 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidir.sys. md5: 4E77A77E2C986E8F88F996BB3E1AD829
03:05:49.0294 1020 HidIr ( LockedFile.Multi.Generic ) - warning
03:05:49.0294 1020 HidIr - detected LockedFile.Multi.Generic (1)
03:05:49.0336 1020 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
03:05:49.0365 1020 hidserv - ok
03:05:49.0394 1020 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:05:49.0394 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 443BDD2D30BB4F00795C797E2CF99EDF
03:05:49.0418 1020 HidUsb ( LockedFile.Multi.Generic ) - warning
03:05:49.0418 1020 HidUsb - detected LockedFile.Multi.Generic (1)
03:05:49.0443 1020 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
03:05:49.0496 1020 hkmsvc - ok
03:05:49.0545 1020 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
03:05:49.0560 1020 HpCISSs - ok
03:05:49.0599 1020 hsjxrndqv - ok
03:05:49.0651 1020 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:05:49.0652 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 098F1E4E5C9CB5B0063A959063631610
03:05:49.0688 1020 HTTP ( LockedFile.Multi.Generic ) - warning
03:05:49.0688 1020 HTTP - detected LockedFile.Multi.Generic (1)
03:05:49.0722 1020 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
03:05:49.0722 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\i2omp.sys. md5: DA94C854CEA5FAC549D4E1F6E88349E8
03:05:49.0726 1020 i2omp ( LockedFile.Multi.Generic ) - warning
03:05:49.0726 1020 i2omp - detected LockedFile.Multi.Generic (1)
03:05:49.0756 1020 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:05:49.0756 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: CBB597659A2713CE0C9CC20C88C7591F
03:05:49.0760 1020 i8042prt ( LockedFile.Multi.Generic ) - warning
03:05:49.0760 1020 i8042prt - detected LockedFile.Multi.Generic (1)
03:05:49.0799 1020 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
03:05:49.0799 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\iastorv.sys. md5: 3E3BF3627D886736D0B4E90054F929F6
03:05:49.0828 1020 iaStorV ( LockedFile.Multi.Generic ) - warning
03:05:49.0828 1020 iaStorV - detected LockedFile.Multi.Generic (1)
03:05:49.0891 1020 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:05:49.0952 1020 idsvc - ok
03:05:50.0054 1020 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:05:50.0067 1020 iirsp - ok
03:05:50.0112 1020 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
03:05:50.0197 1020 IKEEXT - ok
03:05:50.0241 1020 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
03:05:50.0241 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: DF797A12176F11B2D301C5B234BB200E
03:05:50.0243 1020 intelide ( LockedFile.Multi.Generic ) - warning
03:05:50.0243 1020 intelide - detected LockedFile.Multi.Generic (1)
03:05:50.0288 1020 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:05:50.0288 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: BFD84AF32FA1BAD6231C4585CB469630
03:05:50.0291 1020 intelppm ( LockedFile.Multi.Generic ) - warning
03:05:50.0291 1020 intelppm - detected LockedFile.Multi.Generic (1)
03:05:50.0352 1020 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:05:50.0392 1020 IPBusEnum - ok
03:05:50.0461 1020 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:05:50.0461 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: D8AABC341311E4780D6FCE8C73C0AD81
03:05:50.0464 1020 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
03:05:50.0464 1020 IpFilterDriver - detected LockedFile.Multi.Generic (1)
03:05:50.0533 1020 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:05:50.0570 1020 iphlpsvc - ok
03:05:50.0576 1020 IpInIp - ok
03:05:50.0619 1020 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
03:05:50.0619 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipmidrv.sys. md5: 9C2EE2E6E5A7203BFAE15C299475EC67
03:05:50.0638 1020 IPMIDRV ( LockedFile.Multi.Generic ) - warning
03:05:50.0638 1020 IPMIDRV - detected LockedFile.Multi.Generic (1)
03:05:50.0673 1020 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
03:05:50.0673 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipnat.sys. md5: B7E6212F581EA5F6AB0C3A6CEEEB89BE
03:05:50.0704 1020 IPNAT ( LockedFile.Multi.Generic ) - warning
03:05:50.0704 1020 IPNAT - detected LockedFile.Multi.Generic (1)
03:05:50.0768 1020 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:05:50.0819 1020 iPod Service - ok
03:05:50.0927 1020 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:05:50.0927 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 8C42CA155343A2F11D29FECA67FAA88D
03:05:50.0930 1020 IRENUM ( LockedFile.Multi.Generic ) - warning
03:05:50.0930 1020 IRENUM - detected LockedFile.Multi.Generic (1)
03:05:50.0970 1020 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:05:50.0971 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 0672BFCEDC6FC468A2B0500D81437F4F
03:05:50.0973 1020 isapnp ( LockedFile.Multi.Generic ) - warning
03:05:50.0973 1020 isapnp - detected LockedFile.Multi.Generic (1)
03:05:51.0045 1020 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
03:05:51.0045 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: E4FDF99599F27EC25D2CF6D754243520
03:05:51.0071 1020 iScsiPrt ( LockedFile.Multi.Generic ) - warning
03:05:51.0071 1020 iScsiPrt - detected LockedFile.Multi.Generic (1)
03:05:51.0095 1020 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
03:05:51.0095 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\iteatapi.sys. md5: 63C766CDC609FF8206CB447A65ABBA4A
03:05:51.0098 1020 iteatapi ( LockedFile.Multi.Generic ) - warning
03:05:51.0098 1020 iteatapi - detected LockedFile.Multi.Generic (1)
03:05:51.0112 1020 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
03:05:51.0112 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\iteraid.sys. md5: 1281FE73B17664631D12F643CBEA3F59
03:05:51.0115 1020 iteraid ( LockedFile.Multi.Generic ) - warning
03:05:51.0115 1020 iteraid - detected LockedFile.Multi.Generic (1)
03:05:51.0146 1020 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:05:51.0146 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: 423696F3BA6472DD17699209B933BC26
03:05:51.0149 1020 kbdclass ( LockedFile.Multi.Generic ) - warning
03:05:51.0149 1020 kbdclass - detected LockedFile.Multi.Generic (1)
03:05:51.0166 1020 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:05:51.0166 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: DBDF75D51464FBC47D0104EC3D572C05
03:05:51.0169 1020 kbdhid ( LockedFile.Multi.Generic ) - warning
03:05:51.0169 1020 kbdhid - detected LockedFile.Multi.Generic (1)
03:05:51.0210 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
03:05:51.0219 1020 KeyIso - ok
03:05:51.0255 1020 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:05:51.0255 1020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 88956AD9FA510848AD176777A6C6C1F5
03:05:51.0270 1020 KSecDD ( LockedFile.Multi.Generic ) - warning
03:05:51.0270 1020 KSecDD - detected LockedFile.Multi.Generic (1)
03:05:51.0310 1020 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:05:51.0310 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 1D419CF43DB29396ECD7113D129D94EB
03:05:51.0334 1020 ksthunk ( LockedFile.Multi.Generic ) - warning
03:05:51.0334 1020 ksthunk - detected LockedFile.Multi.Generic (1)
03:05:51.0371 1020 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
03:05:51.0404 1020 KtmRm - ok
03:05:51.0452 1020 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
03:05:51.0471 1020 LanmanServer - ok
03:05:51.0505 1020 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:05:51.0531 1020 LanmanWorkstation - ok
03:05:51.0572 1020 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:05:51.0572 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 96ECE2659B6654C10A0C310AE3A6D02C
03:05:51.0598 1020 lltdio ( LockedFile.Multi.Generic ) - warning
03:05:51.0598 1020 lltdio - detected LockedFile.Multi.Generic (1)
03:05:51.0630 1020 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:05:51.0661 1020 lltdsvc - ok
03:05:51.0687 1020 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:05:51.0725 1020 lmhosts - ok
03:05:51.0768 1020 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:05:51.0768 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_fc.sys. md5: ACBE1AF32D3123E330A07BFBC5EC4A9B
03:05:51.0771 1020 LSI_FC ( LockedFile.Multi.Generic ) - warning
03:05:51.0771 1020 LSI_FC - detected LockedFile.Multi.Generic (1)
03:05:51.0804 1020 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:05:51.0804 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas.sys. md5: 799FFB2FC4729FA46D2157C0065B3525
03:05:51.0807 1020 LSI_SAS ( LockedFile.Multi.Generic ) - warning
03:05:51.0807 1020 LSI_SAS - detected LockedFile.Multi.Generic (1)
03:05:51.0828 1020 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:05:51.0828 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_scsi.sys. md5: F445FF1DAAD8A226366BFAF42551226B
03:05:51.0859 1020 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
03:05:51.0859 1020 LSI_SCSI - detected LockedFile.Multi.Generic (1)
03:05:51.0880 1020 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
03:05:51.0880 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 52F87B9CC8932C2A7375C3B2A9BE5E3E
03:05:51.0884 1020 luafv ( LockedFile.Multi.Generic ) - warning
03:05:51.0884 1020 luafv - detected LockedFile.Multi.Generic (1)
03:05:51.0898 1020 lxbc_device - ok
03:05:51.0973 1020 [ B6D3B963ADF91EA2F7C5E7C54EC7930B ] lxdvCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe
03:05:51.0981 1020 lxdvCATSCustConnectService - ok
03:05:52.0013 1020 lxdv_device - ok
03:05:52.0057 1020 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
03:05:52.0066 1020 MBAMProtector - ok
03:05:52.0115 1020 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:05:52.0138 1020 MBAMService - ok
03:05:52.0219 1020 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:05:52.0249 1020 Mcx2Svc - ok
03:05:52.0285 1020 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
03:05:52.0285 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\megasas.sys. md5: 5C5CD6AACED32FB26C3FB34B3DCF972F
03:05:52.0288 1020 megasas ( LockedFile.Multi.Generic ) - warning
03:05:52.0288 1020 megasas - detected LockedFile.Multi.Generic (1)
03:05:52.0322 1020 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
03:05:52.0322 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\megasr.sys. md5: 859BC2436B076C77C159ED694ACFE8F8
03:05:52.0326 1020 MegaSR ( LockedFile.Multi.Generic ) - warning
03:05:52.0326 1020 MegaSR - detected LockedFile.Multi.Generic (1)
03:05:52.0380 1020 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
03:05:52.0423 1020 MMCSS - ok
03:05:52.0461 1020 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
03:05:52.0462 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 59848D5CC74606F0EE7557983BB73C2E
03:05:52.0464 1020 Modem ( LockedFile.Multi.Generic ) - warning
03:05:52.0464 1020 Modem - detected LockedFile.Multi.Generic (1)
03:05:52.0515 1020 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:05:52.0515 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: C247CC2A57E0A0C8C6DCCF7807B3E9E5
03:05:52.0518 1020 monitor ( LockedFile.Multi.Generic ) - warning
03:05:52.0518 1020 monitor - detected LockedFile.Multi.Generic (1)
03:05:52.0546 1020 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:05:52.0546 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 9367304E5E412B120CF5F4EA14E4E4F1
03:05:52.0548 1020 mouclass ( LockedFile.Multi.Generic ) - warning
03:05:52.0548 1020 mouclass - detected LockedFile.Multi.Generic (1)
03:05:52.0575 1020 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:05:52.0576 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: C2C2BD5C5CE5AAF786DDD74B75D2AC69
03:05:52.0605 1020 mouhid ( LockedFile.Multi.Generic ) - warning
03:05:52.0605 1020 mouhid - detected LockedFile.Multi.Generic (1)
03:05:52.0623 1020 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
03:05:52.0623 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 11BC9B1E8801B01F7F6ADB9EAD30019B
03:05:52.0625 1020 MountMgr ( LockedFile.Multi.Generic ) - warning
03:05:52.0625 1020 MountMgr - detected LockedFile.Multi.Generic (1)
03:05:52.0689 1020 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:05:52.0700 1020 MozillaMaintenance - ok
03:05:52.0766 1020 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
03:05:52.0766 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: F8276EB8698142884498A528DFEA8478
03:05:52.0795 1020 mpio ( LockedFile.Multi.Generic ) - warning
03:05:52.0795 1020 mpio - detected LockedFile.Multi.Generic (1)
03:05:52.0825 1020 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:05:52.0825 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: C92B9ABDB65A5991E00C28F13491DBA2
03:05:52.0827 1020 mpsdrv ( LockedFile.Multi.Generic ) - warning
03:05:52.0827 1020 mpsdrv - detected LockedFile.Multi.Generic (1)
03:05:52.0882 1020 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
03:05:52.0993 1020 MpsSvc - ok
03:05:53.0087 1020 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
03:05:53.0087 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mraid35x.sys. md5: 3C200630A89EF2C0864D515B7A75802E
03:05:53.0090 1020 Mraid35x ( LockedFile.Multi.Generic ) - warning
03:05:53.0091 1020 Mraid35x - detected LockedFile.Multi.Generic (1)
03:05:53.0117 1020 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:05:53.0117 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: 7C1DE4AA96DC0C071611F9E7DE02A68D
03:05:53.0121 1020 MRxDAV ( LockedFile.Multi.Generic ) - warning
03:05:53.0121 1020 MRxDAV - detected LockedFile.Multi.Generic (1)
03:05:53.0156 1020 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:05:53.0156 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 1485811B320FF8C7EDAD1CAEBB1C6C2B
03:05:53.0170 1020 mrxsmb ( LockedFile.Multi.Generic ) - warning
03:05:53.0170 1020 mrxsmb - detected LockedFile.Multi.Generic (1)
03:05:53.0206 1020 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:05:53.0206 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 3B929A60C833FC615FD97FBA82BC7632
03:05:53.0209 1020 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
03:05:53.0209 1020 mrxsmb10 - detected LockedFile.Multi.Generic (1)
03:05:53.0219 1020 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:05:53.0219 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: C64AB3E1F53B4F5B5BB6D796B2D7BEC3
03:05:53.0221 1020 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
03:05:53.0221 1020 mrxsmb20 - detected LockedFile.Multi.Generic (1)
03:05:53.0259 1020 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
03:05:53.0259 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: 1AC860612B85D8E85EE257D372E39F4D
03:05:53.0262 1020 msahci ( LockedFile.Multi.Generic ) - warning
03:05:53.0262 1020 msahci - detected LockedFile.Multi.Generic (1)
03:05:53.0306 1020 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:05:53.0306 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: 264BBB4AAF312A485F0E44B65A6B7202
03:05:53.0309 1020 msdsm ( LockedFile.Multi.Generic ) - warning
03:05:53.0309 1020 msdsm - detected LockedFile.Multi.Generic (1)
03:05:53.0358 1020 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
03:05:53.0398 1020 MSDTC - ok
03:05:53.0440 1020 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:05:53.0440 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: 704F59BFC4512D2BB0146AEC31B10A7C
03:05:53.0442 1020 Msfs ( LockedFile.Multi.Generic ) - warning
03:05:53.0442 1020 Msfs - detected LockedFile.Multi.Generic (1)
03:05:53.0468 1020 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:05:53.0468 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: 00EBC952961664780D43DCA157E79B27
03:05:53.0478 1020 msisadrv ( LockedFile.Multi.Generic ) - warning
03:05:53.0478 1020 msisadrv - detected LockedFile.Multi.Generic (1)
03:05:53.0524 1020 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:05:53.0587 1020 MSiSCSI - ok
03:05:53.0604 1020 msiserver - ok
03:05:53.0634 1020 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:05:53.0635 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 0EA73E498F53B96D83DBFCA074AD4CF8
03:05:53.0637 1020 MSKSSRV ( LockedFile.Multi.Generic ) - warning
03:05:53.0637 1020 MSKSSRV - detected LockedFile.Multi.Generic (1)
03:05:53.0656 1020 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:05:53.0656 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: 52E59B7E992A58E740AA63F57EDBAE8B
03:05:53.0664 1020 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
03:05:53.0664 1020 MSPCLOCK - detected LockedFile.Multi.Generic (1)
03:05:53.0682 1020 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:05:53.0682 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 49084A75BAE043AE02D5B44D02991BB2
03:05:53.0684 1020 MSPQM ( LockedFile.Multi.Generic ) - warning
03:05:53.0684 1020 MSPQM - detected LockedFile.Multi.Generic (1)
03:05:53.0712 1020 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:05:53.0712 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: DC6CCF440CDEDE4293DB41C37A5060A5
03:05:53.0734 1020 MsRPC ( LockedFile.Multi.Generic ) - warning
03:05:53.0734 1020 MsRPC - detected LockedFile.Multi.Generic (1)
03:05:53.0788 1020 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:05:53.0789 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 855796E59DF77EA93AF46F20155BF55B
03:05:53.0791 1020 mssmbios ( LockedFile.Multi.Generic ) - warning
03:05:53.0791 1020 mssmbios - detected LockedFile.Multi.Generic (1)
03:05:53.0819 1020 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:05:53.0819 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 86D632D75D05D5B7C7C043FA3564AE86
03:05:53.0828 1020 MSTEE ( LockedFile.Multi.Generic ) - warning
03:05:53.0828 1020 MSTEE - detected LockedFile.Multi.Generic (1)
03:05:53.0861 1020 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
03:05:53.0861 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 6936198F2CC25B39CF5262436C80DF46
03:05:53.0863 1020 MTsensor ( LockedFile.Multi.Generic ) - warning
03:05:53.0863 1020 MTsensor - detected LockedFile.Multi.Generic (1)
03:05:53.0884 1020 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
03:05:53.0884 1020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: 0CC49F78D8ACA0877D885F149084E543
03:05:53.0889 1020 Mup ( LockedFile.Multi.Generic ) - warning
03:05:53.0889 1020 Mup - detected LockedFile.Multi.Generic (1)
03:05:53.0938 1020 [ E884FD7FB31BC82041AAB75BE5C81EEF ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
03:05:53.0938 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mv61xx.sys. md5: E884FD7FB31BC82041AAB75BE5C81EEF
03:05:53.0954 1020 mv61xx ( LockedFile.Multi.Generic ) - warning
03:05:53.0954 1020 mv61xx - detected LockedFile.Multi.Generic (1)
03:05:53.0986 1020 [ 6E6A3ADF84ED72514C65484AF6E51242 ] mv64xx C:\Windows\system32\DRIVERS\mv64xx.sys
03:05:53.0986 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mv64xx.sys. md5: 6E6A3ADF84ED72514C65484AF6E51242
03:05:54.0009 1020 mv64xx ( LockedFile.Multi.Generic ) - warning
03:05:54.0009 1020 mv64xx - detected LockedFile.Multi.Generic (1)
03:05:54.0055 1020 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
03:05:54.0152 1020 napagent - ok
03:05:54.0187 1020 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:05:54.0187 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 2007B826C4ACD94AE32232B41F0842B9
03:05:54.0190 1020 NativeWifiP ( LockedFile.Multi.Generic ) - warning
03:05:54.0190 1020 NativeWifiP - detected LockedFile.Multi.Generic (1)
03:05:54.0248 1020 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:05:54.0248 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 65950E07329FCEE8E6516B17C8D0ABB6
03:05:54.0264 1020 NDIS ( LockedFile.Multi.Generic ) - warning
03:05:54.0264 1020 NDIS - detected LockedFile.Multi.Generic (1)
03:05:54.0289 1020 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:05:54.0290 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 64DF698A425478E321981431AC171334
03:05:54.0293 1020 NdisTapi ( LockedFile.Multi.Generic ) - warning
03:05:54.0293 1020 NdisTapi - detected LockedFile.Multi.Generic (1)
03:05:54.0322 1020 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:05:54.0322 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 8BAA43196D7B5BB972C9A6B2BBF61A19
03:05:54.0325 1020 Ndisuio ( LockedFile.Multi.Generic ) - warning
03:05:54.0326 1020 Ndisuio - detected LockedFile.Multi.Generic (1)
03:05:54.0361 1020 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:05:54.0361 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: F8158771905260982CE724076419EF19
03:05:54.0382 1020 NdisWan ( LockedFile.Multi.Generic ) - warning
03:05:54.0382 1020 NdisWan - detected LockedFile.Multi.Generic (1)
03:05:54.0416 1020 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:05:54.0417 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 9CB77ED7CB72850253E973A2D6AFDF49
03:05:54.0419 1020 NDProxy ( LockedFile.Multi.Generic ) - warning
03:05:54.0419 1020 NDProxy - detected LockedFile.Multi.Generic (1)
03:05:54.0459 1020 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:05:54.0460 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: A499294F5029A7862ADC115BDA7371CE
03:05:54.0464 1020 NetBIOS ( LockedFile.Multi.Generic ) - warning
03:05:54.0464 1020 NetBIOS - detected LockedFile.Multi.Generic (1)
03:05:54.0508 1020 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
03:05:54.0508 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: FC2C792EBDDC8E28DF939D6A92C83D61
03:05:54.0540 1020 netbt ( LockedFile.Multi.Generic ) - warning
03:05:54.0540 1020 netbt - detected LockedFile.Multi.Generic (1)
03:05:54.0550 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
03:05:54.0563 1020 Netlogon - ok
03:05:54.0598 1020 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
03:05:54.0643 1020 Netman - ok
03:05:54.0678 1020 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
03:05:54.0732 1020 netprofm - ok
03:05:54.0769 1020 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:05:54.0783 1020 NetTcpPortSharing - ok
03:05:54.0835 1020 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:05:54.0835 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nfrd960.sys. md5: 4AC08BD6AF2DF42E0C3196D826C8AEA7
03:05:54.0839 1020 nfrd960 ( LockedFile.Multi.Generic ) - warning
03:05:54.0839 1020 nfrd960 - detected LockedFile.Multi.Generic (1)
03:05:54.0871 1020 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
03:05:54.0915 1020 NlaSvc - ok
03:05:54.0954 1020 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:05:54.0954 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: B298874F8E0EA93F06EC40AA8D146478
03:05:54.0957 1020 Npfs ( LockedFile.Multi.Generic ) - warning
03:05:54.0958 1020 Npfs - detected LockedFile.Multi.Generic (1)
03:05:54.0990 1020 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
03:05:55.0030 1020 nsi - ok
03:05:55.0070 1020 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:05:55.0070 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: 1523AF19EE8B030BA682F7A53537EAEB
03:05:55.0073 1020 nsiproxy ( LockedFile.Multi.Generic ) - warning
03:05:55.0073 1020 nsiproxy - detected LockedFile.Multi.Generic (1)
03:05:55.0134 1020 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:05:55.0134 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: BAC869DFB98E499BA4D9BB1FB43270E1
03:05:55.0137 1020 Ntfs ( LockedFile.Multi.Generic ) - warning
03:05:55.0138 1020 Ntfs - detected LockedFile.Multi.Generic (1)
03:05:55.0160 1020 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
03:05:55.0160 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: DD5D684975352B85B52E3FD5347C20CB
03:05:55.0179 1020 Null ( LockedFile.Multi.Generic ) - warning
03:05:55.0179 1020 Null - detected LockedFile.Multi.Generic (1)
03:05:55.0203 1020 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:05:55.0203 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 2C040B7ADA5B06F6FACADAC8514AA034
03:05:55.0206 1020 nvraid ( LockedFile.Multi.Generic ) - warning
03:05:55.0206 1020 nvraid - detected LockedFile.Multi.Generic (1)
03:05:55.0220 1020 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:05:55.0220 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: F7EA0FE82842D05EDA3EFDD376DBFDBA
03:05:55.0235 1020 nvstor ( LockedFile.Multi.Generic ) - warning
03:05:55.0235 1020 nvstor - detected LockedFile.Multi.Generic (1)
03:05:55.0267 1020 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:05:55.0267 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 19067CA93075EF4823E3938A686F532F
03:05:55.0270 1020 nv_agp ( LockedFile.Multi.Generic ) - warning
03:05:55.0270 1020 nv_agp - detected LockedFile.Multi.Generic (1)
03:05:55.0277 1020 NwlnkFlt - ok
03:05:55.0284 1020 NwlnkFwd - ok
03:05:55.0389 1020 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:05:55.0412 1020 odserv - ok
03:05:55.0479 1020 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
03:05:55.0479 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: B5B1CE65AC15BBD11C0619E3EF7CFC28
03:05:55.0511 1020 ohci1394 ( LockedFile.Multi.Generic ) - warning
03:05:55.0511 1020 ohci1394 - detected LockedFile.Multi.Generic (1)
03:05:55.0543 1020 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:05:55.0557 1020 ose - ok
03:05:55.0619 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
03:05:55.0686 1020 p2pimsvc - ok
03:05:55.0709 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
03:05:55.0776 1020 p2psvc - ok
03:05:55.0842 1020 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
03:05:55.0843 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\parport.sys. md5: AECD57F94C887F58919F307C35498EA0
03:05:55.0864 1020 Parport ( LockedFile.Multi.Generic ) - warning
03:05:55.0864 1020 Parport - detected LockedFile.Multi.Generic (1)
03:05:55.0898 1020 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:05:55.0898 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: B43751085E2ABE389DA466BC62A4B987
03:05:55.0918 1020 partmgr ( LockedFile.Multi.Generic ) - warning
03:05:55.0918 1020 partmgr - detected LockedFile.Multi.Generic (1)
03:05:55.0956 1020 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
03:05:56.0025 1020 PcaSvc - ok
03:05:56.0060 1020 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
03:05:56.0060 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 47AB1E0FC9D0E12BB53BA246E3A0906D
03:05:56.0062 1020 pci ( LockedFile.Multi.Generic ) - warning
03:05:56.0063 1020 pci - detected LockedFile.Multi.Generic (1)
03:05:56.0084 1020 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
03:05:56.0084 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: 2657F6C0B78C36D95034BE109336E382
03:05:56.0086 1020 pciide ( LockedFile.Multi.Generic ) - warning
03:05:56.0086 1020 pciide - detected LockedFile.Multi.Generic (1)
03:05:56.0122 1020 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:05:56.0122 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcmcia.sys. md5: 037661F3D7C507C9993B7010CEEE6288
03:05:56.0125 1020 pcmcia ( LockedFile.Multi.Generic ) - warning
03:05:56.0125 1020 pcmcia - detected LockedFile.Multi.Generic (1)
03:05:56.0158 1020 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:05:56.0158 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 58865916F53592A61549B04941BFD80D
03:05:56.0193 1020 PEAUTH ( LockedFile.Multi.Generic ) - warning
03:05:56.0193 1020 PEAUTH - detected LockedFile.Multi.Generic (1)
03:05:56.0267 1020 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:05:56.0327 1020 PerfHost - ok
03:05:56.0413 1020 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
03:05:56.0515 1020 pla - ok
03:05:56.0547 1020 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:05:56.0588 1020 PlugPlay - ok
03:05:56.0610 1020 PnkBstrA - ok
03:05:56.0661 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
03:05:56.0688 1020 PNRPAutoReg - ok
03:05:56.0707 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
03:05:56.0775 1020 PNRPsvc - ok
03:05:56.0878 1020 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:05:56.0918 1020 PolicyAgent - ok
03:05:56.0974 1020 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:05:56.0974 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 23386E9952025F5F21C368971E2E7301
03:05:56.0977 1020 PptpMiniport ( LockedFile.Multi.Generic ) - warning
03:05:56.0977 1020 PptpMiniport - detected LockedFile.Multi.Generic (1)
03:05:57.0039 1020 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
03:05:57.0039 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\processr.sys. md5: 5080E59ECEE0BC923F14018803AA7A01
03:05:57.0069 1020 Processor ( LockedFile.Multi.Generic ) - warning
03:05:57.0069 1020 Processor - detected LockedFile.Multi.Generic (1)
03:05:57.0103 1020 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
03:05:57.0146 1020 ProfSvc - ok
03:05:57.0159 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
03:05:57.0173 1020 ProtectedStorage - ok
03:05:57.0285 1020 [ EB21A4F28E4135498B3CE981883A0A44 ] PS3 Media Server C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
03:05:57.0292 1020 PS3 Media Server ( UnsignedFile.Multi.Generic ) - warning
03:05:57.0292 1020 PS3 Media Server - detected UnsignedFile.Multi.Generic (1)
03:05:57.0357 1020 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
03:05:57.0357 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: C5AB7F0809392D0DA027F4A2A81BFA31
03:05:57.0388 1020 PSched ( LockedFile.Multi.Generic ) - warning
03:05:57.0388 1020 PSched - detected LockedFile.Multi.Generic (1)
03:05:57.0454 1020 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:05:57.0454 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ql2300.sys. md5: 0B83F4E681062F3839BE2EC1D98FD94A
03:05:57.0458 1020 ql2300 ( LockedFile.Multi.Generic ) - warning
03:05:57.0458 1020 ql2300 - detected LockedFile.Multi.Generic (1)
03:05:57.0510 1020 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:05:57.0511 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ql40xx.sys. md5: E1C80F8D4D1E39EF9595809C1369BF2A
03:05:57.0514 1020 ql40xx ( LockedFile.Multi.Generic ) - warning
03:05:57.0514 1020 ql40xx - detected LockedFile.Multi.Generic (1)
03:05:57.0569 1020 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
03:05:57.0613 1020 QWAVE - ok
03:05:57.0622 1020 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:05:57.0622 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: E8D76EDAB77EC9C634C27B8EAC33ADC5
03:05:57.0625 1020 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
03:05:57.0625 1020 QWAVEdrv - detected LockedFile.Multi.Generic (1)
03:05:57.0641 1020 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:05:57.0641 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 1013B3B663A56D3DDD784F581C1BD005
03:05:57.0645 1020 RasAcd ( LockedFile.Multi.Generic ) - warning
03:05:57.0645 1020 RasAcd - detected LockedFile.Multi.Generic (1)
03:05:57.0668 1020 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
03:05:57.0709 1020 RasAuto - ok
03:05:57.0755 1020 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:05:57.0755 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: AC7BC4D42A7E558718DFDEC599BBFC2C
03:05:57.0796 1020 Rasl2tp ( LockedFile.Multi.Generic ) - warning
03:05:57.0796 1020 Rasl2tp - detected LockedFile.Multi.Generic (1)
03:05:57.0818 1020 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
03:05:57.0867 1020 RasMan - ok
03:05:57.0905 1020 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:05:57.0905 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 4517FBF8B42524AFE4EDE1DE102AAE3E
03:05:57.0908 1020 RasPppoe ( LockedFile.Multi.Generic ) - warning
03:05:57.0908 1020 RasPppoe - detected LockedFile.Multi.Generic (1)
03:05:57.0966 1020 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:05:57.0966 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: C6A593B51F34C33E5474539544072527
03:05:57.0968 1020 RasSstp ( LockedFile.Multi.Generic ) - warning
03:05:57.0968 1020 RasSstp - detected LockedFile.Multi.Generic (1)
03:05:58.0003 1020 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:05:58.0003 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 322DB5C6B55E8D8EE8D6F358B2AAABB1
03:05:58.0005 1020 rdbss ( LockedFile.Multi.Generic ) - warning
03:05:58.0005 1020 rdbss - detected LockedFile.Multi.Generic (1)
03:05:58.0034 1020 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:05:58.0034 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 603900CC05F6BE65CCBF373800AF3716
03:05:58.0038 1020 RDPCDD ( LockedFile.Multi.Generic ) - warning
03:05:58.0038 1020 RDPCDD - detected LockedFile.Multi.Generic (1)
03:05:58.0093 1020 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
03:05:58.0093 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: C045D1FB111C28DF0D1BE8D4BDA22C06
03:05:58.0119 1020 rdpdr ( LockedFile.Multi.Generic ) - warning
03:05:58.0119 1020 rdpdr - detected LockedFile.Multi.Generic (1)
03:05:58.0139 1020 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:05:58.0139 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: CAB9421DAF3D97B33D0D055858E2C3AB
03:05:58.0143 1020 RDPENCDD ( LockedFile.Multi.Generic ) - warning
03:05:58.0144 1020 RDPENCDD - detected LockedFile.Multi.Generic (1)
03:05:58.0190 1020 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:05:58.0190 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: AE4BD9E1C33D351D8E607FC81F15160C
03:05:58.0193 1020 RDPWD ( LockedFile.Multi.Generic ) - warning
03:05:58.0193 1020 RDPWD - detected LockedFile.Multi.Generic (1)
03:05:58.0241 1020 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:05:58.0289 1020 RemoteAccess - ok
03:05:58.0316 1020 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:05:58.0335 1020 RemoteRegistry - ok
03:05:58.0406 1020 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
03:05:58.0406 1020 Suspicious file (NoAccess): C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys. md5: A10B40CF9EB57D24E44717A2D38A00F4
03:05:58.0450 1020 RivaTuner64 ( LockedFile.Multi.Generic ) - warning
03:05:58.0450 1020 RivaTuner64 - detected LockedFile.Multi.Generic (1)
03:05:58.0494 1020 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
03:05:58.0503 1020 RpcLocator - ok
03:05:58.0545 1020 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
03:05:58.0571 1020 RpcSs - ok
03:05:58.0596 1020 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:05:58.0596 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 22A9CB08B1A6707C1550C6BF099AAE73
03:05:58.0599 1020 rspndr ( LockedFile.Multi.Generic ) - warning
03:05:58.0599 1020 rspndr - detected LockedFile.Multi.Generic (1)
03:05:58.0663 1020 [ 67C7695D3B18682ADDF8419EDA4BBFB8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
03:05:58.0664 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: 67C7695D3B18682ADDF8419EDA4BBFB8
03:05:58.0694 1020 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - warning
03:05:58.0694 1020 RTHDMIAzAudService - detected LockedFile.Multi.Generic (1)
03:05:58.0709 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
03:05:58.0718 1020 SamSs - ok
03:05:58.0785 1020 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:05:58.0785 1020 Suspicious file (NoAccess): C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS. md5: 3289766038DB2CB14D07DC84392138D5
03:05:58.0787 1020 SASDIFSV ( LockedFile.Multi.Generic ) - warning
03:05:58.0787 1020 SASDIFSV - detected LockedFile.Multi.Generic (1)
03:05:58.0834 1020 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:05:58.0834 1020 Suspicious file (NoAccess): C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS. md5: 58A38E75F3316A83C23DF6173D41F2B5
03:05:58.0837 1020 SASKUTIL ( LockedFile.Multi.Generic ) - warning
03:05:58.0837 1020 SASKUTIL - detected LockedFile.Multi.Generic (1)
03:05:58.0897 1020 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:05:58.0897 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: CD9C693589C60AD59BBBCFB0E524E01B
03:05:58.0911 1020 sbp2port ( LockedFile.Multi.Generic ) - warning
03:05:58.0911 1020 sbp2port - detected LockedFile.Multi.Generic (1)
03:05:58.0948 1020 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:05:58.0969 1020 SCardSvr - ok
03:05:59.0008 1020 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
03:05:59.0059 1020 Schedule - ok
03:05:59.0109 1020 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
03:05:59.0128 1020 SCPolicySvc - ok
03:05:59.0193 1020 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:05:59.0205 1020 SDRSVC - ok
03:05:59.0249 1020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:05:59.0250 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
03:05:59.0269 1020 secdrv ( LockedFile.Multi.Generic ) - warning
03:05:59.0269 1020 secdrv - detected LockedFile.Multi.Generic (1)
03:05:59.0296 1020 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
03:05:59.0330 1020 seclogon - ok
03:05:59.0350 1020 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
03:05:59.0385 1020 SENS - ok
03:05:59.0425 1020 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
03:05:59.0425 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\serenum.sys. md5: F71BFE7AC6C52273B7C82CBF1BB2A222
03:05:59.0427 1020 Serenum ( LockedFile.Multi.Generic ) - warning
03:05:59.0427 1020 Serenum - detected LockedFile.Multi.Generic (1)
03:05:59.0447 1020 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
03:05:59.0447 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\serial.sys. md5: E62FAC91EE288DB29A9696A9D279929C
03:05:59.0450 1020 Serial ( LockedFile.Multi.Generic ) - warning
03:05:59.0450 1020 Serial - detected LockedFile.Multi.Generic (1)
03:05:59.0481 1020 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:05:59.0481 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sermouse.sys. md5: A842F04833684BCEEA7336211BE478DF
03:05:59.0495 1020 sermouse ( LockedFile.Multi.Generic ) - warning
03:05:59.0495 1020 sermouse - detected LockedFile.Multi.Generic (1)
03:05:59.0562 1020 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
03:05:59.0605 1020 SessionEnv - ok
03:05:59.0621 1020 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:05:59.0622 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: 14D4B4465193A87C127933978E8C4106
03:05:59.0630 1020 sffdisk ( LockedFile.Multi.Generic ) - warning
03:05:59.0630 1020 sffdisk - detected LockedFile.Multi.Generic (1)
03:05:59.0650 1020 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:05:59.0650 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 7073AEE3F82F3D598E3825962AA98AB2
03:05:59.0654 1020 sffp_mmc ( LockedFile.Multi.Generic ) - warning
03:05:59.0654 1020 sffp_mmc - detected LockedFile.Multi.Generic (1)
03:05:59.0669 1020 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:05:59.0669 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: 35E59EBE4A01A0532ED67975161C7B82
03:05:59.0673 1020 sffp_sd ( LockedFile.Multi.Generic ) - warning
03:05:59.0673 1020 sffp_sd - detected LockedFile.Multi.Generic (1)
03:05:59.0705 1020 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
03:05:59.0705 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sfloppy.sys. md5: 6B7838C94135768BD455CBDC23E39E5F
03:05:59.0707 1020 sfloppy ( LockedFile.Multi.Generic ) - warning
03:05:59.0707 1020 sfloppy - detected LockedFile.Multi.Generic (1)
03:05:59.0766 1020 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:05:59.0842 1020 SharedAccess - ok
03:05:59.0878 1020 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:05:59.0892 1020 ShellHWDetection - ok
03:05:59.0927 1020 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
03:05:59.0927 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sisraid2.sys. md5: 7A5DE502AEB719D4594C6471060A78B3
03:05:59.0936 1020 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
03:05:59.0936 1020 SiSRaid2 - detected LockedFile.Multi.Generic (1)
03:05:59.0972 1020 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:05:59.0972 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sisraid4.sys. md5: 3A2F769FAB9582BC720E11EA1DFB184D
03:05:59.0975 1020 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
03:05:59.0975 1020 SiSRaid4 - detected LockedFile.Multi.Generic (1)
03:06:00.0048 1020 [ 8C5477EB1C03CA76CD8EB66A610A9E90 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:06:00.0059 1020 SkypeUpdate - ok
03:06:00.0133 1020 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
03:06:00.0371 1020 slsvc - ok
03:06:00.0501 1020 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
03:06:00.0548 1020 SLUINotify - ok
03:06:00.0599 1020 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:06:00.0599 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 290B6F6A0EC4FCDFC90F5CB6D7020473
03:06:00.0621 1020 Smb ( LockedFile.Multi.Generic ) - warning
03:06:00.0621 1020 Smb - detected LockedFile.Multi.Generic (1)
03:06:00.0663 1020 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:06:00.0681 1020 SNMPTRAP - ok
03:06:00.0972 1020 [ 8B28F3CB8AD97924BFFF94922018B3D8 ] SNP2STD C:\Windows\system32\DRIVERS\snp2sxp.sys
03:06:00.0972 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\snp2sxp.sys. md5: 8B28F3CB8AD97924BFFF94922018B3D8
03:06:01.0033 1020 SNP2STD ( LockedFile.Multi.Generic ) - warning
03:06:01.0033 1020 SNP2STD - detected LockedFile.Multi.Generic (1)
03:06:01.0054 1020 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
03:06:01.0055 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: 386C3C63F00A7040C7EC5E384217E89D
03:06:01.0057 1020 spldr ( LockedFile.Multi.Generic ) - warning
03:06:01.0057 1020 spldr - detected LockedFile.Multi.Generic (1)
03:06:01.0089 1020 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
03:06:01.0106 1020 Spooler - ok
03:06:01.0136 1020 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
03:06:01.0137 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 880A57FCCB571EBD063D4DD50E93E46D
03:06:01.0141 1020 srv ( LockedFile.Multi.Generic ) - warning
03:06:01.0141 1020 srv - detected LockedFile.Multi.Generic (1)
03:06:01.0164 1020 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:06:01.0164 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: A1AD14A6D7A37891FFFECA35EBBB0730
03:06:01.0167 1020 srv2 ( LockedFile.Multi.Generic ) - warning
03:06:01.0167 1020 srv2 - detected LockedFile.Multi.Generic (1)
03:06:01.0192 1020 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:06:01.0192 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 4BED62F4FA4D8300973F1151F4C4D8A7
03:06:01.0194 1020 srvnet ( LockedFile.Multi.Generic ) - warning
03:06:01.0194 1020 srvnet - detected LockedFile.Multi.Generic (1)
03:06:01.0221 1020 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:06:01.0247 1020 SSDPSRV - ok
03:06:01.0293 1020 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:06:01.0316 1020 SstpSvc - ok
03:06:01.0340 1020 Steam Client Service - ok
03:06:01.0388 1020 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
03:06:01.0448 1020 stisvc - ok
03:06:01.0493 1020 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:06:01.0494 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\swenum.sys. md5: 8A851CA908B8B974F89C50D2E18D4F0C
03:06:01.0508 1020 swenum ( LockedFile.Multi.Generic ) - warning
03:06:01.0508 1020 swenum - detected LockedFile.Multi.Generic (1)
03:06:01.0629 1020 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:06:01.0643 1020 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
03:06:01.0643 1020 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
03:06:01.0696 1020 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
03:06:01.0766 1020 swprv - ok
03:06:01.0809 1020 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
03:06:01.0810 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\symc8xx.sys. md5: 2F26A2C6FC96B29BEFF5D8ED74E6625B
03:06:01.0840 1020 Symc8xx ( LockedFile.Multi.Generic ) - warning
03:06:01.0840 1020 Symc8xx - detected LockedFile.Multi.Generic (1)
03:06:01.0882 1020 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
03:06:01.0882 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sym_hi.sys. md5: A909667976D3BCCD1DF813FED517D837
03:06:01.0885 1020 Sym_hi ( LockedFile.Multi.Generic ) - warning
03:06:01.0885 1020 Sym_hi - detected LockedFile.Multi.Generic (1)
03:06:01.0933 1020 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
03:06:01.0934 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sym_u3.sys. md5: 36887B56EC2D98B9C362F6AE4DE5B7B0
03:06:01.0937 1020 Sym_u3 ( LockedFile.Multi.Generic ) - warning
03:06:01.0937 1020 Sym_u3 - detected LockedFile.Multi.Generic (1)
03:06:01.0998 1020 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
03:06:02.0072 1020 SysMain - ok
03:06:02.0111 1020 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:06:02.0130 1020 TabletInputService - ok
03:06:02.0228 1020 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
03:06:02.0228 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\taphss.sys. md5: F33FDC72298DF4BF9813A55D21F4EB31
03:06:02.0252 1020 taphss ( LockedFile.Multi.Generic ) - warning
03:06:02.0252 1020 taphss - detected LockedFile.Multi.Generic (1)
03:06:02.0281 1020 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:06:02.0303 1020 TapiSrv - ok
03:06:02.0334 1020 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
03:06:02.0361 1020 TBS - ok
03:06:02.0412 1020 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:06:02.0412 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: 46D448E9117464E4D3BBF36D7E3FA48E
03:06:02.0418 1020 Tcpip ( LockedFile.Multi.Generic ) - warning
03:06:02.0418 1020 Tcpip - detected LockedFile.Multi.Generic (1)
03:06:02.0437 1020 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
03:06:02.0437 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 46D448E9117464E4D3BBF36D7E3FA48E
03:06:02.0441 1020 Tcpip6 ( LockedFile.Multi.Generic ) - warning
03:06:02.0441 1020 Tcpip6 - detected LockedFile.Multi.Generic (1)
03:06:02.0467 1020 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:06:02.0467 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: C7E72A4071EE0200E3C075DACFB2B334
03:06:02.0469 1020 tcpipreg ( LockedFile.Multi.Generic ) - warning
03:06:02.0469 1020 tcpipreg - detected LockedFile.Multi.Generic (1)
03:06:02.0489 1020 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:06:02.0489 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 1D8BF4AAA5FB7A2761475781DC1195BC
03:06:02.0502 1020 TDPIPE ( LockedFile.Multi.Generic ) - warning
03:06:02.0502 1020 TDPIPE - detected LockedFile.Multi.Generic (1)
03:06:02.0533 1020 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:06:02.0533 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 7F7E00CDF609DF657F4CDA02DD1C9BB1
03:06:02.0535 1020 TDTCP ( LockedFile.Multi.Generic ) - warning
03:06:02.0535 1020 TDTCP - detected LockedFile.Multi.Generic (1)
03:06:02.0580 1020 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:06:02.0580 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: 458919C8C42E398DC4802178D5FFEE27
03:06:02.0599 1020 tdx ( LockedFile.Multi.Generic ) - warning
03:06:02.0599 1020 tdx - detected LockedFile.Multi.Generic (1)
03:06:02.0630 1020 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:06:02.0630 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\termdd.sys. md5: 8C19678D22649EC002EF2282EAE92F98
03:06:02.0632 1020 TermDD ( LockedFile.Multi.Generic ) - warning
03:06:02.0632 1020 TermDD - detected LockedFile.Multi.Generic (1)
03:06:02.0667 1020 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
03:06:02.0693 1020 TermService - ok
03:06:02.0743 1020 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
03:06:02.0744 1020 Suspicious file (NoAccess): C:\Windows\System32\Drivers\TFsExDisk.sys. md5: CE4B6956E4E12492715A53076E58761F
03:06:02.0747 1020 TFsExDisk ( LockedFile.Multi.Generic ) - warning
03:06:02.0747 1020 TFsExDisk - detected LockedFile.Multi.Generic (1)
03:06:02.0769 1020 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
03:06:02.0782 1020 Themes - ok
03:06:02.0803 1020 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
03:06:02.0834 1020 THREADORDER - ok
03:06:02.0896 1020 [ 69A7B3E2DA1D754ED33DE11E52B7F0D3 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
03:06:02.0905 1020 TomTomHOMEService - ok
03:06:02.0960 1020 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
03:06:02.0992 1020 TrkWks - ok
03:06:03.0043 1020 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:06:03.0073 1020 TrustedInstaller - ok
03:06:03.0126 1020 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:06:03.0126 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 9E5409CD17C8BEF193AAD498F3BC2CB8
03:06:03.0128 1020 tssecsrv ( LockedFile.Multi.Generic ) - warning
03:06:03.0128 1020 tssecsrv - detected LockedFile.Multi.Generic (1)
03:06:03.0168 1020 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
03:06:03.0168 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunmp.sys. md5: 89EC74A9E602D16A75A4170511029B3C
03:06:03.0183 1020 tunmp ( LockedFile.Multi.Generic ) - warning
03:06:03.0183 1020 tunmp - detected LockedFile.Multi.Generic (1)
03:06:03.0215 1020 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:06:03.0215 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 30A9B3F45AD081BFFC3BCAA9C812B609
03:06:03.0217 1020 tunnel ( LockedFile.Multi.Generic ) - warning
03:06:03.0217 1020 tunnel - detected LockedFile.Multi.Generic (1)
03:06:03.0251 1020 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:06:03.0251 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\uagp35.sys. md5: FEC266EF401966311744BD0F359F7F56
03:06:03.0254 1020 uagp35 ( LockedFile.Multi.Generic ) - warning
03:06:03.0254 1020 uagp35 - detected LockedFile.Multi.Generic (1)
03:06:03.0298 1020 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:06:03.0299 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FAF2640A2A76ED03D449E443194C4C34
03:06:03.0301 1020 udfs ( LockedFile.Multi.Generic ) - warning
03:06:03.0301 1020 udfs - detected LockedFile.Multi.Generic (1)
03:06:03.0347 1020 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:06:03.0379 1020 UI0Detect - ok
03:06:03.0442 1020 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:06:03.0443 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4EC9447AC3AB462647F60E547208CA00
03:06:03.0468 1020 uliagpkx ( LockedFile.Multi.Generic ) - warning
03:06:03.0468 1020 uliagpkx - detected LockedFile.Multi.Generic (1)
03:06:03.0501 1020 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
03:06:03.0501 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliahci.sys. md5: 697F0446134CDC8F99E69306184FBBB4
03:06:03.0504 1020 uliahci ( LockedFile.Multi.Generic ) - warning
03:06:03.0504 1020 uliahci - detected LockedFile.Multi.Generic (1)
03:06:03.0526 1020 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
03:06:03.0526 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ulsata.sys. md5: 31707F09846056651EA2C37858F5DDB0
03:06:03.0529 1020 UlSata ( LockedFile.Multi.Generic ) - warning
03:06:03.0529 1020 UlSata - detected LockedFile.Multi.Generic (1)
03:06:03.0552 1020 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
03:06:03.0553 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ulsata2.sys. md5: 85E5E43ED5B48C8376281BAB519271B7
03:06:03.0556 1020 ulsata2 ( LockedFile.Multi.Generic ) - warning
03:06:03.0556 1020 ulsata2 - detected LockedFile.Multi.Generic (1)
03:06:03.0573 1020 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:06:03.0574 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: 46E9A994C4FED537DD951F60B86AD3F4
03:06:03.0576 1020 umbus ( LockedFile.Multi.Generic ) - warning
03:06:03.0576 1020 umbus - detected LockedFile.Multi.Generic (1)
03:06:03.0616 1020 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
03:06:03.0715 1020 upnphost - ok
03:06:03.0748 1020 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
03:06:03.0748 1020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbaapl64.sys. md5: AA33FC47ED58C34E6E9261E4F850B7EB
03:06:03.0757 1020 USBAAPL64 ( LockedFile.Multi.Generic ) - warning
03:06:03.0758 1020 USBAAPL64 - detected LockedFile.Multi.Generic (1)
03:06:03.0791 1020 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
03:06:03.0791 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbaudio.sys. md5: C6BA890DE6E41857FBE84175519CAE7D
03:06:03.0793 1020 usbaudio ( LockedFile.Multi.Generic ) - warning
03:06:03.0793 1020 usbaudio - detected LockedFile.Multi.Generic (1)
03:06:03.0840 1020 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:06:03.0840 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 07E3498FC60834219D2356293DA0FECC
03:06:03.0843 1020 usbccgp ( LockedFile.Multi.Generic ) - warning
03:06:03.0843 1020 usbccgp - detected LockedFile.Multi.Generic (1)
03:06:03.0887 1020 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
03:06:03.0887 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: 9247F7E0B65852C1F6631480984D6ED2
03:06:03.0891 1020 usbcir ( LockedFile.Multi.Generic ) - warning
03:06:03.0891 1020 usbcir - detected LockedFile.Multi.Generic (1)
03:06:03.0908 1020 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:06:03.0908 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: 827E44DE934A736EA31E91D353EB126F
03:06:03.0911 1020 usbehci ( LockedFile.Multi.Generic ) - warning
03:06:03.0911 1020 usbehci - detected LockedFile.Multi.Generic (1)
03:06:03.0977 1020 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:06:03.0977 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: BB35CD80A2ECECFADC73569B3D70C7D1
03:06:04.0004 1020 usbhub ( LockedFile.Multi.Generic ) - warning
03:06:04.0004 1020 usbhub - detected LockedFile.Multi.Generic (1)
03:06:04.0026 1020 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:06:04.0026 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: EBA14EF0C07CEC233F1529C698D0D154
03:06:04.0028 1020 usbohci ( LockedFile.Multi.Generic ) - warning
03:06:04.0028 1020 usbohci - detected LockedFile.Multi.Generic (1)
03:06:04.0058 1020 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
03:06:04.0058 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 28B693B6D31E7B9332C1BDCEFEF228C1
03:06:04.0061 1020 usbprint ( LockedFile.Multi.Generic ) - warning
03:06:04.0061 1020 usbprint - detected LockedFile.Multi.Generic (1)
03:06:04.0099 1020 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
03:06:04.0099 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: EA0BF666868964FBE8CB10E50C97B9F1
03:06:04.0116 1020 usbscan ( LockedFile.Multi.Generic ) - warning
03:06:04.0116 1020 usbscan - detected LockedFile.Multi.Generic (1)
03:06:04.0170 1020 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:06:04.0170 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: B854C1558FCA0C269A38663E8B59B581
03:06:04.0173 1020 USBSTOR ( LockedFile.Multi.Generic ) - warning
03:06:04.0173 1020 USBSTOR - detected LockedFile.Multi.Generic (1)
03:06:04.0217 1020 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
03:06:04.0218 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: B2872CBF9F47316ABD0E0C74A1ABA507
03:06:04.0243 1020 usbuhci ( LockedFile.Multi.Generic ) - warning
03:06:04.0243 1020 usbuhci - detected LockedFile.Multi.Generic (1)
03:06:04.0269 1020 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
03:06:04.0306 1020 UxSms - ok
03:06:04.0344 1020 [ 8FC6E3D302550A06C7C5DB9F1AB54193 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
03:06:04.0345 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VClone.sys. md5: 8FC6E3D302550A06C7C5DB9F1AB54193
03:06:04.0348 1020 VClone ( LockedFile.Multi.Generic ) - warning
03:06:04.0348 1020 VClone - detected LockedFile.Multi.Generic (1)
03:06:04.0400 1020 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
03:06:04.0463 1020 vds - ok
03:06:04.0504 1020 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:06:04.0504 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 916B94BCF1E09873FFF2D5FB11767BBC
03:06:04.0527 1020 vga ( LockedFile.Multi.Generic ) - warning
03:06:04.0527 1020 vga - detected LockedFile.Multi.Generic (1)
03:06:04.0575 1020 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
03:06:04.0575 1020 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: B83AB16B51FEDA65DD81B8C59D114D63
03:06:04.0579 1020 VgaSave ( LockedFile.Multi.Generic ) - warning
03:06:04.0579 1020 VgaSave - detected LockedFile.Multi.Generic (1)
03:06:04.0632 1020 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
03:06:04.0632 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: 8294B6C3FDB6C33F24E150DE647ECDAA
03:06:04.0634 1020 viaide ( LockedFile.Multi.Generic ) - warning
03:06:04.0634 1020 viaide - detected LockedFile.Multi.Generic (1)
03:06:04.0651 1020 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:06:04.0652 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: 2B7E885ED951519A12C450D24535DFCA
03:06:04.0654 1020 volmgr ( LockedFile.Multi.Generic ) - warning
03:06:04.0654 1020 volmgr - detected LockedFile.Multi.Generic (1)
03:06:04.0692 1020 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:06:04.0692 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: CEC5AC15277D75D9E5DEC2E1C6EAF877
03:06:04.0694 1020 volmgrx ( LockedFile.Multi.Generic ) - warning
03:06:04.0695 1020 volmgrx - detected LockedFile.Multi.Generic (1)
03:06:04.0719 1020 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:06:04.0719 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 5280AADA24AB36B01A84A6424C475C8D
03:06:04.0732 1020 volsnap ( LockedFile.Multi.Generic ) - warning
03:06:04.0732 1020 volsnap - detected LockedFile.Multi.Generic (1)
03:06:04.0756 1020 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:06:04.0756 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\vsmraid.sys. md5: A68F455ED2673835209318DD61BFBB0E
03:06:04.0774 1020 vsmraid ( LockedFile.Multi.Generic ) - warning
03:06:04.0774 1020 vsmraid - detected LockedFile.Multi.Generic (1)
03:06:04.0826 1020 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
03:06:05.0009 1020 VSS - ok
03:06:05.0058 1020 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
03:06:05.0129 1020 W32Time - ok
03:06:05.0191 1020 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:06:05.0191 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\wacompen.sys. md5: FEF8FE5923FEAD2CEE4DFABFCE3393A7
03:06:05.0219 1020 WacomPen ( LockedFile.Multi.Generic ) - warning
03:06:05.0219 1020 WacomPen - detected LockedFile.Multi.Generic (1)
03:06:05.0267 1020 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
03:06:05.0267 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: B8E7049622300D20BA6D8BE0C47C0CFD
03:06:05.0271 1020 Wanarp ( LockedFile.Multi.Generic ) - warning
03:06:05.0271 1020 Wanarp - detected LockedFile.Multi.Generic (1)
03:06:05.0278 1020 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:06:05.0278 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: B8E7049622300D20BA6D8BE0C47C0CFD
03:06:05.0281 1020 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
03:06:05.0281 1020 Wanarpv6 - detected LockedFile.Multi.Generic (1)
03:06:05.0339 1020 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:06:05.0391 1020 wcncsvc - ok
03:06:05.0427 1020 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:06:05.0457 1020 WcsPlugInService - ok
03:06:05.0472 1020 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
03:06:05.0473 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\wd.sys. md5: 0C17A0816F65B89E362E682AD5E7266E
03:06:05.0475 1020 Wd ( LockedFile.Multi.Generic ) - warning
03:06:05.0475 1020 Wd - detected LockedFile.Multi.Generic (1)
03:06:05.0525 1020 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
03:06:05.0526 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wdcsam64.sys. md5: A3D04EBF5227886029B4532F20D026F7
03:06:05.0528 1020 WDC_SAM ( LockedFile.Multi.Generic ) - warning
03:06:05.0528 1020 WDC_SAM - detected LockedFile.Multi.Generic (1)
03:06:05.0562 1020 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:06:05.0563 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: D02E7E4567DA1E7582FBF6A91144B0DF
03:06:05.0575 1020 Wdf01000 ( LockedFile.Multi.Generic ) - warning
03:06:05.0575 1020 Wdf01000 - detected LockedFile.Multi.Generic (1)
03:06:05.0594 1020 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:06:05.0644 1020 WdiServiceHost - ok
03:06:05.0654 1020 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:06:05.0694 1020 WdiSystemHost - ok
03:06:05.0736 1020 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
03:06:05.0762 1020 WebClient - ok
03:06:05.0810 1020 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:06:05.0835 1020 Wecsvc - ok
03:06:05.0871 1020 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:06:05.0890 1020 wercplsupport - ok
03:06:05.0920 1020 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
03:06:05.0944 1020 WerSvc - ok
03:06:05.0986 1020 WinDefend - ok
03:06:06.0000 1020 WinHttpAutoProxySvc - ok
03:06:06.0051 1020 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:06:06.0078 1020 Winmgmt - ok
03:06:06.0172 1020 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
03:06:06.0255 1020 WinRM - ok
03:06:06.0304 1020 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
03:06:06.0343 1020 Wlansvc - ok
03:06:06.0450 1020 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:06:06.0630 1020 wlidsvc - ok
03:06:06.0755 1020 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:06:06.0756 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: E18AEBAAA5A773FE11AA2C70F65320F5
03:06:06.0780 1020 WmiAcpi ( LockedFile.Multi.Generic ) - warning
03:06:06.0780 1020 WmiAcpi - detected LockedFile.Multi.Generic (1)
03:06:06.0858 1020 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:06:06.0899 1020 wmiApSrv - ok
03:06:06.0927 1020 WMPNetworkSvc - ok
03:06:06.0974 1020 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:06:06.0997 1020 WPCSvc - ok
03:06:07.0033 1020 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:06:07.0064 1020 WPDBusEnum - ok
03:06:07.0101 1020 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
03:06:07.0101 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wpdusb.sys. md5: 5E2401B3FC1089C90E081291357371A9
03:06:07.0103 1020 WpdUsb ( LockedFile.Multi.Generic ) - warning
03:06:07.0103 1020 WpdUsb - detected LockedFile.Multi.Generic (1)
03:06:07.0235 1020 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:06:07.0293 1020 WPFFontCache_v0400 - ok
03:06:07.0424 1020 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:06:07.0424 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 8A900348370E359B6BFF6A550E4649E1
03:06:07.0428 1020 ws2ifsl ( LockedFile.Multi.Generic ) - warning
03:06:07.0428 1020 ws2ifsl - detected LockedFile.Multi.Generic (1)
03:06:07.0486 1020 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
03:06:07.0505 1020 wscsvc - ok
03:06:07.0513 1020 WSearch - ok
03:06:07.0615 1020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:06:07.0799 1020 wuauserv - ok
03:06:07.0893 1020 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:06:07.0893 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 501A65252617B495C0F1832F908D54D8
03:06:07.0907 1020 WUDFRd ( LockedFile.Multi.Generic ) - warning
03:06:07.0907 1020 WUDFRd - detected LockedFile.Multi.Generic (1)
03:06:07.0976 1020 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:06:08.0015 1020 wudfsvc - ok
03:06:08.0080 1020 X6va005 - ok
03:06:08.0151 1020 [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
03:06:08.0151 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\yk60x64.sys. md5: 2AE06B41B36549FABF0886B2AF89A599
03:06:08.0182 1020 yukonx64 ( LockedFile.Multi.Generic ) - warning
03:06:08.0182 1020 yukonx64 - detected LockedFile.Multi.Generic (1)
03:06:08.0197 1020 ================ Scan global ===============================
03:06:08.0220 1020 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
03:06:08.0245 1020 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:06:08.0256 1020 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:06:08.0279 1020 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
03:06:08.0281 1020 [Global] - ok
03:06:08.0281 1020 ================ Scan MBR ==================================
03:06:08.0283 1020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
03:06:08.0341 1020 \Device\Harddisk0\DR0 - ok
03:06:08.0356 1020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
03:06:08.0447 1020 \Device\Harddisk1\DR1 - ok
03:06:08.0457 1020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
03:06:08.0803 1020 \Device\Harddisk2\DR2 - ok
03:06:08.0803 1020 ================ Scan VBR ==================================
03:06:08.0805 1020 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
03:06:08.0805 1020 \Device\Harddisk0\DR0\Partition1 - ok
03:06:08.0807 1020 [ D519E97E6F29C24AF444FDA9AF25E828 ] \Device\Harddisk0\DR0\Partition2
03:06:08.0808 1020 \Device\Harddisk0\DR0\Partition2 - ok
03:06:08.0810 1020 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
03:06:08.0810 1020 \Device\Harddisk1\DR1\Partition1 - ok
03:06:08.0836 1020 [ 9DCB8F908916BF527DBBE11F68CF49CD ] \Device\Harddisk1\DR1\Partition2
03:06:08.0837 1020 \Device\Harddisk1\DR1\Partition2 - ok
03:06:08.0839 1020 [ A2E83A16EE0F3656564574A36EF0FADC ] \Device\Harddisk2\DR2\Partition1
03:06:08.0840 1020 \Device\Harddisk2\DR2\Partition1 - ok
03:06:08.0840 1020 ============================================================
03:06:08.0840 1020 Scan finished
03:06:08.0840 1020 ============================================================
03:06:08.0846 3612 Detected object count: 173
03:06:08.0846 3612 Actual detected object count: 173
03:07:30.0391 3612 C:\Windows\System32\Drivers\ab4ace225aba4d0.sys - copied to quarantine
03:07:30.0418 3612 HKLM\SYSTEM\ControlSet001\services\ab4ace225aba4d0 - will be deleted on reboot
03:07:30.0443 3612 HKLM\SYSTEM\ControlSet003\services\ab4ace225aba4d0 - will be deleted on reboot
03:07:30.0686 3612 C:\Windows\System32\Drivers\ab4ace225aba4d0.sys - will be deleted on reboot
03:07:30.0686 3612 ab4ace225aba4d0 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
03:07:30.0687 3612 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0687 3612 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0689 3612 GEARAspiWDM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0689 3612 GEARAspiWDM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0690 3612 hamachi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0690 3612 hamachi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0692 3612 HidBth ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0692 3612 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0693 3612 HidIr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0693 3612 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0695 3612 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0695 3612 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0696 3612 HTTP ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0696 3612 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0698 3612 i2omp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0698 3612 i2omp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0699 3612 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0699 3612 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0701 3612 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0701 3612 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0702 3612 intelide ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0702 3612 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0704 3612 intelppm ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0704 3612 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0705 3612 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0705 3612 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0707 3612 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0707 3612 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0708 3612 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0708 3612 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0710 3612 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0710 3612 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0711 3612 isapnp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0711 3612 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0713 3612 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0713 3612 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0714 3612 iteatapi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0714 3612 iteatapi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0716 3612 iteraid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0716 3612 iteraid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0717 3612 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0717 3612 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0719 3612 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0719 3612 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0720 3612 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0720 3612 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0722 3612 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0722 3612 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0723 3612 lltdio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0723 3612 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0725 3612 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0725 3612 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0726 3612 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0726 3612 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0728 3612 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0728 3612 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0729 3612 luafv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0729 3612 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0731 3612 megasas ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0731 3612 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0732 3612 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0732 3612 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0734 3612 Modem ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0734 3612 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0735 3612 monitor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0735 3612 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0737 3612 mouclass ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0737 3612 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0738 3612 mouhid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0738 3612 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0740 3612 MountMgr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0740 3612 MountMgr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0741 3612 mpio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0741 3612 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0742 3612 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0743 3612 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0744 3612 Mraid35x ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0744 3612 Mraid35x ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0745 3612 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0746 3612 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0747 3612 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0747 3612 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0748 3612 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0749 3612 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0750 3612 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0750 3612 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0751 3612 msahci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0751 3612 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0753 3612 msdsm ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0753 3612 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0754 3612 Msfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0754 3612 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0756 3612 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0756 3612 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0757 3612 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0757 3612 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0759 3612 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0759 3612 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0760 3612 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0760 3612 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0762 3612 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0762 3612 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0763 3612 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0763 3612 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0765 3612 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0765 3612 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0766 3612 MTsensor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0766 3612 MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0768 3612 Mup ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0768 3612 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0769 3612 mv61xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0769 3612 mv61xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0771 3612 mv64xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0771 3612 mv64xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0772 3612 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0772 3612 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0774 3612 NDIS ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0774 3612 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0775 3612 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0775 3612 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0777 3612 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0777 3612 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0778 3612 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0778 3612 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0780 3612 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0780 3612 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0781 3612 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0782 3612 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0783 3612 netbt ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0783 3612 netbt ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0784 3612 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0784 3612 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0786 3612 Npfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0786 3612 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0787 3612 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0787 3612 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0789 3612 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0789 3612 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0790 3612 Null ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0790 3612 Null ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0792 3612 nvraid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0792 3612 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0793 3612 nvstor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0793 3612 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0795 3612 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0795 3612 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0796 3612 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0796 3612 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0798 3612 Parport ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0798 3612 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0799 3612 partmgr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0799 3612 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0801 3612 pci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0801 3612 pci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0802 3612 pciide ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0802 3612 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0804 3612 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0804 3612 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0805 3612 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0805 3612 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0806 3612 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0806 3612 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0807 3612 Processor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0807 3612 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0807 3612 PS3 Media Server ( UnsignedFile.Multi.Generic ) - skipped by user
03:07:30.0807 3612 PS3 Media Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:07:30.0808 3612 PSched ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0808 3612 PSched ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0809 3612 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0809 3612 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0810 3612 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0810 3612 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0811 3612 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0811 3612 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0812 3612 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0812 3612 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0813 3612 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0813 3612 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0814 3612 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0814 3612 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0814 3612 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0814 3612 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0815 3612 rdbss ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0815 3612 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0816 3612 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0816 3612 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0817 3612 rdpdr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0817 3612 rdpdr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0818 3612 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0818 3612 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0819 3612 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0819 3612 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0820 3612 RivaTuner64 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0820 3612 RivaTuner64 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0821 3612 rspndr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0821 3612 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0821 3612 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0821 3612 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0822 3612 SASDIFSV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0822 3612 SASDIFSV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0823 3612 SASKUTIL ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0823 3612 SASKUTIL ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0824 3612 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0824 3612 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0825 3612 secdrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0825 3612 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0826 3612 Serenum ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0826 3612 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0827 3612 Serial ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0827 3612 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0828 3612 sermouse ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0828 3612 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0829 3612 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0829 3612 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0830 3612 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0830 3612 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0831 3612 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0831 3612 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0831 3612 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0831 3612 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0832 3612 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0832 3612 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0833 3612 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0833 3612 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0834 3612 Smb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0834 3612 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0835 3612 SNP2STD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0835 3612 SNP2STD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0836 3612 spldr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0836 3612 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0837 3612 srv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0837 3612 srv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0838 3612 srv2 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0838 3612 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0838 3612 srvnet ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0838 3612 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0839 3612 swenum ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0839 3612 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0840 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
03:07:30.0840 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:07:30.0841 3612 Symc8xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0841 3612 Symc8xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0842 3612 Sym_hi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0842 3612 Sym_hi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0843 3612 Sym_u3 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0843 3612 Sym_u3 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0844 3612 taphss ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0844 3612 taphss ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0844 3612 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0845 3612 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0845 3612 Tcpip6 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0845 3612 Tcpip6 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0846 3612 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0846 3612 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0847 3612 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0847 3612 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0848 3612 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0848 3612 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0849 3612 tdx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0849 3612 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0850 3612 TermDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0850 3612 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0851 3612 TFsExDisk ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0851 3612 TFsExDisk ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0851 3612 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0852 3612 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0852 3612 tunmp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0852 3612 tunmp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0853 3612 tunnel ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0853 3612 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0854 3612 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0854 3612 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0855 3612 udfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0855 3612 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0856 3612 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0856 3612 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0857 3612 uliahci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0857 3612 uliahci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0857 3612 UlSata ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0857 3612 UlSata ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0858 3612 ulsata2 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0858 3612 ulsata2 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0859 3612 umbus ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0859 3612 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0860 3612 USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0860 3612 USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0860 3612 usbaudio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0861 3612 usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0861 3612 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0861 3612 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0862 3612 usbcir ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0862 3612 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0863 3612 usbehci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0863 3612 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0864 3612 usbhub ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0864 3612 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0865 3612 usbohci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0865 3612 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0866 3612 usbprint ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0866 3612 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0867 3612 usbscan ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0867 3612 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0867 3612 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0868 3612 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0868 3612 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0868 3612 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0869 3612 VClone ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0869 3612 VClone ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0870 3612 vga ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0870 3612 vga ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0871 3612 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0871 3612 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0872 3612 viaide ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0872 3612 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0873 3612 volmgr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0873 3612 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0874 3612 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0874 3612 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0874 3612 volsnap ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0874 3612 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0875 3612 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0875 3612 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0876 3612 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0876 3612 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0877 3612 Wanarp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0877 3612 Wanarp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0878 3612 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0878 3612 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0879 3612 Wd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0879 3612 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0880 3612 WDC_SAM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0880 3612 WDC_SAM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0881 3612 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0881 3612 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0881 3612 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0881 3612 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0882 3612 WpdUsb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0882 3612 WpdUsb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0883 3612 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0883 3612 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0884 3612 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0884 3612 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0885 3612 yukonx64 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0885 3612 yukonx64 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:52.0045 3632 Deinitialize success
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.02.01
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: 166005-PC [administrator]
Protection: Disabled
02/09/2012 03:35:49
mbam-log-2012-09-02 (03-35-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 217232
Time elapsed: 8 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/09/2012 04:20:23
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/09/2012 03:13:11
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/09/2012 04:21:19
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/09/2012 03:13:10
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 02/09/2012 04:22:43 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
9.99 Gb Total Physical Memory | 7.89 Gb Available Physical Memory | 78.98% Memory free
19.97 Gb Paging File | 18.02 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 282.83 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS
Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
========== Modules (No Company Name) ========== MOD - [2012/08/28 22:26:30 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
========== Services (SafeList) ========== SRV:
64bit: - [2012/08/26 23:53:23 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:
64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2011/09/06 21:11:51 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:
64bit: - [2008/07/15 18:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:
64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2007/10/18 16:54:08 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdvcoms.exe -- (lxdv_device)
SRV:
64bit: - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV:
64bit: - [2007/03/16 02:24:18 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device)
SRV - [2012/08/28 22:26:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/06 19:25:54 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 16:05:04 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/17 09:40:50 | 000,217,088 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2007/10/18 16:53:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdvcoms.exe -- (lxdv_device)
SRV - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2007/03/16 02:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbccoms.exe -- (lxbc_device)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:
64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:
64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:
64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:
64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:
64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/07/26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:
64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:
64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:
64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:
64bit: - [2008/12/25 18:30:52 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:
64bit: - [2008/09/24 11:29:20 | 000,035,840 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:
64bit: - [2008/09/01 07:03:01 | 000,316,456 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv64xx.sys -- (mv64xx)
DRV:
64bit: - [2008/07/21 13:11:56 | 000,032,200 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:
64bit: - [2008/07/10 16:01:46 | 000,472,064 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:
64bit: - [2008/06/23 23:21:32 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:
64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:
64bit: - [2007/12/06 10:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:
64bit: - [2007/09/10 11:41:18 | 012,528,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snp2sxp.sys -- (SNP2STD)
DRV:
64bit: - [2006/11/01 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011/06/14 13:40:52 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2007/09/05 13:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...&rlz=1I7ADFA_enIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "ROTTEN TOMATOES"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.google.co.uk/"FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/30 08:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\
[email protected][2012/09/01 22:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions
[2011/01/03 04:15:19 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/07/18 00:53:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(31)
[2011/11/13 00:43:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(35)
[2010/02/23 13:37:04 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\
[email protected][2010/03/11 00:11:42 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\
[email protected][2009/12/09 17:36:52 | 000,000,000 | ---D | M] (Pterodactl) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\
[email protected][2011/07/16 21:17:47 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\SkipScreen@SkipScreen(30)
[2011/02/17 08:13:03 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\
[email protected][2012/03/22 03:05:48 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\
[email protected][2012/07/25 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions
[2011/05/03 06:25:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/17 08:15:12 | 000,002,003 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\boltcd.xml
[2009/02/03 04:19:51 | 000,002,213 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\google-image-search.xml
[2011/06/21 22:37:56 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\hd-bb--index-page.xml
[2009/01/23 12:26:56 | 000,002,838 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\imdb-385.xml
[2009/12/10 21:34:43 | 000,001,504 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\mr-skin---search-results-for.xml
[2011/06/17 18:16:05 | 000,001,274 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\reddit.xml
[2009/01/27 19:09:26 | 000,002,137 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\rotten-tomatoes.xml
[2012/03/06 03:48:22 | 000,002,762 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-byskipity-uk.xml
[2012/02/05 22:23:31 | 000,002,291 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-uk.xml
[2012/03/08 22:50:16 | 000,002,710 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\skipity-search.xml
[2009/04/17 20:33:20 | 000,000,909 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\ultimate-guitar.xml
[2012/01/08 23:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 01:44:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}(0)
[2012/08/30 08:43:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/11 00:44:40 | 000,340,132 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/08/25 11:07:28 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/06/21 18:09:50 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\
[email protected][2012/07/09 23:48:27 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\
[email protected][2012/08/28 22:26:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/18 21:54:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/28 22:26:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 21:54:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/18 21:54:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/28 22:26:29 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/18 21:54:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ========== CHR - homepage:
http://www.google.co.uk/CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
http://www.google.co.uk/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: avast! WebRep = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
O1 HOSTS File: ([2012/09/02 02:54:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:
64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:
64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:
64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:
64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:
64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9441A29-21BA-4127-8E6F-996D74C7079E}: DhcpNameServer = 192.168.1.254
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/26 23:33:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
MsConfig:64bit - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg:
Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
AppleSyncNotifier - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg:
DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg:
ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg:
FixCamera - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
Google Update - hkey= - key= - C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg:
googletalk - hkey= - key= - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg:
iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg:
Lexmark X5400 Series - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
lxdvamon - hkey= - key= - C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe ()
MsConfig:64bit - StartUpReg:
lxdvmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe ()
MsConfig:64bit - StartUpReg:
Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg:
PMBVolumeWatcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg:
snp2std - hkey= - key= - C:\Windows\vsnp2std.exe (Sonix)
MsConfig:64bit - StartUpReg:
SoundMAXPnP - hkey= - key= - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig:64bit - StartUpReg:
Spotify Web Helper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg:
swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg:
tsnp2std - hkey= - key= - C:\Windows\tsnp2std.exe ()
MsConfig:64bit - StartUpReg:
VirtualCloneDrive - hkey= - key= - File not found
MsConfig:64bit - StartUpReg:
WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
SafeBootMin:
64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:
64bit: 98059560.sys - Driver
SafeBootMin:
64bit: Base - Driver Group
SafeBootMin:
64bit: Boot Bus Extender - Driver Group
SafeBootMin:
64bit: Boot file system - Driver Group
SafeBootMin:
64bit: File system - Driver Group
SafeBootMin:
64bit: Filter - Driver Group
SafeBootMin:
64bit: HelpSvc - Service
SafeBootMin:
64bit: PCI Configuration - Driver Group
SafeBootMin:
64bit: PNP Filter - Driver Group
SafeBootMin:
64bit: Primary disk - Driver Group
SafeBootMin:
64bit: sacsvr - Service
SafeBootMin:
64bit: SCSI Class - Driver Group
SafeBootMin:
64bit: System Bus Extender - Driver Group
SafeBootMin:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 98059560.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:
64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:
64bit: 98059560.sys - Driver
SafeBootNet:
64bit: Base - Driver Group
SafeBootNet:
64bit: Boot Bus Extender - Driver Group
SafeBootNet:
64bit: Boot file system - Driver Group
SafeBootNet:
64bit: File system - Driver Group
SafeBootNet:
64bit: Filter - Driver Group
SafeBootNet:
64bit: HelpSvc - Service
SafeBootNet:
64bit: Messenger - Service
SafeBootNet:
64bit: NDIS Wrapper - Driver Group
SafeBootNet:
64bit: NetBIOSGroup - Driver Group
SafeBootNet:
64bit: NetDDEGroup - Driver Group
SafeBootNet:
64bit: Network - Driver Group
SafeBootNet:
64bit: NetworkProvider - Driver Group
SafeBootNet:
64bit: PCI Configuration - Driver Group
SafeBootNet:
64bit: PNP Filter - Driver Group
SafeBootNet:
64bit: PNP_TDI - Driver Group
SafeBootNet:
64bit: Primary disk - Driver Group
SafeBootNet:
64bit: rdsessmgr - Service
SafeBootNet:
64bit: sacsvr - Service
SafeBootNet:
64bit: SCSI Class - Driver Group
SafeBootNet:
64bit: Streams Drivers - Driver Group
SafeBootNet:
64bit: System Bus Extender - Driver Group
SafeBootNet:
64bit: TDI - Driver Group
SafeBootNet:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:
64bit: WudfPf - Driver
SafeBootNet:
64bit: WudfUsbccidDriver - Driver
SafeBootNet:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:
64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:
64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:
64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:
64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:
64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 98059560.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:
64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:
64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:
64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:
64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:
64bit: {39144A18-31F9-C332-7A97-0BC28FFAB5D8} - Offline Browsing Pack
ActiveX:
64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:
64bit: {3BFE1E82-0021-C2AB-4DE3-646CB754171C} - Browser Customizations
ActiveX:
64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:
64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:
64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:
64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:
64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:
64bit: {5D5CF70B-F465-5619-443B-76DA0CA99232} - Microsoft Windows Media Player 11.0
ActiveX:
64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:
64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:
64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:
64bit: {6BF93B1F-6DAD-3795-8D37-9A90F1B5AD4C} - Themes Setup
ActiveX:
64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:
64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:
64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:
64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:
64bit: {A0766FB3-216B-D70D-A140-A545DCCBFF6A} -
ActiveX:
64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:
64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:
64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:
64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:
64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:
64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:
64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:
64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:
64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:
64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32:
64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/09/02 04:07:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/02 03:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/02 03:34:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 03:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/02 03:07:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/02 03:03:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/09/02 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/02 02:55:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/02 02:51:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/09/02 02:37:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/02 02:37:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/02 02:37:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/02 02:37:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/01 23:28:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/01 23:28:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/01 23:26:51 | 004,742,651 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/09/01 22:57:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/09/01 22:51:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/01 12:44:01 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2012/08/31 23:49:36 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 18:24:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/30 11:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/30 08:43:14 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/30 08:43:14 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/30 08:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/30 08:43:12 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/30 08:43:12 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/30 08:43:12 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/30 08:43:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/30 08:43:11 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/30 08:42:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/30 08:42:57 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/30 08:26:59 | 000,000,000 | ---D | C] -- C:\c2a434b5512df75af25a19
[2012/08/29 23:39:39 | 072,630,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\msert.exe
[2012/08/29 17:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/29 17:58:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/29 17:58:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/29 17:58:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/29 17:58:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/29 17:58:25 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/29 17:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/27 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2012/08/27 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\maya
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Autodesk
[2012/08/26 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Inventor Server x64 Direct Connect
[2012/08/26 23:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/08/26 23:33:35 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012/08/26 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.nuke
[2012/08/26 23:30:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\cache
[2012/08/26 23:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nuke6.3v8
[2012/08/26 23:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/08/26 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/26 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/26 22:45:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Jacqui documents
[2012/08/26 22:00:17 | 135,734,440 | ---- | C] (The Foundry ) -- C:\Users\Administrator\Desktop\Nuke6.3v8-win-x86-release-64.exe
[2012/08/26 21:58:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Adobe Photoshop CS6
[2012/08/26 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/26 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/08/26 16:44:52 | 002,625,536 | ---- | C] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Akamai
[2012/08/26 16:41:24 | 010,965,664 | ---- | C] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/21 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Shiner
[2012/08/14 23:29:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/14 23:29:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/14 23:29:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/14 23:29:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/14 23:29:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/14 23:29:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/14 23:29:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/14 23:29:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/14 23:29:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/14 23:29:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/14 23:29:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/14 23:29:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/14 23:29:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/14 23:22:40 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 23:22:39 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/14 23:22:34 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
========== Files - Modified Within 30 Days ========== [2012/09/02 04:27:10 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500UA.job
[2012/09/02 04:17:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\Administrator\Desktop\VEW.exe
[2012/09/02 04:11:54 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 04:11:54 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 04:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/02 04:06:58 | 004,009,167 | ---- | M] () -- C:\Users\Administrator\Desktop\ServicesRepair.exe
[2012/09/02 03:03:37 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/09/02 02:54:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/01 23:27:09 | 004,742,651 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/09/01 22:57:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/09/01 12:44:04 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 18:24:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/31 18:24:30 | 000,600,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/31 18:24:30 | 000,108,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 00:48:26 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/08/30 18:51:46 | 000,231,424 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/30 08:50:41 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012/08/30 08:43:11 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:43:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/30 08:30:40 | 000,722,410 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:42:02 | 072,630,320 | ---- | M] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\msert.exe
[2012/08/29 23:15:51 | 490,275,803 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/29 17:58:02 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/29 17:57:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/29 17:57:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/29 17:57:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/29 17:57:53 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/29 17:57:53 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/29 14:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500Core.job
[2012/08/29 03:29:27 | 000,002,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Camtasia Recorder.lnk
[2012/08/29 01:29:24 | 000,712,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/28 21:06:08 | 255,358,211 | ---- | M] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/28 05:57:01 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/27 14:27:07 | 002,029,424 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:56:54 | 000,017,666 | ---- | M] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:14 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:30:29 | 002,029,277 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:39:55 | 333,550,554 | ---- | M] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/27 00:03:29 | 004,928,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/26 23:53:23 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | M] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | M] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 17:59:38 | 1630,552,088 | ---- | M] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/26 16:46:04 | 002,625,536 | ---- | M] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:43:34 | 010,965,664 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/22 07:28:42 | 000,002,083 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 10:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 10:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 10:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/17 08:31:17 | 000,000,208 | ---- | M] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url
========== Files Created - No Company Name ========== [2012/09/02 04:17:55 | 000,061,440 | ---- | C] ( ) -- C:\Users\Administrator\Desktop\VEW.exe
[2012/09/02 04:06:48 | 004,009,167 | ---- | C] () -- C:\Users\Administrator\Desktop\ServicesRepair.exe
[2012/09/02 02:37:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/02 02:37:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/02 02:37:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/02 02:37:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/02 02:37:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/30 08:43:11 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:30:40 | 000,722,410 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:15:51 | 490,275,803 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/28 20:57:34 | 255,358,211 | ---- | C] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/27 13:56:54 | 000,017,666 | ---- | C] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:12 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:31:33 | 002,029,424 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:30:28 | 002,029,277 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:30:20 | 333,550,554 | ---- | C] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/26 23:53:23 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | C] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | C] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 23:25:48 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/08/26 23:25:05 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/08/26 23:24:16 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/08/26 23:23:51 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/08/26 23:21:55 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/08/26 23:21:50 | 000,001,350 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/08/26 21:57:16 | 000,000,954 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 16:45:17 | 1630,552,088 | ---- | C] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/20 13:42:26 | 000,608,711 | ---- | C] () -- C:\Users\Administrator\Desktop\P90X Calendar.pdf
[2012/08/17 08:31:17 | 000,000,208 | ---- | C] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/13 05:26:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 19:47:31 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvserv.dll
[2011/10/25 19:47:31 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvusb1.dll
[2011/10/25 19:47:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvpmui.dll
[2011/10/25 19:47:31 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvlmpm.dll
[2011/10/25 19:47:31 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdvcomx.dll
[2011/10/25 19:47:31 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvinpa.dll
[2011/10/25 19:47:31 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDVinst.dll
[2011/10/25 19:47:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdviesc.dll
[2011/10/25 19:47:31 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvih.exe
[2011/10/25 19:47:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvprox.dll
[2011/10/25 19:47:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomc.dll
[2011/10/25 19:47:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvhbn3.dll
[2011/10/25 19:47:30 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcoms.exe
[2011/10/25 19:47:30 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcfg.exe
[2011/10/25 19:47:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomm.dll
[2011/10/25 19:37:36 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/06 03:57:03 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/06/24 04:58:38 | 000,000,336 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Drives Meter_Settings.ini
[2011/06/24 04:54:49 | 000,000,412 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\All CPU Meter_Settings.ini
[2011/04/11 17:23:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/03/08 18:59:11 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/08 18:59:10 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/08 18:59:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/06 00:53:53 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009/03/21 05:03:24 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/01/21 18:46:49 | 000,231,424 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 18:25:26 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103UJ ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDP725050GLA360 ATA Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Lexmark USB Mass Storage USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE6 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE7 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE8 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 135266304
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 135266304
Hidden sectors: 0
DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 1048576
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe > < %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2011/03/13 05:27:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012/08/27 14:30:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/12/04 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2009/01/19 18:40:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI
[2012/08/27 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2010/12/14 00:30:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BITS
[2012/08/26 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/04/07 22:04:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2009/09/17 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache
[2009/04/07 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dr. DivX 2.0 OSS
[2011/11/23 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2010/12/28 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010/02/17 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2010/05/03 13:39:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Facebook
[2010/05/23 00:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FFSJ
[2010/08/23 11:43:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGet
[2010/08/23 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGetBHO
[2009/01/20 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Folding@home-gpu
[2012/06/05 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameFly
[2009/03/11 01:20:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabIt
[2009/01/19 18:25:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2009/01/20 16:17:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2012/03/11 19:22:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexmark Productivity Studio
[2009/01/21 17:33:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/02/16 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2006/11/02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/05/26 19:47:28 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2009/01/26 19:21:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Games
[2011/03/17 09:51:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC
[2010/08/29 01:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/08/22 00:48:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nero
[2010/08/29 23:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2012/08/27 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2010/01/06 00:53:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2011/10/29 19:31:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real
[2011/01/09 03:27:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Replay Media Catcher 4
[2010/12/04 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2009/01/22 02:29:30 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2012/08/28 06:02:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2010/03/18 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Corporation
[2012/05/03 00:17:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2012/08/29 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2011/09/06 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/22 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2
[2009/01/20 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TMP
[2009/09/10 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2009/03/12 15:07:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TSO
[2011/08/25 00:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2011/03/29 18:52:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2012/08/30 02:32:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2009/01/21 23:58:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2010/05/07 12:01:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\X5400 Series
< MD5 for: ATAPI.SYS >[2008/01/21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\erdnt\cache64\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
< MD5 for: CSRSS.EXE >[2008/01/21 03:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/21 03:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe
< MD5 for: EXPLORER.EXE >[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: MSWSOCK.DLL >[2008/01/21 03:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache86\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\erdnt\cache64\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll
< MD5 for: NAPINSP.DLL >[2008/01/21 03:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/21 03:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/21 03:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/21 03:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >[2008/01/21 03:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/21 03:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/21 03:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/21 03:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll
< MD5 for: PNRPNSP.DLL >[2008/01/21 03:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll
< MD5 for: SERVICES.EXE >[2008/01/21 03:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\erdnt\cache64\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/21 03:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
< MD5 for: SVCHOST.EXE >[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 10:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll
< MD5 for: WSHELPER.DLL >[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 12:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 12:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemdrive%\$Recycle.Bin|@;true;true;true > < %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >
OTL Extras logfile created on: 02/09/2012 04:22:43 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
9.99 Gb Total Physical Memory | 7.89 Gb Available Physical Memory | 78.98% Memory free
19.97 Gb Paging File | 18.02 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 282.83 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS
Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FB 82 E0 A4 8A 4B CB 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1983ECCE-1555-4599-9267-66C00E21898A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E714360-4E4D-4400-B8ED-FF49FD8BC10A}" = lport=138 | protocol=17 | dir=in | app=system |
"{4AF5DA6D-1B2C-4108-8F4D-C457D6F28014}" = rport=139 | protocol=6 | dir=out | app=system |
"{8701DEA1-BFE9-4827-A177-AB496A453A7F}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4F6DB6C-FD3F-4F3E-8E35-440550392B80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{B9BA9E0A-9069-4C58-B14A-661CC528A409}" = rport=137 | protocol=17 | dir=out | app=system |
"{C56FC6E1-2CA7-49B8-97E8-52707A0905E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0DF77B4-DB20-4239-B267-DEFF1155623D}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC483A8F-FEF9-419E-BF14-1067E711C127}" = lport=137 | protocol=17 | dir=in | app=system |
"{E266C946-D887-46E3-88A5-FA7F10DA0911}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E2BD0195-A332-4B8B-9138-ACE41C524665}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDDE57B9-9438-4E88-8CD0-41E3770C4069}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D522A44B-C6BB-487E-B660-4EB4ADC09ACD}" = protocol=58 | dir=out |
[email protected],-28546 |
"{DF50B3E4-08BC-4395-A098-1CA021B704D9}" = protocol=58 | dir=in |
[email protected],-28545 |
"{EF98B1B2-F72B-444C-962F-185127B70762}" = protocol=1 | dir=out |
[email protected],-28544 |
"{FA1E80CA-EF55-4B59-A478-4630FC0DDE29}" = protocol=1 | dir=in |
[email protected],-28543 |
"TCP Query User{E60E0B5D-DB17-419C-A87D-6993026FB59F}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D3DDD300-CEBB-4F70-964A-7DABFAA12A0B}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java 6 Update 29 (64-bit)
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
"CCleaner" = CCleaner
"Lexmark X5400 Series" = Lexmark X5400 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nuke 6.3v8_is1" = Nuke 6.3v8
"XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{011009B3-FEDD-18E7-D54A-A968BE5987F8}" = GameFly
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30E1022C-17EB-482A-8C82-16B79B98C4E4}" = Express Gate Updater
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB PC Camera-268
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV Player2.0.25" = Applian FLV Player
"avast" = avast! Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"FormatFactory" = FormatFactory 2.70
"GameFly" = GameFly
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0 (x86 en-GB)" = Mozilla Firefox 15.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"Rockstar Games Social Club" = Rockstar Games Social Club
"Spotify" = Spotify
"Steam App 102600" = Orcs Must Die!
"Steam App 201790" = Orcs Must Die! 2
"Steam App 24240" = PAYDAY: The Heist
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 91310" = Dead Island
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"TomTom HOME" = TomTom HOME 2.7.2.1825
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 01/09/2012 23:13:10 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 08/06/2011 11:11:43 | Computer Name = 166005-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 01/09/2012 23:13:11 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 02-09-2012 at 04:46:33
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2012-02-15 18:25] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 20:59] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
C:\Windows\System32\dnsrslvr.dll
[2011-04-12 19:53] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-11 08:25] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-06-13 16:08] - [2012-04-23 17:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****