Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win64/sirefef.AP trojan attack: Antivirus software disabled


  • Please log in to reply

#1
lil_jim

lil_jim

    Member

  • Member
  • PipPip
  • 17 posts
Hi. My computer was recently attacked by some sort of virus/malware. When the attack occured my computer restarted itself automatically. I rebooted in safe mode and ran various Malware and Antivirus scans and quarantined and deleted whatever was found. As well as running MBAM, I ran Superantispyware, Spybot S&D all of which came up with another positive result which were all quarantined and deleted.

Malwarebytes anti-malware gave me the following result

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Backdoor.Agent) -> Data: C:\Windows\Installer\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}\syshost.exe -> Quarantined and deleted successfully.

I also had detections from my AV software with the result: "win64/sirefef.AP trojan" which was also quarantined and deleted.

Even after the detections and deletions, whenever I load up Windows I get an Error message: "Driver has failed to load. This program will not continue". I noticed my Anti-virus software (ESET Smart Security) was turned off and I could not manually turn it back on again. I uninstalled it, and tried to install Avast and also then MSE with the same result of the Error message. It will let me run the scans in safe mode, but not do any of the updates (in either safe or normal mode) and my AV seems to be permanently disabled, leading me to believe I have not elimianated all of the malware/virus from my computer.

Here is the following OTL log

OTL logfile created on: 31/08/2012 23:56:42 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.99 Gb Total Physical Memory | 7.90 Gb Available Physical Memory | 79.05% Memory free
19.97 Gb Paging File | 18.07 Gb Available in Paging File | 90.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 282.02 Gb Free Space | 60.55% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS

Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/02 00:45:41 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/12 13:40:53 | 000,932,528 | ---- | M] () -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
PRC - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/28 22:26:30 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/02 00:45:41 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/05/12 13:40:53 | 000,932,528 | ---- | M] () -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
MOD - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/26 23:53:23 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/06 21:11:51 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/07/15 18:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007/10/18 16:54:08 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdvcoms.exe -- (lxdv_device)
SRV:64bit: - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV:64bit: - [2007/03/16 02:24:18 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device)
SRV - [2012/08/28 22:26:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/06 19:25:54 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 16:05:04 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/17 09:40:50 | 000,217,088 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2007/10/18 16:53:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdvcoms.exe -- (lxdv_device)
SRV - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2007/03/16 02:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbccoms.exe -- (lxbc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/26 18:49:12 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/25 18:30:52 | 000,190,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/09/24 11:29:20 | 000,035,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2008/09/01 07:03:01 | 000,316,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv64xx.sys -- (mv64xx)
DRV:64bit: - [2008/07/21 13:11:56 | 000,032,200 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008/07/10 16:01:46 | 000,472,064 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/06/23 23:21:32 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/06 10:51:00 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/09/10 11:41:18 | 012,528,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snp2sxp.sys -- (SNP2STD)
DRV:64bit: - [2006/11/01 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2007/09/05 13:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ROTTEN TOMATOES"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "http://search.skipit.../?source=ab&q="
FF - prefs.js..network.proxy.http: "216.165.109.81"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/30 08:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/08/25 11:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions
[2011/04/09 15:49:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(26)
[2011/01/03 04:15:19 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/07/18 00:53:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(31)
[2011/11/13 00:43:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(35)
[2010/02/23 13:37:04 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2010/03/11 00:11:42 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2009/12/09 17:36:52 | 000,000,000 | ---D | M] (Pterodactl) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2011/07/16 21:17:47 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected](30)
[2011/02/17 08:13:03 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2012/03/22 03:05:48 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2012/07/25 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions
[2011/05/03 06:25:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/17 08:15:12 | 000,002,003 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\boltcd.xml
[2009/02/03 04:19:51 | 000,002,213 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\google-image-search.xml
[2011/06/21 22:37:56 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\hd-bb--index-page.xml
[2009/01/23 12:26:56 | 000,002,838 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\imdb-385.xml
[2009/12/10 21:34:43 | 000,001,504 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\mr-skin---search-results-for.xml
[2011/06/17 18:16:05 | 000,001,274 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\reddit.xml
[2009/01/27 19:09:26 | 000,002,137 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\rotten-tomatoes.xml
[2012/03/06 03:48:22 | 000,002,762 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-byskipity-uk.xml
[2012/02/05 22:23:31 | 000,002,291 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-uk.xml
[2012/03/08 22:50:16 | 000,002,710 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\skipity-search.xml
[2009/04/17 20:33:20 | 000,000,909 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\ultimate-guitar.xml
[2012/01/08 23:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 01:44:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}(0)
[2012/08/30 08:43:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/11 00:44:40 | 000,340,132 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/08/25 11:07:28 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/06/21 18:09:50 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\[email protected]
[2012/07/09 23:48:27 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\[email protected]
[2012/08/28 22:26:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/18 21:54:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/28 22:26:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 21:54:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/18 21:54:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/28 22:26:29 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/18 21:54:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: avast! WebRep = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2012/08/31 00:42:37 | 000,444,168 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15258 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9441A29-21BA-4127-8E6F-996D74C7079E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/26 23:33:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{0881c5fd-dfef-11de-9e3b-00248c02c0b7}\Shell\AutoRun\command - "" = N:\InstallTomTomHOME.exe
O33 - MountPoints2\{0e1e60c3-2029-11de-a573-00248c02c0b7}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\AutoRun\command - "" = J:\2j.cmd
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\explore\Command - "" = J:\2j.cmd
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\open\Command - "" = J:\2j.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 23:49:36 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 18:24:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/30 11:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/30 08:43:14 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/30 08:43:14 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/30 08:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/30 08:43:12 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/30 08:43:12 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/30 08:43:12 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/30 08:43:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/30 08:43:11 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/30 08:42:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/30 08:42:57 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/30 08:26:59 | 000,000,000 | ---D | C] -- C:\c2a434b5512df75af25a19
[2012/08/29 17:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/29 17:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/27 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2012/08/27 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\maya
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Autodesk
[2012/08/26 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Inventor Server x64 Direct Connect
[2012/08/26 23:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/08/26 23:33:35 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012/08/26 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.nuke
[2012/08/26 23:30:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\cache
[2012/08/26 23:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nuke6.3v8
[2012/08/26 23:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/08/26 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/26 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/26 22:45:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Jacqui documents
[2012/08/26 22:00:17 | 135,734,440 | ---- | C] (The Foundry ) -- C:\Users\Administrator\Desktop\Nuke6.3v8-win-x86-release-64.exe
[2012/08/26 21:58:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Adobe Photoshop CS6
[2012/08/26 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/26 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/08/26 16:44:52 | 002,625,536 | ---- | C] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Akamai
[2012/08/26 16:41:24 | 010,965,664 | ---- | C] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/21 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Shiner
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 23:34:25 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 23:34:25 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 23:34:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/31 18:27:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500UA.job
[2012/08/31 18:24:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/31 18:24:30 | 000,600,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/31 18:24:30 | 000,108,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 00:48:26 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/08/31 00:42:37 | 000,444,168 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/30 18:51:46 | 000,231,424 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/30 08:50:41 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012/08/30 08:43:11 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:43:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/30 08:30:40 | 000,722,410 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:15:51 | 490,275,803 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/29 22:26:27 | 000,086,480 | ---- | M] () -- C:\Windows\SysNative\drivers\ab4ace225aba4d0.sys
[2012/08/29 17:59:21 | 000,060,864 | ---- | M] () -- C:\Users\Administrator\g2mdlhlpx.exe
[2012/08/29 14:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500Core.job
[2012/08/29 03:29:27 | 000,002,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Camtasia Recorder.lnk
[2012/08/29 01:29:24 | 000,712,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/28 21:06:08 | 255,358,211 | ---- | M] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/28 05:57:01 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/27 14:27:07 | 002,029,424 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:56:54 | 000,017,666 | ---- | M] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:14 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:30:29 | 002,029,277 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:39:55 | 333,550,554 | ---- | M] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/27 00:03:29 | 004,928,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/26 23:53:23 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | M] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | M] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 17:59:38 | 1630,552,088 | ---- | M] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/26 16:46:04 | 002,625,536 | ---- | M] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:43:34 | 010,965,664 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/22 07:28:42 | 000,002,083 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 10:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 10:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 10:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/17 08:31:17 | 000,000,208 | ---- | M] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 08:43:11 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:30:40 | 000,722,410 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:15:51 | 490,275,803 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/29 22:26:27 | 000,086,480 | ---- | C] () -- C:\Windows\SysNative\drivers\ab4ace225aba4d0.sys
[2012/08/29 17:59:20 | 000,060,864 | ---- | C] () -- C:\Users\Administrator\g2mdlhlpx.exe
[2012/08/28 20:57:34 | 255,358,211 | ---- | C] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/27 13:56:54 | 000,017,666 | ---- | C] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:12 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:31:33 | 002,029,424 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:30:28 | 002,029,277 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:30:20 | 333,550,554 | ---- | C] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/26 23:53:23 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | C] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | C] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 23:25:48 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/08/26 23:25:05 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/08/26 23:24:16 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/08/26 23:23:51 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/08/26 23:21:55 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/08/26 23:21:50 | 000,001,350 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/08/26 21:57:16 | 000,000,954 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 16:45:17 | 1630,552,088 | ---- | C] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/20 13:42:26 | 000,608,711 | ---- | C] () -- C:\Users\Administrator\Desktop\P90X Calendar.pdf
[2012/08/17 08:31:17 | 000,000,208 | ---- | C] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url
[2012/08/14 23:27:11 | 002,769,408 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/13 05:26:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 19:47:31 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvserv.dll
[2011/10/25 19:47:31 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvusb1.dll
[2011/10/25 19:47:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvpmui.dll
[2011/10/25 19:47:31 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvlmpm.dll
[2011/10/25 19:47:31 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdvcomx.dll
[2011/10/25 19:47:31 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvinpa.dll
[2011/10/25 19:47:31 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDVinst.dll
[2011/10/25 19:47:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdviesc.dll
[2011/10/25 19:47:31 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvih.exe
[2011/10/25 19:47:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvprox.dll
[2011/10/25 19:47:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomc.dll
[2011/10/25 19:47:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvhbn3.dll
[2011/10/25 19:47:30 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcoms.exe
[2011/10/25 19:47:30 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcfg.exe
[2011/10/25 19:47:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomm.dll
[2011/10/25 19:37:36 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/06 03:57:03 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/06/24 04:58:38 | 000,000,336 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Drives Meter_Settings.ini
[2011/06/24 04:54:49 | 000,000,412 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\All CPU Meter_Settings.ini
[2011/04/11 17:23:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/03/08 18:59:11 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/08 18:59:10 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/08 18:59:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/06 00:53:53 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009/07/16 20:00:03 | 001,131,016 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2009/03/21 05:03:24 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/01/21 18:46:49 | 000,231,424 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 18:25:26 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2011/03/13 05:27:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012/08/27 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2010/12/14 00:30:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BITS
[2012/08/26 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/09/17 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache
[2009/04/07 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dr. DivX 2.0 OSS
[2011/11/23 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2010/02/17 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2010/05/03 13:39:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Facebook
[2010/05/23 00:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FFSJ
[2010/08/23 11:43:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGet
[2010/08/23 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGetBHO
[2009/01/20 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\[email protected]
[2012/06/05 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameFly
[2009/03/11 01:20:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabIt
[2012/03/11 19:22:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexmark Productivity Studio
[2010/08/29 23:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2012/08/27 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2010/01/06 00:53:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2011/01/09 03:27:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Replay Media Catcher 4
[2010/12/04 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2012/05/03 00:17:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2012/08/29 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2009/01/20 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TMP
[2009/09/10 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2009/03/12 15:07:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TSO
[2011/08/25 00:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2010/05/07 12:01:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\X5400 Series
[2012/08/30 08:43:11 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012/08/31 18:28:32 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras Log


OTL Extras logfile created on: 31/08/2012 23:56:42 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.99 Gb Total Physical Memory | 7.90 Gb Available Physical Memory | 79.05% Memory free
19.97 Gb Paging File | 18.07 Gb Available in Paging File | 90.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 282.02 Gb Free Space | 60.55% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS

Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FB 82 E0 A4 8A 4B CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
"CCleaner" = CCleaner
"Lexmark X5400 Series" = Lexmark X5400 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nuke 6.3v8_is1" = Nuke 6.3v8
"XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{011009B3-FEDD-18E7-D54A-A968BE5987F8}" = GameFly
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30E1022C-17EB-482A-8C82-16B79B98C4E4}" = Express Gate Updater
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB PC Camera-268
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV Player2.0.25" = Applian FLV Player
"avast" = avast! Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"FormatFactory" = FormatFactory 2.70
"GameFly" = GameFly
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0 (x86 en-GB)" = Mozilla Firefox 15.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"Rockstar Games Social Club" = Rockstar Games Social Club
"Spotify" = Spotify
"Steam App 102600" = Orcs Must Die!
"Steam App 201790" = Orcs Must Die! 2
"Steam App 24240" = PAYDAY: The Heist
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 91310" = Dead Island
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"TomTom HOME" = TomTom HOME 2.7.2.1825
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/08/2012 08:26:10 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 08:37:21 | Computer Name = 166005-PC | Source = EventSystem | ID = 4609
Description =

Error - 31/08/2012 08:38:14 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 10:24:36 | Computer Name = 166005-PC | Source = EventSystem | ID = 4609
Description =

Error - 31/08/2012 10:25:28 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 13:14:33 | Computer Name = 166005-PC | Source = EventSystem | ID = 4609
Description =

Error - 31/08/2012 13:15:26 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 13:16:35 | Computer Name = 166005-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
on a computer running in safe mode. Your computer is currently running in safe
mode. To install Security Essentials, your computer must be running in normal mode.
Please restart your computer in normal mode, and then try to run the Security Essentials
Setup Wizard again. Error code:0x8004FF11.

Error - 31/08/2012 13:20:42 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 18:35:53 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 08/06/2011 11:11:43 | Computer Name = 166005-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:35:55 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:37:27 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2012 18:37:27 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

Edited by lil_jim, 31 August 2012 - 07:32 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Your Firefox is running its traffic through a proxy in NY. Is that intentional?
If not: In FireFox, Firefox or (XP) Tools then Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\Installer|@;true;true;true
%systemdrive%\$Recycle.Bin|@;true;true;true
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
lil_jim

lil_jim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Ron, your assistance is much appreciated in this, especially on the weekend. Thank you. And no, the New York Firefox proxy was not intentional. I assume it was hijacked by the virus/malware. I followed your instructions for that.


The following OTL Logs:

OTL logfile created on: 01/09/2012 12:44:56 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.99 Gb Total Physical Memory | 8.17 Gb Available Physical Memory | 81.82% Memory free
19.97 Gb Paging File | 18.31 Gb Available in Paging File | 91.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 281.25 Gb Free Space | 60.39% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS

Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/12 13:40:53 | 000,932,528 | ---- | M] () -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
PRC - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/28 22:26:30 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 13:40:53 | 000,932,528 | ---- | M] () -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
MOD - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/26 23:53:23 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/06 21:11:51 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/07/15 18:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007/10/18 16:54:08 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdvcoms.exe -- (lxdv_device)
SRV:64bit: - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV:64bit: - [2007/03/16 02:24:18 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device)
SRV - [2012/08/28 22:26:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/06 19:25:54 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 16:05:04 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/17 09:40:50 | 000,217,088 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2007/10/18 16:53:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdvcoms.exe -- (lxdv_device)
SRV - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2007/03/16 02:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbccoms.exe -- (lxbc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/26 18:49:12 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/25 18:30:52 | 000,190,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/09/24 11:29:20 | 000,035,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2008/09/01 07:03:01 | 000,316,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv64xx.sys -- (mv64xx)
DRV:64bit: - [2008/07/21 13:11:56 | 000,032,200 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008/07/10 16:01:46 | 000,472,064 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/06/23 23:21:32 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/06 10:51:00 | 000,391,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/09/10 11:41:18 | 012,528,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snp2sxp.sys -- (SNP2STD)
DRV:64bit: - [2006/11/01 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2007/09/05 13:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ROTTEN TOMATOES"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "http://search.skipit.../?source=ab&q="
FF - prefs.js..network.proxy.http: "216.165.109.81"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/30 08:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/08/25 11:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions
[2011/04/09 15:49:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(26)
[2011/01/03 04:15:19 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/07/18 00:53:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(31)
[2011/11/13 00:43:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(35)
[2010/02/23 13:37:04 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2010/03/11 00:11:42 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2009/12/09 17:36:52 | 000,000,000 | ---D | M] (Pterodactl) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2011/07/16 21:17:47 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected](30)
[2011/02/17 08:13:03 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2012/03/22 03:05:48 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2012/07/25 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions
[2011/05/03 06:25:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/17 08:15:12 | 000,002,003 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\boltcd.xml
[2009/02/03 04:19:51 | 000,002,213 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\google-image-search.xml
[2011/06/21 22:37:56 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\hd-bb--index-page.xml
[2009/01/23 12:26:56 | 000,002,838 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\imdb-385.xml
[2009/12/10 21:34:43 | 000,001,504 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\mr-skin---search-results-for.xml
[2011/06/17 18:16:05 | 000,001,274 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\reddit.xml
[2009/01/27 19:09:26 | 000,002,137 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\rotten-tomatoes.xml
[2012/03/06 03:48:22 | 000,002,762 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-byskipity-uk.xml
[2012/02/05 22:23:31 | 000,002,291 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-uk.xml
[2012/03/08 22:50:16 | 000,002,710 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\skipity-search.xml
[2009/04/17 20:33:20 | 000,000,909 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\ultimate-guitar.xml
[2012/01/08 23:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 01:44:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}(0)
[2012/08/30 08:43:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/11 00:44:40 | 000,340,132 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/08/25 11:07:28 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/06/21 18:09:50 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\[email protected]
[2012/07/09 23:48:27 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\[email protected]
[2012/08/28 22:26:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/18 21:54:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/28 22:26:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 21:54:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/18 21:54:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/28 22:26:29 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/18 21:54:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: avast! WebRep = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2012/08/31 00:42:37 | 000,444,168 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15258 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9441A29-21BA-4127-8E6F-996D74C7079E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/26 23:33:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{0881c5fd-dfef-11de-9e3b-00248c02c0b7}\Shell\AutoRun\command - "" = N:\InstallTomTomHOME.exe
O33 - MountPoints2\{0e1e60c3-2029-11de-a573-00248c02c0b7}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\AutoRun\command - "" = J:\2j.cmd
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\explore\Command - "" = J:\2j.cmd
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\open\Command - "" = J:\2j.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: FixCamera - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Lexmark X5400 Series - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: lxdvamon - hkey= - key= - C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe ()
MsConfig:64bit - StartUpReg: lxdvmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe ()
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: snp2std - hkey= - key= - C:\Windows\vsnp2std.exe (Sonix)
MsConfig:64bit - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: tsnp2std - hkey= - key= - C:\Windows\tsnp2std.exe ()
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {39144A18-31F9-C332-7A97-0BC28FFAB5D8} - Offline Browsing Pack
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3BFE1E82-0021-C2AB-4DE3-646CB754171C} - Browser Customizations
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5D5CF70B-F465-5619-443B-76DA0CA99232} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6BF93B1F-6DAD-3795-8D37-9A90F1B5AD4C} - Themes Setup
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {A0766FB3-216B-D70D-A140-A545DCCBFF6A} -
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/09/01 12:44:01 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2012/08/31 23:49:36 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 18:24:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/30 11:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/30 08:43:14 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/30 08:43:14 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/30 08:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/30 08:43:12 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/30 08:43:12 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/30 08:43:12 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/30 08:43:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/30 08:43:11 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/30 08:42:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/30 08:42:57 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/30 08:26:59 | 000,000,000 | ---D | C] -- C:\c2a434b5512df75af25a19
[2012/08/29 23:39:39 | 072,630,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\msert.exe
[2012/08/29 17:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/29 17:58:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/29 17:58:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/29 17:58:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/29 17:58:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/29 17:58:25 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/29 17:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/27 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2012/08/27 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\maya
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Autodesk
[2012/08/26 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Inventor Server x64 Direct Connect
[2012/08/26 23:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/08/26 23:33:35 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012/08/26 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.nuke
[2012/08/26 23:30:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\cache
[2012/08/26 23:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nuke6.3v8
[2012/08/26 23:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/08/26 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/26 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/26 22:45:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Jacqui documents
[2012/08/26 22:00:17 | 135,734,440 | ---- | C] (The Foundry ) -- C:\Users\Administrator\Desktop\Nuke6.3v8-win-x86-release-64.exe
[2012/08/26 21:58:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Adobe Photoshop CS6
[2012/08/26 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/26 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/08/26 16:44:52 | 002,625,536 | ---- | C] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Akamai
[2012/08/26 16:41:24 | 010,965,664 | ---- | C] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/21 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Shiner
[2012/08/14 23:29:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/14 23:29:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/14 23:29:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/14 23:29:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/14 23:29:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/14 23:29:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/14 23:29:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/14 23:29:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/14 23:29:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/14 23:29:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/14 23:29:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/14 23:29:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/14 23:29:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/14 23:22:40 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 23:22:39 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/14 23:22:34 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/01 12:44:04 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2012/09/01 12:38:23 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 12:38:22 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 12:38:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/01 01:27:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500UA.job
[2012/09/01 01:24:12 | 000,004,451 | ---- | M] () -- C:\Users\Administrator\Desktop\Attach.zip
[2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 18:24:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/31 18:24:30 | 000,600,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/31 18:24:30 | 000,108,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 00:48:26 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/08/31 00:42:37 | 000,444,168 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/30 18:51:46 | 000,231,424 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/30 08:50:41 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012/08/30 08:43:11 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:43:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/30 08:30:40 | 000,722,410 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:42:02 | 072,630,320 | ---- | M] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\msert.exe
[2012/08/29 23:15:51 | 490,275,803 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/29 22:26:27 | 000,086,480 | ---- | M] () -- C:\Windows\SysNative\drivers\ab4ace225aba4d0.sys
[2012/08/29 17:59:21 | 000,060,864 | ---- | M] () -- C:\Users\Administrator\g2mdlhlpx.exe
[2012/08/29 17:58:02 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/29 17:57:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/29 17:57:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/29 17:57:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/29 17:57:53 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/29 17:57:53 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/29 14:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500Core.job
[2012/08/29 03:29:27 | 000,002,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Camtasia Recorder.lnk
[2012/08/29 01:29:24 | 000,712,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/28 21:06:08 | 255,358,211 | ---- | M] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/28 05:57:01 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/27 14:27:07 | 002,029,424 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:56:54 | 000,017,666 | ---- | M] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:14 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:30:29 | 002,029,277 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:39:55 | 333,550,554 | ---- | M] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/27 00:03:29 | 004,928,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/26 23:53:23 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | M] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | M] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 17:59:38 | 1630,552,088 | ---- | M] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/26 16:46:04 | 002,625,536 | ---- | M] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:43:34 | 010,965,664 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/22 07:28:42 | 000,002,083 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 10:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 10:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 10:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/17 08:31:17 | 000,000,208 | ---- | M] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/01 01:24:12 | 000,004,451 | ---- | C] () -- C:\Users\Administrator\Desktop\Attach.zip
[2012/08/30 08:43:11 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:30:40 | 000,722,410 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:15:51 | 490,275,803 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/29 22:26:27 | 000,086,480 | ---- | C] () -- C:\Windows\SysNative\drivers\ab4ace225aba4d0.sys
[2012/08/29 17:59:20 | 000,060,864 | ---- | C] () -- C:\Users\Administrator\g2mdlhlpx.exe
[2012/08/28 20:57:34 | 255,358,211 | ---- | C] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/27 13:56:54 | 000,017,666 | ---- | C] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:12 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:31:33 | 002,029,424 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:30:28 | 002,029,277 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:30:20 | 333,550,554 | ---- | C] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/26 23:53:23 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | C] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | C] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 23:25:48 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/08/26 23:25:05 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/08/26 23:24:16 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/08/26 23:23:51 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/08/26 23:21:55 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/08/26 23:21:50 | 000,001,350 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/08/26 21:57:16 | 000,000,954 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 16:45:17 | 1630,552,088 | ---- | C] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/20 13:42:26 | 000,608,711 | ---- | C] () -- C:\Users\Administrator\Desktop\P90X Calendar.pdf
[2012/08/17 08:31:17 | 000,000,208 | ---- | C] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url
[2012/08/14 23:27:11 | 002,769,408 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/13 05:26:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 19:47:31 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvserv.dll
[2011/10/25 19:47:31 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvusb1.dll
[2011/10/25 19:47:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvpmui.dll
[2011/10/25 19:47:31 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvlmpm.dll
[2011/10/25 19:47:31 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdvcomx.dll
[2011/10/25 19:47:31 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvinpa.dll
[2011/10/25 19:47:31 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDVinst.dll
[2011/10/25 19:47:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdviesc.dll
[2011/10/25 19:47:31 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvih.exe
[2011/10/25 19:47:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvprox.dll
[2011/10/25 19:47:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomc.dll
[2011/10/25 19:47:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvhbn3.dll
[2011/10/25 19:47:30 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcoms.exe
[2011/10/25 19:47:30 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcfg.exe
[2011/10/25 19:47:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomm.dll
[2011/10/25 19:37:36 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/06 03:57:03 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/06/24 04:58:38 | 000,000,336 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Drives Meter_Settings.ini
[2011/06/24 04:54:49 | 000,000,412 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\All CPU Meter_Settings.ini
[2011/04/11 17:23:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/03/08 18:59:11 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/08 18:59:10 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/08 18:59:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/06 00:53:53 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009/07/16 20:00:03 | 001,131,016 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2009/03/21 05:03:24 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/01/21 18:46:49 | 000,231,424 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 18:25:26 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103UJ ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDP725050GLA360 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Lexmark USB Mass Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE6 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE7 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE8 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 135266304
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 135266304
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 1048576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/03/13 05:27:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012/08/27 14:30:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/12/04 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2009/01/19 18:40:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI
[2012/08/27 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2010/12/14 00:30:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BITS
[2012/08/26 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/04/07 22:04:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2009/09/17 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache
[2009/04/07 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dr. DivX 2.0 OSS
[2011/11/23 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2010/12/28 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010/02/17 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2010/05/03 13:39:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Facebook
[2010/05/23 00:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FFSJ
[2010/08/23 11:43:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGet
[2010/08/23 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGetBHO
[2009/01/20 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\[email protected]
[2012/06/05 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameFly
[2009/03/11 01:20:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabIt
[2009/01/19 18:25:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2009/01/20 16:17:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2012/03/11 19:22:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexmark Productivity Studio
[2009/01/21 17:33:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/02/16 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2006/11/02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/05/26 19:47:28 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2009/01/26 19:21:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Games
[2011/03/17 09:51:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC
[2010/08/29 01:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/08/22 00:48:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nero
[2010/08/29 23:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2012/08/27 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2010/01/06 00:53:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2011/10/29 19:31:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real
[2011/01/09 03:27:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Replay Media Catcher 4
[2010/12/04 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2009/01/22 02:29:30 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2012/08/28 06:02:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2010/03/18 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Corporation
[2012/05/03 00:17:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2012/08/29 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2011/09/06 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/22 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2
[2009/01/20 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TMP
[2009/09/10 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2009/03/12 15:07:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TSO
[2011/08/25 00:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2011/03/29 18:52:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2012/08/30 02:32:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2009/01/21 23:58:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2010/05/07 12:01:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\X5400 Series

< MD5 for: ATAPI.SYS >
[2008/01/21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/21 03:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/21 03:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/21 03:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 03:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/21 03:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/21 03:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/21 03:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 03:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/21 03:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/21 03:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/21 03:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/21 03:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/21 03:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/21 03:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USER32.DLL >
[2008/01/21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009/04/11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009/04/11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 10:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 12:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 12:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\Installer|@;true;true;true >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< End of report >




OTL Extras logfile created on: 01/09/2012 12:44:56 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.99 Gb Total Physical Memory | 8.17 Gb Available Physical Memory | 81.82% Memory free
19.97 Gb Paging File | 18.31 Gb Available in Paging File | 91.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 281.25 Gb Free Space | 60.39% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS

Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FB 82 E0 A4 8A 4B CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
"CCleaner" = CCleaner
"Lexmark X5400 Series" = Lexmark X5400 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nuke 6.3v8_is1" = Nuke 6.3v8
"XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{011009B3-FEDD-18E7-D54A-A968BE5987F8}" = GameFly
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30E1022C-17EB-482A-8C82-16B79B98C4E4}" = Express Gate Updater
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB PC Camera-268
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV Player2.0.25" = Applian FLV Player
"avast" = avast! Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"FormatFactory" = FormatFactory 2.70
"GameFly" = GameFly
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0 (x86 en-GB)" = Mozilla Firefox 15.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"Rockstar Games Social Club" = Rockstar Games Social Club
"Spotify" = Spotify
"Steam App 102600" = Orcs Must Die!
"Steam App 201790" = Orcs Must Die! 2
"Steam App 24240" = PAYDAY: The Heist
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 91310" = Dead Island
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"TomTom HOME" = TomTom HOME 2.7.2.1825
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/08/2012 10:25:28 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 13:14:33 | Computer Name = 166005-PC | Source = EventSystem | ID = 4609
Description =

Error - 31/08/2012 13:15:26 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 13:16:35 | Computer Name = 166005-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF11 Description:Can’t install Microsoft Security Essentials
on a computer running in safe mode. Your computer is currently running in safe
mode. To install Security Essentials, your computer must be running in normal mode.
Please restart your computer in normal mode, and then try to run the Security Essentials
Setup Wizard again. Error code:0x8004FF11.

Error - 31/08/2012 13:20:42 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 18:35:53 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 19:25:11 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/08/2012 20:15:38 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/09/2012 07:40:51 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/09/2012 07:46:28 | Computer Name = 166005-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 08/06/2011 11:11:43 | Computer Name = 166005-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 01/09/2012 07:40:52 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2012 07:40:52 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2012 07:40:52 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2012 07:40:52 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2012 07:40:52 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2012 07:40:52 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2012 07:41:13 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2012 07:41:13 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 01/09/2012 07:41:43 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 01/09/2012 07:41:43 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >




Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 01-09-2012 at 13:02:05
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys
[2008-01-21 03:49] - [2008-01-21 03:49] - 0024064 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\nsiproxy.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\dhcpcsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 18:25] - [2012-01-03 15:25] - 0404992 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys
[2009-09-11 08:24] - [2009-04-11 06:43] - 0094720 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 20:59] - [2012-03-30 13:45] - 1423744 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 19:53] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys
[2008-01-21 03:49] - [2008-01-21 03:49] - 0081408 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\mpsdrv.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-11 08:25] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 16:08] - [2012-04-23 17:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "http://search.skipity.com/?source=ab&q="
FF - prefs.js..network.proxy.http: "216.165.109.81"
FF - prefs.js..network.proxy.http_port: 3127
[2011/04/09 15:49:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(26)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe ()
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\AutoRun\command - "" = J:\2j.cmd
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\explore\Command - "" = J:\2j.cmd
O33 - MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\Shell\open\Command - "" = J:\2j.cmd
[2012/08/29 22:26:27 | 000,086,480 | ---- | M] () -- C:\Windows\SysNative\drivers\ab4ace225aba4d0.sys

:files
C:\Windows\Installer\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}
C:\Users\Administrator\\AppData\Local\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09012012-some number.log ifyou don't get it the first time.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Run the farbar service scanner as before. (right click and Run as Admin)

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#5
lil_jim

lil_jim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I ran OTL and aswMBR, however upon running combofix, I got the warning

"Combofix has detected the following real time scanner(s) to be active:
antivirus: ESET Smart Security 4.0
antispyware : ESET Smart Security 4.0

Antivirus and intrusion prevention programs are known to interfere with Combofix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanner before clicking 'OK'"



I checked my task manager -> Processes for evidence of ESET running but there is no entry for it, and it is also strange to get this warning as I actually uninstalled ESET a few days ago and installed AVAST (which is disabled by the trojan anyway, before I attempted to run combofix).


Waiting for your advice on the best way to proceed with this. Is it still ok to run the combofix? or are there still lingering traces of ESET running on my pc that I have to disable?

EDIT: I tried to 'X' out of Combofix after the warning message. but it warned me it was going to still attempt to run, warning me that my computer may be damaged if i proceeded with ESET Smart Security 4.0 on, so I just turned off my computer. Not sure if that was the best option.


Here are the following logs from OTL and aswMBR anyway:

========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: [email protected]:1.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.4 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 removed from extensions.enabledItems
Prefs.js: "http://search.skipit.../?source=ab&q=" removed from keyword.URL
Prefs.js: "216.165.109.81" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(26)\META-INF folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(26)\chrome folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(26) folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper deleted successfully.
C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
C:\Windows\Downloaded Program Files\PhotoUploader5.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\ not found.
File J:\2j.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\ not found.
File J:\2j.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b93dead4-f07b-11dd-ab11-00248c02c0b7}\ not found.
File J:\2j.cmd not found.
File C:\Windows\SysNative\drivers\ab4ace225aba4d0.sys not found.
========== FILES ==========
C:\Windows\Installer\{90566282-8F22-CC85-6006-A1DD3FD9EAD6} folder moved successfully.
File\Folder C:\Users\Administrator\\AppData\Local\{90566282-8F22-CC85-6006-A1DD3FD9EAD6} not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: 166005

User: Administrator
->Flash cache emptied: 2940693 bytes

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


[EMPTYJAVA]

User: 166005

User: Administrator
->Java cache emptied: 34414284 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 33.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09012012_225139



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 22:57:58
-----------------------------
22:57:58.802 OS Version: Windows x64 6.0.6002 Service Pack 2
22:57:58.803 Number of processors: 8 586 0x1A04
22:57:58.803 ComputerName: 166005-PC UserName:
22:58:00.424 Initialze error C0000001 - driver not loaded
22:58:01.959 AVAST engine defs: 12083001
22:58:15.461 Service scanning
22:58:21.097 Service ab4ace225aba4d0 C:\Windows\System32\Drivers\ab4ace225aba4d0.sys **HIDDEN**
22:58:47.299 Modules scanning
22:58:48.483 AVAST engine scan C:\Windows
22:58:52.882 AVAST engine scan C:\Windows\system32
23:01:12.460 AVAST engine scan C:\Windows\system32\drivers
23:01:22.242 AVAST engine scan C:\Users\Administrator
23:21:30.485 AVAST engine scan C:\ProgramData
23:25:10.177 Scan finished successfully
23:26:02.196 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Edited by lil_jim, 01 September 2012 - 04:50 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Run Combofix again and ignore the warning. Sometimes windows gets confused and still reports it as present and that is what Combofix goes on.
  • 0

#7
lil_jim

lil_jim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Just a few points that came up during all the scans and logs.

1. I ran Combofix using the 'Run as Administrator' option, however when Combofix was running I did get a Warning window saying:

"Combofix is attempting to run. Access denied. Administrator priveleges are needed to use the selected options. Use an administrator command to prompt to complete these tasks. Attempting to create a new system restore point".

The scan still seemed to run ok, but there were a few Stages where it mentioned access had been denied.

2. When running TDSSkiller, I got an Error window 'Can't load driver', but just clicked OK, and it proceeded to run.

3. Everytime Windows loads now, it boots in Test mode 'Build 6002: Service Pack 2' with a blue screen. And Test mode is shown in the 4 corners of my screen. Is this normal?


Here are the following logs:

ComboFix 12-08-31.08 - Administrator 02/09/2012 2:41.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.10230.8502 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL458.tmp
c:\users\Administrator\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
c:\users\Administrator\g2mdlhlpx.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 01:51 . 2012-09-02 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 01:51 . 2012-09-02 01:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-01 21:51 . 2012-09-01 21:51 -------- d-----w- C:\_OTL
2012-08-30 10:37 . 2012-08-30 23:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-30 10:37 . 2012-08-30 10:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-30 07:43 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-30 07:43 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-30 07:43 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-30 07:43 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-30 07:43 . 2012-08-21 09:13 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-30 07:43 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-30 07:43 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-30 07:42 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-30 07:42 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-30 07:42 . 2012-08-30 07:42 -------- d-----w- c:\programdata\AVAST Software
2012-08-30 07:42 . 2012-08-30 07:42 -------- d-----w- c:\program files\AVAST Software
2012-08-30 07:26 . 2012-08-30 07:28 -------- d-----w- C:\c2a434b5512df75af25a19
2012-08-29 16:59 . 2012-08-29 16:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-29 16:58 . 2012-08-29 16:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-29 16:58 . 2012-08-29 16:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-29 16:56 . 2012-08-31 17:26 -------- d-----w- c:\program files (x86)\Citrix
2012-08-28 21:26 . 2012-08-28 21:26 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 13:29 . 2012-08-27 13:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\PDAppFlex
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\programdata\FLEXnet
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\users\Administrator\AppData\Local\Autodesk
2012-08-26 22:55 . 2012-08-26 22:55 -------- d-----w- c:\program files (x86)\Autodesk
2012-08-26 22:53 . 2012-08-26 22:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-26 22:49 . 2012-08-26 22:56 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-08-26 22:49 . 2012-08-26 22:54 -------- d-----w- c:\program files\Autodesk
2012-08-26 22:37 . 2012-08-27 11:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Autodesk
2012-08-26 22:37 . 2012-08-27 11:24 -------- d-----w- c:\programdata\Autodesk
2012-08-26 22:33 . 2012-08-26 22:33 -------- d-----w- C:\Autodesk
2012-08-26 22:30 . 2012-08-27 12:30 -------- d-----w- c:\users\Administrator\.nuke
2012-08-26 22:30 . 2012-08-26 22:30 -------- d-----w- c:\users\Administrator\AppData\Local\cache
2012-08-26 22:28 . 2012-08-26 22:30 -------- d-----w- c:\program files\Nuke6.3v8
2012-08-26 22:28 . 2012-08-26 22:28 -------- d-----w- c:\program files\The Foundry
2012-08-26 22:25 . 2012-08-26 22:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-26 22:24 . 2012-08-26 22:25 -------- d-----w- c:\program files\Adobe
2012-08-26 22:19 . 2012-08-26 22:25 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-26 20:57 . 2012-08-26 20:57 -------- d-----w- c:\users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-26 20:57 . 2012-08-26 20:57 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-08-26 15:44 . 2012-08-29 21:55 -------- d-----w- c:\users\Administrator\AppData\Local\Akamai
2012-08-14 22:28 . 2012-06-28 04:10 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-14 22:28 . 2012-06-28 03:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-14 22:27 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 22:22 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 22:22 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-14 22:22 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 16:57 . 2010-05-28 16:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 08:26 . 2012-08-28 23:48 9310152 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F0D4658-387A-484B-AAFC-BE0ABB45CCF3}\mpengine.dll
2012-08-14 22:24 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-01 23:45 . 2012-03-30 03:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 23:45 . 2011-05-30 23:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2009-05-28 11:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 17:59 . 2012-07-11 13:00 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 13:00 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 13:00 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 13:00 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 13:00 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 13:00 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-06 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ab4ace225aba4d0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
hsjxrndqv
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-30 09:12]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 19:16]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" [2008-08-20 3858432]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\ADMINI~1\AppData\Local\Temp\005E3B4.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ab4ace225aba4d0]
"ImagePath"="\SystemRoot\System32\Drivers\ab4ace225aba4d0.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="k:\\Games\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="k:\\Games\\Football Manager 2011"
"ScreenshotsDir"="k:\\Games\\Football Manager 2011"
"SaveDir"="k:\\Games\\Football Manager 2011\\"
"HistoryDir"="k:\\Games\\Football Manager 2011\\FM Genie Scout 11\\History Points"
"LangDB"="k:\\Games\\Football Manager 2011\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="k:\\Games\\Football Manager 2011\\games\\Man U 1st.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f5b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="A5-A2B0-EF5F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000005
"StaffSearchFeatureNum"=dword:00000003
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000006
"CompareFeatureNum"=dword:00000001
"ShortlistFeatureNum"=dword:00000002
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000009
"HintsFeatureNum"=dword:00000001
"GenieReportFeatureNum"=dword:00000004
"TopFormationFeatureNum"=dword:00000001
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
"VersionOf"=dword:0000007b
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Administrator\\Desktop\\Games\\Football Manager 2009\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"="k:\\Games\\Football Manager 2009\\Man Utd 2.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="A5-A2B0-EF5F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
ee,69,9a,47,00,aa,33,d1,a9,28,90,14,1d
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
ac,56,94,b9,5f,a9,e5,47,e0,c8,4c,f4,11
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cb,
09,9e,be,ea,0c,b0,9e,bd,17,8d,68,fc,dd
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
ca,76,f2,32,0d,a9,7c,db,65,c0,83,c9,b7
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:a3,af,f0,dd,54,f9,cb,01
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,29,97,36,1f,74,8f,43,af,b9,0d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,29,97,36,1f,74,8f,43,af,b9,0d,\
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\hjsplit.url"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3g2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gp2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gpp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aac"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ac3"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adt"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aif"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aifc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aiff"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amr"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ape"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.au"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b4s\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.b4s"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cda"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.divx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flac"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ifo"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m1v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2t"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2ts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u8"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mid"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mka"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mkv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mod"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp1"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpa"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpv2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NukeScript"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nsv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oga"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.pls"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ram"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmi"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmvb"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.snd"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tta"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vob"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wav"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.webm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wma"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wmv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:53,09,c2,34,e4,f3,53,34,8c,58,1e,e8,9e,89,09,3e,6b,83,15,38,e5,48,35,
24,15,da,a3,b7,45,21,60,3c,a3,37,3a,89,7b,a1,3d,78,90,7e,62,f3,1a,fe,d7,d3,\
"??"=hex:3d,e0,20,17,7e,19,c7,6d,da,21,90,a9,a1,a0,d7,c9
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\SecuROM\License information*]
"datasecu"=hex:68,dd,87,18,a6,81,21,7f,08,66,e2,4e,e4,c7,37,c5,b1,b2,28,81,77,
b5,c1,22,be,d8,8c,28,a6,5f,e1,c9,6f,10,9e,13,fe,91,b9,e3,9e,3b,96,07,7d,41,\
"rkeysecu"=hex:11,37,5f,48,de,df,82,d7,90,ec,35,6f,ef,95,25,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C6B80683-42E1-44BB-AB00-01DE6B82A393}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.474.0"
"UniqueId"="000D7EC04B7BD45B"
"ScannerBuild"=dword:000017cd
"ScannerVersionId"=dword:00001214
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
**************************************************************************
.
Completion time: 2012-09-02 03:01:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 02:01
.
Pre-Run: 301,718,245,376 bytes free
Post-Run: 302,293,180,416 bytes free
.
- - End Of File - - F3EB5E04BEB76FF46CBF0EFCCDE21434




03:03:52.0592 3708 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
03:03:52.0740 3708 ============================================================
03:03:52.0740 3708 Current date / time: 2012/09/02 03:03:52.0740
03:03:52.0740 3708 SystemInfo:
03:03:52.0740 3708
03:03:52.0740 3708 OS Version: 6.0.6002 ServicePack: 2.0
03:03:52.0740 3708 Product type: Workstation
03:03:52.0740 3708 ComputerName: 166005-PC
03:03:52.0740 3708 UserName: Administrator
03:03:52.0740 3708 Windows directory: C:\Windows
03:03:52.0740 3708 System windows directory: C:\Windows
03:03:52.0740 3708 Running under WOW64
03:03:52.0740 3708 Processor architecture: Intel x64
03:03:52.0740 3708 Number of processors: 8
03:03:52.0741 3708 Page size: 0x1000
03:03:52.0741 3708 Boot type: Normal boot
03:03:52.0741 3708 ============================================================
03:04:28.0173 3708 !crdlk
03:04:28.0181 3708 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
03:04:28.0188 3708 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
03:04:28.0251 3708 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
03:04:28.0315 3708 ============================================================
03:04:28.0315 3708 \Device\Harddisk0\DR0:
03:04:28.0315 3708 GPT partitions:
03:04:28.0315 3708 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F2870E7D-C4AB-469F-B229-E3168E3D4DC9}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
03:04:28.0315 3708 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {96219D75-2C08-41D1-8C5C-4CB2B9F9EAA8}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
03:04:28.0316 3708 MBR partitions:
03:04:28.0316 3708 \Device\Harddisk1\DR1:
03:04:28.0316 3708 GPT partitions:
03:04:28.0317 3708 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {68E16B53-9BF2-4AB9-86A7-020EFF1A9870}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
03:04:28.0317 3708 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {520ED50F-1A17-47B4-B359-7C3FDCB59CBD}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
03:04:28.0317 3708 MBR partitions:
03:04:28.0317 3708 \Device\Harddisk2\DR2:
03:04:28.0325 3708 MBR partitions:
03:04:28.0325 3708 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
03:04:28.0325 3708 ============================================================
03:04:28.0356 3708 C: <-> \Device\Harddisk2\DR2\Partition1
03:04:28.0398 3708 K: <-> \Device\Harddisk1\DR1\Partition2
03:04:28.0421 3708 M: <-> \Device\Harddisk0\DR0\Partition2
03:04:28.0421 3708 ============================================================
03:04:28.0421 3708 Initialize success
03:04:28.0421 3708 ============================================================
03:05:38.0079 1020 ============================================================
03:05:38.0079 1020 Scan started
03:05:38.0079 1020 Mode: Manual; SigCheck; TDLFS;
03:05:38.0079 1020 ============================================================
03:05:38.0721 1020 ================ Scan system memory ========================
03:05:38.0722 1020 System memory - ok
03:05:38.0722 1020 ================ Scan services =============================
03:05:38.0807 1020 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:05:38.0909 1020 !SASCORE - ok
03:05:38.0950 1020 Suspicious service (NoAccess): ab4ace225aba4d0
03:05:39.0032 1020 [ BB61CD9C8625395037F65A5C96AFF877 ] ab4ace225aba4d0 C:\Windows\System32\Drivers\ab4ace225aba4d0.sys
03:05:39.0032 1020 Suspicious file (NoAccess): C:\Windows\System32\Drivers\ab4ace225aba4d0.sys. md5: BB61CD9C8625395037F65A5C96AFF877
03:05:39.0086 1020 ab4ace225aba4d0 ( Rootkit.Win32.Necurs.gen ) - infected
03:05:39.0086 1020 ab4ace225aba4d0 - detected Rootkit.Win32.Necurs.gen (0)
03:05:39.0119 1020 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
03:05:39.0135 1020 ACPI - ok
03:05:39.0192 1020 [ 59AA63B5DCC9B99C25ACC1BC5E9E6816 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
03:05:39.0287 1020 ADIHdAudAddService - ok
03:05:39.0443 1020 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:05:39.0451 1020 AdobeARMservice - ok
03:05:39.0506 1020 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:05:39.0526 1020 adp94xx - ok
03:05:39.0568 1020 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:05:39.0584 1020 adpahci - ok
03:05:39.0648 1020 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
03:05:39.0659 1020 adpu160m - ok
03:05:39.0687 1020 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:05:39.0699 1020 adpu320 - ok
03:05:39.0796 1020 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
03:05:39.0826 1020 AEADIFilters - ok
03:05:39.0861 1020 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:05:39.0931 1020 AeLookupSvc - ok
03:05:40.0007 1020 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
03:05:40.0098 1020 AFD - ok
03:05:40.0162 1020 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:05:40.0170 1020 agp440 - ok
03:05:40.0210 1020 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
03:05:40.0220 1020 aic78xx - ok
03:05:40.0257 1020 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
03:05:40.0377 1020 ALG - ok
03:05:40.0427 1020 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
03:05:40.0435 1020 aliide - ok
03:05:40.0513 1020 ALSysIO - ok
03:05:40.0545 1020 [ 2AED9A422EA1574C7D7EF9359A417718 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:05:40.0597 1020 AMD External Events Utility - ok
03:05:40.0634 1020 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
03:05:40.0642 1020 amdide - ok
03:05:40.0693 1020 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:05:40.0718 1020 AmdK8 - ok
03:05:40.0970 1020 [ BFA5E854959D5546D8834CA61F4AD075 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:05:41.0271 1020 amdkmdag - ok
03:05:41.0321 1020 [ 92D664FFFCD9E742FB25254F7F458D88 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
03:05:41.0381 1020 amdkmdap - ok
03:05:41.0415 1020 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
03:05:41.0433 1020 Appinfo - ok
03:05:41.0487 1020 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:05:41.0496 1020 Apple Mobile Device - ok
03:05:41.0554 1020 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
03:05:41.0581 1020 arc - ok
03:05:41.0637 1020 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:05:41.0647 1020 arcsas - ok
03:05:41.0712 1020 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
03:05:41.0721 1020 aswFsBlk - ok
03:05:41.0757 1020 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
03:05:41.0764 1020 aswMonFlt - ok
03:05:41.0781 1020 [ 2CF56F9848BF7841FF420E9DD95029EE ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
03:05:41.0788 1020 AswRdr - ok
03:05:41.0813 1020 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
03:05:41.0872 1020 aswSnx - ok
03:05:41.0961 1020 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
03:05:41.0974 1020 aswSP - ok
03:05:42.0135 1020 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
03:05:42.0142 1020 aswTdi - ok
03:05:42.0184 1020 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:05:42.0207 1020 AsyncMac - ok
03:05:42.0252 1020 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
03:05:42.0261 1020 atapi - ok
03:05:42.0451 1020 [ BFA5E854959D5546D8834CA61F4AD075 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:05:42.0616 1020 atikmdag - ok
03:05:42.0741 1020 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:05:42.0814 1020 AudioEndpointBuilder - ok
03:05:42.0825 1020 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:05:42.0846 1020 AudioSrv - ok
03:05:42.0972 1020 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
03:05:42.0979 1020 avast! Antivirus - ok
03:05:42.0989 1020 Beep - ok
03:05:43.0023 1020 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
03:05:43.0060 1020 BFE - ok
03:05:43.0105 1020 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
03:05:43.0171 1020 BITS - ok
03:05:43.0285 1020 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
03:05:43.0349 1020 blbdrive - ok
03:05:43.0440 1020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:05:43.0456 1020 Bonjour Service - ok
03:05:43.0496 1020 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:05:43.0534 1020 bowser - ok
03:05:43.0588 1020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
03:05:43.0620 1020 BrFiltLo - ok
03:05:43.0647 1020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
03:05:43.0688 1020 BrFiltUp - ok
03:05:43.0710 1020 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
03:05:43.0737 1020 Browser - ok
03:05:43.0770 1020 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
03:05:43.0835 1020 Brserid - ok
03:05:43.0873 1020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
03:05:43.0915 1020 BrSerWdm - ok
03:05:43.0983 1020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
03:05:44.0020 1020 BrUsbMdm - ok
03:05:44.0037 1020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
03:05:44.0091 1020 BrUsbSer - ok
03:05:44.0121 1020 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:05:44.0212 1020 BTHMODEM - ok
03:05:44.0269 1020 catchme - ok
03:05:44.0296 1020 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:05:44.0327 1020 cdfs - ok
03:05:44.0381 1020 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:05:44.0398 1020 cdrom - ok
03:05:44.0436 1020 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
03:05:44.0454 1020 CertPropSvc - ok
03:05:44.0495 1020 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
03:05:44.0543 1020 circlass - ok
03:05:44.0568 1020 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
03:05:44.0585 1020 CLFS - ok
03:05:44.0649 1020 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:05:44.0657 1020 clr_optimization_v2.0.50727_32 - ok
03:05:44.0759 1020 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:05:44.0768 1020 clr_optimization_v2.0.50727_64 - ok
03:05:44.0837 1020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:05:44.0847 1020 clr_optimization_v4.0.30319_32 - ok
03:05:44.0878 1020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:05:44.0888 1020 clr_optimization_v4.0.30319_64 - ok
03:05:44.0922 1020 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:05:44.0930 1020 cmdide - ok
03:05:44.0947 1020 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
03:05:44.0956 1020 Compbatt - ok
03:05:44.0963 1020 COMSysApp - ok
03:05:44.0994 1020 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:05:45.0003 1020 crcdisk - ok
03:05:45.0040 1020 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:05:45.0051 1020 CryptSvc - ok
03:05:45.0089 1020 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
03:05:45.0117 1020 DcomLaunch - ok
03:05:45.0143 1020 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:05:45.0184 1020 DfsC - ok
03:05:45.0301 1020 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
03:05:45.0563 1020 DFSR - ok
03:05:45.0704 1020 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
03:05:45.0733 1020 Dhcp - ok
03:05:45.0756 1020 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
03:05:45.0769 1020 disk - ok
03:05:45.0804 1020 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:05:45.0842 1020 Dnscache - ok
03:05:45.0900 1020 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
03:05:45.0943 1020 dot3svc - ok
03:05:45.0980 1020 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
03:05:46.0028 1020 DPS - ok
03:05:46.0064 1020 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:05:46.0091 1020 drmkaud - ok
03:05:46.0154 1020 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:05:46.0185 1020 DXGKrnl - ok
03:05:46.0242 1020 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
03:05:46.0268 1020 E1G60 - ok
03:05:46.0316 1020 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
03:05:46.0345 1020 EapHost - ok
03:05:46.0387 1020 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
03:05:46.0398 1020 Ecache - ok
03:05:46.0455 1020 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:05:46.0497 1020 ehRecvr - ok
03:05:46.0509 1020 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
03:05:46.0519 1020 ehSched - ok
03:05:46.0537 1020 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
03:05:46.0555 1020 ehstart - ok
03:05:46.0625 1020 [ 15814B675E9D08953F2C64E4E5CCB4F4 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
03:05:46.0632 1020 ElbyCDIO - ok
03:05:46.0700 1020 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:05:46.0716 1020 elxstor - ok
03:05:46.0763 1020 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
03:05:46.0846 1020 EMDMgmt - ok
03:05:46.0861 1020 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:05:46.0889 1020 ErrDev - ok
03:05:46.0948 1020 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
03:05:46.0970 1020 EventSystem - ok
03:05:47.0055 1020 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
03:05:47.0118 1020 exfat - ok
03:05:47.0157 1020 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:05:47.0178 1020 fastfat - ok
03:05:47.0222 1020 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:05:47.0268 1020 fdc - ok
03:05:47.0304 1020 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
03:05:47.0330 1020 fdPHost - ok
03:05:47.0353 1020 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
03:05:47.0403 1020 FDResPub - ok
03:05:47.0420 1020 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:05:47.0430 1020 FileInfo - ok
03:05:47.0457 1020 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:05:47.0503 1020 Filetrace - ok
03:05:47.0602 1020 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
03:05:47.0710 1020 FLEXnet Licensing Service 64 - ok
03:05:47.0834 1020 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:05:47.0867 1020 flpydisk - ok
03:05:47.0912 1020 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:05:47.0929 1020 FltMgr - ok
03:05:47.0989 1020 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
03:05:48.0149 1020 FontCache - ok
03:05:48.0314 1020 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:05:48.0323 1020 FontCache3.0.0.0 - ok
03:05:48.0403 1020 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:05:48.0423 1020 Fs_Rec - ok
03:05:48.0483 1020 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:05:48.0483 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\gagp30kx.sys. md5: C8E416668D3DC2BE3D4FE4C79224997F
03:05:48.0487 1020 gagp30kx ( LockedFile.Multi.Generic ) - warning
03:05:48.0487 1020 gagp30kx - detected LockedFile.Multi.Generic (1)
03:05:48.0561 1020 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:05:48.0561 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: E403AACF8C7BB11375122D2464560311
03:05:48.0564 1020 GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
03:05:48.0564 1020 GEARAspiWDM - detected LockedFile.Multi.Generic (1)
03:05:48.0615 1020 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
03:05:48.0653 1020 gpsvc - ok
03:05:48.0729 1020 gupdate - ok
03:05:48.0760 1020 gupdatem - ok
03:05:48.0796 1020 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
03:05:48.0796 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hamachi.sys. md5: 1E6438D4EA6E1174A3B3B1EDC4DE660B
03:05:48.0829 1020 hamachi ( LockedFile.Multi.Generic ) - warning
03:05:48.0829 1020 hamachi - detected LockedFile.Multi.Generic (1)
03:05:48.0886 1020 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:05:48.0971 1020 HdAudAddService - ok
03:05:49.0047 1020 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:05:49.0143 1020 HDAudBus - ok
03:05:49.0203 1020 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
03:05:49.0203 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidbth.sys. md5: B4881C84A180E75B8C25DC1D726C375F
03:05:49.0223 1020 HidBth ( LockedFile.Multi.Generic ) - warning
03:05:49.0223 1020 HidBth - detected LockedFile.Multi.Generic (1)
03:05:49.0290 1020 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
03:05:49.0290 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidir.sys. md5: 4E77A77E2C986E8F88F996BB3E1AD829
03:05:49.0294 1020 HidIr ( LockedFile.Multi.Generic ) - warning
03:05:49.0294 1020 HidIr - detected LockedFile.Multi.Generic (1)
03:05:49.0336 1020 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
03:05:49.0365 1020 hidserv - ok
03:05:49.0394 1020 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:05:49.0394 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 443BDD2D30BB4F00795C797E2CF99EDF
03:05:49.0418 1020 HidUsb ( LockedFile.Multi.Generic ) - warning
03:05:49.0418 1020 HidUsb - detected LockedFile.Multi.Generic (1)
03:05:49.0443 1020 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
03:05:49.0496 1020 hkmsvc - ok
03:05:49.0545 1020 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
03:05:49.0560 1020 HpCISSs - ok
03:05:49.0599 1020 hsjxrndqv - ok
03:05:49.0651 1020 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:05:49.0652 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 098F1E4E5C9CB5B0063A959063631610
03:05:49.0688 1020 HTTP ( LockedFile.Multi.Generic ) - warning
03:05:49.0688 1020 HTTP - detected LockedFile.Multi.Generic (1)
03:05:49.0722 1020 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
03:05:49.0722 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\i2omp.sys. md5: DA94C854CEA5FAC549D4E1F6E88349E8
03:05:49.0726 1020 i2omp ( LockedFile.Multi.Generic ) - warning
03:05:49.0726 1020 i2omp - detected LockedFile.Multi.Generic (1)
03:05:49.0756 1020 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:05:49.0756 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: CBB597659A2713CE0C9CC20C88C7591F
03:05:49.0760 1020 i8042prt ( LockedFile.Multi.Generic ) - warning
03:05:49.0760 1020 i8042prt - detected LockedFile.Multi.Generic (1)
03:05:49.0799 1020 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
03:05:49.0799 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\iastorv.sys. md5: 3E3BF3627D886736D0B4E90054F929F6
03:05:49.0828 1020 iaStorV ( LockedFile.Multi.Generic ) - warning
03:05:49.0828 1020 iaStorV - detected LockedFile.Multi.Generic (1)
03:05:49.0891 1020 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:05:49.0952 1020 idsvc - ok
03:05:50.0054 1020 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:05:50.0067 1020 iirsp - ok
03:05:50.0112 1020 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
03:05:50.0197 1020 IKEEXT - ok
03:05:50.0241 1020 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
03:05:50.0241 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: DF797A12176F11B2D301C5B234BB200E
03:05:50.0243 1020 intelide ( LockedFile.Multi.Generic ) - warning
03:05:50.0243 1020 intelide - detected LockedFile.Multi.Generic (1)
03:05:50.0288 1020 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:05:50.0288 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: BFD84AF32FA1BAD6231C4585CB469630
03:05:50.0291 1020 intelppm ( LockedFile.Multi.Generic ) - warning
03:05:50.0291 1020 intelppm - detected LockedFile.Multi.Generic (1)
03:05:50.0352 1020 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:05:50.0392 1020 IPBusEnum - ok
03:05:50.0461 1020 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:05:50.0461 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: D8AABC341311E4780D6FCE8C73C0AD81
03:05:50.0464 1020 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
03:05:50.0464 1020 IpFilterDriver - detected LockedFile.Multi.Generic (1)
03:05:50.0533 1020 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:05:50.0570 1020 iphlpsvc - ok
03:05:50.0576 1020 IpInIp - ok
03:05:50.0619 1020 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
03:05:50.0619 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipmidrv.sys. md5: 9C2EE2E6E5A7203BFAE15C299475EC67
03:05:50.0638 1020 IPMIDRV ( LockedFile.Multi.Generic ) - warning
03:05:50.0638 1020 IPMIDRV - detected LockedFile.Multi.Generic (1)
03:05:50.0673 1020 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
03:05:50.0673 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipnat.sys. md5: B7E6212F581EA5F6AB0C3A6CEEEB89BE
03:05:50.0704 1020 IPNAT ( LockedFile.Multi.Generic ) - warning
03:05:50.0704 1020 IPNAT - detected LockedFile.Multi.Generic (1)
03:05:50.0768 1020 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:05:50.0819 1020 iPod Service - ok
03:05:50.0927 1020 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:05:50.0927 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 8C42CA155343A2F11D29FECA67FAA88D
03:05:50.0930 1020 IRENUM ( LockedFile.Multi.Generic ) - warning
03:05:50.0930 1020 IRENUM - detected LockedFile.Multi.Generic (1)
03:05:50.0970 1020 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:05:50.0971 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 0672BFCEDC6FC468A2B0500D81437F4F
03:05:50.0973 1020 isapnp ( LockedFile.Multi.Generic ) - warning
03:05:50.0973 1020 isapnp - detected LockedFile.Multi.Generic (1)
03:05:51.0045 1020 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
03:05:51.0045 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: E4FDF99599F27EC25D2CF6D754243520
03:05:51.0071 1020 iScsiPrt ( LockedFile.Multi.Generic ) - warning
03:05:51.0071 1020 iScsiPrt - detected LockedFile.Multi.Generic (1)
03:05:51.0095 1020 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
03:05:51.0095 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\iteatapi.sys. md5: 63C766CDC609FF8206CB447A65ABBA4A
03:05:51.0098 1020 iteatapi ( LockedFile.Multi.Generic ) - warning
03:05:51.0098 1020 iteatapi - detected LockedFile.Multi.Generic (1)
03:05:51.0112 1020 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
03:05:51.0112 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\iteraid.sys. md5: 1281FE73B17664631D12F643CBEA3F59
03:05:51.0115 1020 iteraid ( LockedFile.Multi.Generic ) - warning
03:05:51.0115 1020 iteraid - detected LockedFile.Multi.Generic (1)
03:05:51.0146 1020 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:05:51.0146 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: 423696F3BA6472DD17699209B933BC26
03:05:51.0149 1020 kbdclass ( LockedFile.Multi.Generic ) - warning
03:05:51.0149 1020 kbdclass - detected LockedFile.Multi.Generic (1)
03:05:51.0166 1020 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:05:51.0166 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: DBDF75D51464FBC47D0104EC3D572C05
03:05:51.0169 1020 kbdhid ( LockedFile.Multi.Generic ) - warning
03:05:51.0169 1020 kbdhid - detected LockedFile.Multi.Generic (1)
03:05:51.0210 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
03:05:51.0219 1020 KeyIso - ok
03:05:51.0255 1020 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:05:51.0255 1020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 88956AD9FA510848AD176777A6C6C1F5
03:05:51.0270 1020 KSecDD ( LockedFile.Multi.Generic ) - warning
03:05:51.0270 1020 KSecDD - detected LockedFile.Multi.Generic (1)
03:05:51.0310 1020 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:05:51.0310 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 1D419CF43DB29396ECD7113D129D94EB
03:05:51.0334 1020 ksthunk ( LockedFile.Multi.Generic ) - warning
03:05:51.0334 1020 ksthunk - detected LockedFile.Multi.Generic (1)
03:05:51.0371 1020 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
03:05:51.0404 1020 KtmRm - ok
03:05:51.0452 1020 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
03:05:51.0471 1020 LanmanServer - ok
03:05:51.0505 1020 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:05:51.0531 1020 LanmanWorkstation - ok
03:05:51.0572 1020 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:05:51.0572 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 96ECE2659B6654C10A0C310AE3A6D02C
03:05:51.0598 1020 lltdio ( LockedFile.Multi.Generic ) - warning
03:05:51.0598 1020 lltdio - detected LockedFile.Multi.Generic (1)
03:05:51.0630 1020 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:05:51.0661 1020 lltdsvc - ok
03:05:51.0687 1020 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:05:51.0725 1020 lmhosts - ok
03:05:51.0768 1020 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:05:51.0768 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_fc.sys. md5: ACBE1AF32D3123E330A07BFBC5EC4A9B
03:05:51.0771 1020 LSI_FC ( LockedFile.Multi.Generic ) - warning
03:05:51.0771 1020 LSI_FC - detected LockedFile.Multi.Generic (1)
03:05:51.0804 1020 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:05:51.0804 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas.sys. md5: 799FFB2FC4729FA46D2157C0065B3525
03:05:51.0807 1020 LSI_SAS ( LockedFile.Multi.Generic ) - warning
03:05:51.0807 1020 LSI_SAS - detected LockedFile.Multi.Generic (1)
03:05:51.0828 1020 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:05:51.0828 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_scsi.sys. md5: F445FF1DAAD8A226366BFAF42551226B
03:05:51.0859 1020 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
03:05:51.0859 1020 LSI_SCSI - detected LockedFile.Multi.Generic (1)
03:05:51.0880 1020 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
03:05:51.0880 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 52F87B9CC8932C2A7375C3B2A9BE5E3E
03:05:51.0884 1020 luafv ( LockedFile.Multi.Generic ) - warning
03:05:51.0884 1020 luafv - detected LockedFile.Multi.Generic (1)
03:05:51.0898 1020 lxbc_device - ok
03:05:51.0973 1020 [ B6D3B963ADF91EA2F7C5E7C54EC7930B ] lxdvCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe
03:05:51.0981 1020 lxdvCATSCustConnectService - ok
03:05:52.0013 1020 lxdv_device - ok
03:05:52.0057 1020 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
03:05:52.0066 1020 MBAMProtector - ok
03:05:52.0115 1020 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:05:52.0138 1020 MBAMService - ok
03:05:52.0219 1020 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:05:52.0249 1020 Mcx2Svc - ok
03:05:52.0285 1020 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
03:05:52.0285 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\megasas.sys. md5: 5C5CD6AACED32FB26C3FB34B3DCF972F
03:05:52.0288 1020 megasas ( LockedFile.Multi.Generic ) - warning
03:05:52.0288 1020 megasas - detected LockedFile.Multi.Generic (1)
03:05:52.0322 1020 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
03:05:52.0322 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\megasr.sys. md5: 859BC2436B076C77C159ED694ACFE8F8
03:05:52.0326 1020 MegaSR ( LockedFile.Multi.Generic ) - warning
03:05:52.0326 1020 MegaSR - detected LockedFile.Multi.Generic (1)
03:05:52.0380 1020 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
03:05:52.0423 1020 MMCSS - ok
03:05:52.0461 1020 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
03:05:52.0462 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 59848D5CC74606F0EE7557983BB73C2E
03:05:52.0464 1020 Modem ( LockedFile.Multi.Generic ) - warning
03:05:52.0464 1020 Modem - detected LockedFile.Multi.Generic (1)
03:05:52.0515 1020 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:05:52.0515 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: C247CC2A57E0A0C8C6DCCF7807B3E9E5
03:05:52.0518 1020 monitor ( LockedFile.Multi.Generic ) - warning
03:05:52.0518 1020 monitor - detected LockedFile.Multi.Generic (1)
03:05:52.0546 1020 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:05:52.0546 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 9367304E5E412B120CF5F4EA14E4E4F1
03:05:52.0548 1020 mouclass ( LockedFile.Multi.Generic ) - warning
03:05:52.0548 1020 mouclass - detected LockedFile.Multi.Generic (1)
03:05:52.0575 1020 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:05:52.0576 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: C2C2BD5C5CE5AAF786DDD74B75D2AC69
03:05:52.0605 1020 mouhid ( LockedFile.Multi.Generic ) - warning
03:05:52.0605 1020 mouhid - detected LockedFile.Multi.Generic (1)
03:05:52.0623 1020 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
03:05:52.0623 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 11BC9B1E8801B01F7F6ADB9EAD30019B
03:05:52.0625 1020 MountMgr ( LockedFile.Multi.Generic ) - warning
03:05:52.0625 1020 MountMgr - detected LockedFile.Multi.Generic (1)
03:05:52.0689 1020 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:05:52.0700 1020 MozillaMaintenance - ok
03:05:52.0766 1020 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
03:05:52.0766 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: F8276EB8698142884498A528DFEA8478
03:05:52.0795 1020 mpio ( LockedFile.Multi.Generic ) - warning
03:05:52.0795 1020 mpio - detected LockedFile.Multi.Generic (1)
03:05:52.0825 1020 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:05:52.0825 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: C92B9ABDB65A5991E00C28F13491DBA2
03:05:52.0827 1020 mpsdrv ( LockedFile.Multi.Generic ) - warning
03:05:52.0827 1020 mpsdrv - detected LockedFile.Multi.Generic (1)
03:05:52.0882 1020 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
03:05:52.0993 1020 MpsSvc - ok
03:05:53.0087 1020 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
03:05:53.0087 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mraid35x.sys. md5: 3C200630A89EF2C0864D515B7A75802E
03:05:53.0090 1020 Mraid35x ( LockedFile.Multi.Generic ) - warning
03:05:53.0091 1020 Mraid35x - detected LockedFile.Multi.Generic (1)
03:05:53.0117 1020 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:05:53.0117 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: 7C1DE4AA96DC0C071611F9E7DE02A68D
03:05:53.0121 1020 MRxDAV ( LockedFile.Multi.Generic ) - warning
03:05:53.0121 1020 MRxDAV - detected LockedFile.Multi.Generic (1)
03:05:53.0156 1020 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:05:53.0156 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 1485811B320FF8C7EDAD1CAEBB1C6C2B
03:05:53.0170 1020 mrxsmb ( LockedFile.Multi.Generic ) - warning
03:05:53.0170 1020 mrxsmb - detected LockedFile.Multi.Generic (1)
03:05:53.0206 1020 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:05:53.0206 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 3B929A60C833FC615FD97FBA82BC7632
03:05:53.0209 1020 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
03:05:53.0209 1020 mrxsmb10 - detected LockedFile.Multi.Generic (1)
03:05:53.0219 1020 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:05:53.0219 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: C64AB3E1F53B4F5B5BB6D796B2D7BEC3
03:05:53.0221 1020 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
03:05:53.0221 1020 mrxsmb20 - detected LockedFile.Multi.Generic (1)
03:05:53.0259 1020 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
03:05:53.0259 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: 1AC860612B85D8E85EE257D372E39F4D
03:05:53.0262 1020 msahci ( LockedFile.Multi.Generic ) - warning
03:05:53.0262 1020 msahci - detected LockedFile.Multi.Generic (1)
03:05:53.0306 1020 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:05:53.0306 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: 264BBB4AAF312A485F0E44B65A6B7202
03:05:53.0309 1020 msdsm ( LockedFile.Multi.Generic ) - warning
03:05:53.0309 1020 msdsm - detected LockedFile.Multi.Generic (1)
03:05:53.0358 1020 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
03:05:53.0398 1020 MSDTC - ok
03:05:53.0440 1020 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:05:53.0440 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: 704F59BFC4512D2BB0146AEC31B10A7C
03:05:53.0442 1020 Msfs ( LockedFile.Multi.Generic ) - warning
03:05:53.0442 1020 Msfs - detected LockedFile.Multi.Generic (1)
03:05:53.0468 1020 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:05:53.0468 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: 00EBC952961664780D43DCA157E79B27
03:05:53.0478 1020 msisadrv ( LockedFile.Multi.Generic ) - warning
03:05:53.0478 1020 msisadrv - detected LockedFile.Multi.Generic (1)
03:05:53.0524 1020 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:05:53.0587 1020 MSiSCSI - ok
03:05:53.0604 1020 msiserver - ok
03:05:53.0634 1020 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:05:53.0635 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 0EA73E498F53B96D83DBFCA074AD4CF8
03:05:53.0637 1020 MSKSSRV ( LockedFile.Multi.Generic ) - warning
03:05:53.0637 1020 MSKSSRV - detected LockedFile.Multi.Generic (1)
03:05:53.0656 1020 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:05:53.0656 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: 52E59B7E992A58E740AA63F57EDBAE8B
03:05:53.0664 1020 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
03:05:53.0664 1020 MSPCLOCK - detected LockedFile.Multi.Generic (1)
03:05:53.0682 1020 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:05:53.0682 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 49084A75BAE043AE02D5B44D02991BB2
03:05:53.0684 1020 MSPQM ( LockedFile.Multi.Generic ) - warning
03:05:53.0684 1020 MSPQM - detected LockedFile.Multi.Generic (1)
03:05:53.0712 1020 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:05:53.0712 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: DC6CCF440CDEDE4293DB41C37A5060A5
03:05:53.0734 1020 MsRPC ( LockedFile.Multi.Generic ) - warning
03:05:53.0734 1020 MsRPC - detected LockedFile.Multi.Generic (1)
03:05:53.0788 1020 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:05:53.0789 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 855796E59DF77EA93AF46F20155BF55B
03:05:53.0791 1020 mssmbios ( LockedFile.Multi.Generic ) - warning
03:05:53.0791 1020 mssmbios - detected LockedFile.Multi.Generic (1)
03:05:53.0819 1020 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:05:53.0819 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 86D632D75D05D5B7C7C043FA3564AE86
03:05:53.0828 1020 MSTEE ( LockedFile.Multi.Generic ) - warning
03:05:53.0828 1020 MSTEE - detected LockedFile.Multi.Generic (1)
03:05:53.0861 1020 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
03:05:53.0861 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 6936198F2CC25B39CF5262436C80DF46
03:05:53.0863 1020 MTsensor ( LockedFile.Multi.Generic ) - warning
03:05:53.0863 1020 MTsensor - detected LockedFile.Multi.Generic (1)
03:05:53.0884 1020 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
03:05:53.0884 1020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: 0CC49F78D8ACA0877D885F149084E543
03:05:53.0889 1020 Mup ( LockedFile.Multi.Generic ) - warning
03:05:53.0889 1020 Mup - detected LockedFile.Multi.Generic (1)
03:05:53.0938 1020 [ E884FD7FB31BC82041AAB75BE5C81EEF ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
03:05:53.0938 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mv61xx.sys. md5: E884FD7FB31BC82041AAB75BE5C81EEF
03:05:53.0954 1020 mv61xx ( LockedFile.Multi.Generic ) - warning
03:05:53.0954 1020 mv61xx - detected LockedFile.Multi.Generic (1)
03:05:53.0986 1020 [ 6E6A3ADF84ED72514C65484AF6E51242 ] mv64xx C:\Windows\system32\DRIVERS\mv64xx.sys
03:05:53.0986 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mv64xx.sys. md5: 6E6A3ADF84ED72514C65484AF6E51242
03:05:54.0009 1020 mv64xx ( LockedFile.Multi.Generic ) - warning
03:05:54.0009 1020 mv64xx - detected LockedFile.Multi.Generic (1)
03:05:54.0055 1020 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
03:05:54.0152 1020 napagent - ok
03:05:54.0187 1020 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:05:54.0187 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 2007B826C4ACD94AE32232B41F0842B9
03:05:54.0190 1020 NativeWifiP ( LockedFile.Multi.Generic ) - warning
03:05:54.0190 1020 NativeWifiP - detected LockedFile.Multi.Generic (1)
03:05:54.0248 1020 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:05:54.0248 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 65950E07329FCEE8E6516B17C8D0ABB6
03:05:54.0264 1020 NDIS ( LockedFile.Multi.Generic ) - warning
03:05:54.0264 1020 NDIS - detected LockedFile.Multi.Generic (1)
03:05:54.0289 1020 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:05:54.0290 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 64DF698A425478E321981431AC171334
03:05:54.0293 1020 NdisTapi ( LockedFile.Multi.Generic ) - warning
03:05:54.0293 1020 NdisTapi - detected LockedFile.Multi.Generic (1)
03:05:54.0322 1020 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:05:54.0322 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 8BAA43196D7B5BB972C9A6B2BBF61A19
03:05:54.0325 1020 Ndisuio ( LockedFile.Multi.Generic ) - warning
03:05:54.0326 1020 Ndisuio - detected LockedFile.Multi.Generic (1)
03:05:54.0361 1020 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:05:54.0361 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: F8158771905260982CE724076419EF19
03:05:54.0382 1020 NdisWan ( LockedFile.Multi.Generic ) - warning
03:05:54.0382 1020 NdisWan - detected LockedFile.Multi.Generic (1)
03:05:54.0416 1020 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:05:54.0417 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 9CB77ED7CB72850253E973A2D6AFDF49
03:05:54.0419 1020 NDProxy ( LockedFile.Multi.Generic ) - warning
03:05:54.0419 1020 NDProxy - detected LockedFile.Multi.Generic (1)
03:05:54.0459 1020 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:05:54.0460 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: A499294F5029A7862ADC115BDA7371CE
03:05:54.0464 1020 NetBIOS ( LockedFile.Multi.Generic ) - warning
03:05:54.0464 1020 NetBIOS - detected LockedFile.Multi.Generic (1)
03:05:54.0508 1020 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
03:05:54.0508 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: FC2C792EBDDC8E28DF939D6A92C83D61
03:05:54.0540 1020 netbt ( LockedFile.Multi.Generic ) - warning
03:05:54.0540 1020 netbt - detected LockedFile.Multi.Generic (1)
03:05:54.0550 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
03:05:54.0563 1020 Netlogon - ok
03:05:54.0598 1020 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
03:05:54.0643 1020 Netman - ok
03:05:54.0678 1020 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
03:05:54.0732 1020 netprofm - ok
03:05:54.0769 1020 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:05:54.0783 1020 NetTcpPortSharing - ok
03:05:54.0835 1020 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:05:54.0835 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nfrd960.sys. md5: 4AC08BD6AF2DF42E0C3196D826C8AEA7
03:05:54.0839 1020 nfrd960 ( LockedFile.Multi.Generic ) - warning
03:05:54.0839 1020 nfrd960 - detected LockedFile.Multi.Generic (1)
03:05:54.0871 1020 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
03:05:54.0915 1020 NlaSvc - ok
03:05:54.0954 1020 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:05:54.0954 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: B298874F8E0EA93F06EC40AA8D146478
03:05:54.0957 1020 Npfs ( LockedFile.Multi.Generic ) - warning
03:05:54.0958 1020 Npfs - detected LockedFile.Multi.Generic (1)
03:05:54.0990 1020 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
03:05:55.0030 1020 nsi - ok
03:05:55.0070 1020 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:05:55.0070 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: 1523AF19EE8B030BA682F7A53537EAEB
03:05:55.0073 1020 nsiproxy ( LockedFile.Multi.Generic ) - warning
03:05:55.0073 1020 nsiproxy - detected LockedFile.Multi.Generic (1)
03:05:55.0134 1020 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:05:55.0134 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: BAC869DFB98E499BA4D9BB1FB43270E1
03:05:55.0137 1020 Ntfs ( LockedFile.Multi.Generic ) - warning
03:05:55.0138 1020 Ntfs - detected LockedFile.Multi.Generic (1)
03:05:55.0160 1020 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
03:05:55.0160 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: DD5D684975352B85B52E3FD5347C20CB
03:05:55.0179 1020 Null ( LockedFile.Multi.Generic ) - warning
03:05:55.0179 1020 Null - detected LockedFile.Multi.Generic (1)
03:05:55.0203 1020 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:05:55.0203 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 2C040B7ADA5B06F6FACADAC8514AA034
03:05:55.0206 1020 nvraid ( LockedFile.Multi.Generic ) - warning
03:05:55.0206 1020 nvraid - detected LockedFile.Multi.Generic (1)
03:05:55.0220 1020 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:05:55.0220 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: F7EA0FE82842D05EDA3EFDD376DBFDBA
03:05:55.0235 1020 nvstor ( LockedFile.Multi.Generic ) - warning
03:05:55.0235 1020 nvstor - detected LockedFile.Multi.Generic (1)
03:05:55.0267 1020 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:05:55.0267 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 19067CA93075EF4823E3938A686F532F
03:05:55.0270 1020 nv_agp ( LockedFile.Multi.Generic ) - warning
03:05:55.0270 1020 nv_agp - detected LockedFile.Multi.Generic (1)
03:05:55.0277 1020 NwlnkFlt - ok
03:05:55.0284 1020 NwlnkFwd - ok
03:05:55.0389 1020 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:05:55.0412 1020 odserv - ok
03:05:55.0479 1020 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
03:05:55.0479 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: B5B1CE65AC15BBD11C0619E3EF7CFC28
03:05:55.0511 1020 ohci1394 ( LockedFile.Multi.Generic ) - warning
03:05:55.0511 1020 ohci1394 - detected LockedFile.Multi.Generic (1)
03:05:55.0543 1020 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:05:55.0557 1020 ose - ok
03:05:55.0619 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
03:05:55.0686 1020 p2pimsvc - ok
03:05:55.0709 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
03:05:55.0776 1020 p2psvc - ok
03:05:55.0842 1020 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
03:05:55.0843 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\parport.sys. md5: AECD57F94C887F58919F307C35498EA0
03:05:55.0864 1020 Parport ( LockedFile.Multi.Generic ) - warning
03:05:55.0864 1020 Parport - detected LockedFile.Multi.Generic (1)
03:05:55.0898 1020 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:05:55.0898 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: B43751085E2ABE389DA466BC62A4B987
03:05:55.0918 1020 partmgr ( LockedFile.Multi.Generic ) - warning
03:05:55.0918 1020 partmgr - detected LockedFile.Multi.Generic (1)
03:05:55.0956 1020 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
03:05:56.0025 1020 PcaSvc - ok
03:05:56.0060 1020 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
03:05:56.0060 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 47AB1E0FC9D0E12BB53BA246E3A0906D
03:05:56.0062 1020 pci ( LockedFile.Multi.Generic ) - warning
03:05:56.0063 1020 pci - detected LockedFile.Multi.Generic (1)
03:05:56.0084 1020 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
03:05:56.0084 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: 2657F6C0B78C36D95034BE109336E382
03:05:56.0086 1020 pciide ( LockedFile.Multi.Generic ) - warning
03:05:56.0086 1020 pciide - detected LockedFile.Multi.Generic (1)
03:05:56.0122 1020 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:05:56.0122 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcmcia.sys. md5: 037661F3D7C507C9993B7010CEEE6288
03:05:56.0125 1020 pcmcia ( LockedFile.Multi.Generic ) - warning
03:05:56.0125 1020 pcmcia - detected LockedFile.Multi.Generic (1)
03:05:56.0158 1020 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:05:56.0158 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 58865916F53592A61549B04941BFD80D
03:05:56.0193 1020 PEAUTH ( LockedFile.Multi.Generic ) - warning
03:05:56.0193 1020 PEAUTH - detected LockedFile.Multi.Generic (1)
03:05:56.0267 1020 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:05:56.0327 1020 PerfHost - ok
03:05:56.0413 1020 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
03:05:56.0515 1020 pla - ok
03:05:56.0547 1020 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:05:56.0588 1020 PlugPlay - ok
03:05:56.0610 1020 PnkBstrA - ok
03:05:56.0661 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
03:05:56.0688 1020 PNRPAutoReg - ok
03:05:56.0707 1020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
03:05:56.0775 1020 PNRPsvc - ok
03:05:56.0878 1020 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:05:56.0918 1020 PolicyAgent - ok
03:05:56.0974 1020 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:05:56.0974 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 23386E9952025F5F21C368971E2E7301
03:05:56.0977 1020 PptpMiniport ( LockedFile.Multi.Generic ) - warning
03:05:56.0977 1020 PptpMiniport - detected LockedFile.Multi.Generic (1)
03:05:57.0039 1020 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
03:05:57.0039 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\processr.sys. md5: 5080E59ECEE0BC923F14018803AA7A01
03:05:57.0069 1020 Processor ( LockedFile.Multi.Generic ) - warning
03:05:57.0069 1020 Processor - detected LockedFile.Multi.Generic (1)
03:05:57.0103 1020 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
03:05:57.0146 1020 ProfSvc - ok
03:05:57.0159 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
03:05:57.0173 1020 ProtectedStorage - ok
03:05:57.0285 1020 [ EB21A4F28E4135498B3CE981883A0A44 ] PS3 Media Server C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
03:05:57.0292 1020 PS3 Media Server ( UnsignedFile.Multi.Generic ) - warning
03:05:57.0292 1020 PS3 Media Server - detected UnsignedFile.Multi.Generic (1)
03:05:57.0357 1020 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
03:05:57.0357 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: C5AB7F0809392D0DA027F4A2A81BFA31
03:05:57.0388 1020 PSched ( LockedFile.Multi.Generic ) - warning
03:05:57.0388 1020 PSched - detected LockedFile.Multi.Generic (1)
03:05:57.0454 1020 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:05:57.0454 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ql2300.sys. md5: 0B83F4E681062F3839BE2EC1D98FD94A
03:05:57.0458 1020 ql2300 ( LockedFile.Multi.Generic ) - warning
03:05:57.0458 1020 ql2300 - detected LockedFile.Multi.Generic (1)
03:05:57.0510 1020 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:05:57.0511 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ql40xx.sys. md5: E1C80F8D4D1E39EF9595809C1369BF2A
03:05:57.0514 1020 ql40xx ( LockedFile.Multi.Generic ) - warning
03:05:57.0514 1020 ql40xx - detected LockedFile.Multi.Generic (1)
03:05:57.0569 1020 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
03:05:57.0613 1020 QWAVE - ok
03:05:57.0622 1020 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:05:57.0622 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: E8D76EDAB77EC9C634C27B8EAC33ADC5
03:05:57.0625 1020 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
03:05:57.0625 1020 QWAVEdrv - detected LockedFile.Multi.Generic (1)
03:05:57.0641 1020 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:05:57.0641 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 1013B3B663A56D3DDD784F581C1BD005
03:05:57.0645 1020 RasAcd ( LockedFile.Multi.Generic ) - warning
03:05:57.0645 1020 RasAcd - detected LockedFile.Multi.Generic (1)
03:05:57.0668 1020 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
03:05:57.0709 1020 RasAuto - ok
03:05:57.0755 1020 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:05:57.0755 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: AC7BC4D42A7E558718DFDEC599BBFC2C
03:05:57.0796 1020 Rasl2tp ( LockedFile.Multi.Generic ) - warning
03:05:57.0796 1020 Rasl2tp - detected LockedFile.Multi.Generic (1)
03:05:57.0818 1020 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
03:05:57.0867 1020 RasMan - ok
03:05:57.0905 1020 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:05:57.0905 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 4517FBF8B42524AFE4EDE1DE102AAE3E
03:05:57.0908 1020 RasPppoe ( LockedFile.Multi.Generic ) - warning
03:05:57.0908 1020 RasPppoe - detected LockedFile.Multi.Generic (1)
03:05:57.0966 1020 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:05:57.0966 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: C6A593B51F34C33E5474539544072527
03:05:57.0968 1020 RasSstp ( LockedFile.Multi.Generic ) - warning
03:05:57.0968 1020 RasSstp - detected LockedFile.Multi.Generic (1)
03:05:58.0003 1020 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:05:58.0003 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 322DB5C6B55E8D8EE8D6F358B2AAABB1
03:05:58.0005 1020 rdbss ( LockedFile.Multi.Generic ) - warning
03:05:58.0005 1020 rdbss - detected LockedFile.Multi.Generic (1)
03:05:58.0034 1020 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:05:58.0034 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 603900CC05F6BE65CCBF373800AF3716
03:05:58.0038 1020 RDPCDD ( LockedFile.Multi.Generic ) - warning
03:05:58.0038 1020 RDPCDD - detected LockedFile.Multi.Generic (1)
03:05:58.0093 1020 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
03:05:58.0093 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: C045D1FB111C28DF0D1BE8D4BDA22C06
03:05:58.0119 1020 rdpdr ( LockedFile.Multi.Generic ) - warning
03:05:58.0119 1020 rdpdr - detected LockedFile.Multi.Generic (1)
03:05:58.0139 1020 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:05:58.0139 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: CAB9421DAF3D97B33D0D055858E2C3AB
03:05:58.0143 1020 RDPENCDD ( LockedFile.Multi.Generic ) - warning
03:05:58.0144 1020 RDPENCDD - detected LockedFile.Multi.Generic (1)
03:05:58.0190 1020 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:05:58.0190 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: AE4BD9E1C33D351D8E607FC81F15160C
03:05:58.0193 1020 RDPWD ( LockedFile.Multi.Generic ) - warning
03:05:58.0193 1020 RDPWD - detected LockedFile.Multi.Generic (1)
03:05:58.0241 1020 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:05:58.0289 1020 RemoteAccess - ok
03:05:58.0316 1020 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:05:58.0335 1020 RemoteRegistry - ok
03:05:58.0406 1020 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
03:05:58.0406 1020 Suspicious file (NoAccess): C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys. md5: A10B40CF9EB57D24E44717A2D38A00F4
03:05:58.0450 1020 RivaTuner64 ( LockedFile.Multi.Generic ) - warning
03:05:58.0450 1020 RivaTuner64 - detected LockedFile.Multi.Generic (1)
03:05:58.0494 1020 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
03:05:58.0503 1020 RpcLocator - ok
03:05:58.0545 1020 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
03:05:58.0571 1020 RpcSs - ok
03:05:58.0596 1020 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:05:58.0596 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 22A9CB08B1A6707C1550C6BF099AAE73
03:05:58.0599 1020 rspndr ( LockedFile.Multi.Generic ) - warning
03:05:58.0599 1020 rspndr - detected LockedFile.Multi.Generic (1)
03:05:58.0663 1020 [ 67C7695D3B18682ADDF8419EDA4BBFB8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
03:05:58.0664 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: 67C7695D3B18682ADDF8419EDA4BBFB8
03:05:58.0694 1020 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - warning
03:05:58.0694 1020 RTHDMIAzAudService - detected LockedFile.Multi.Generic (1)
03:05:58.0709 1020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
03:05:58.0718 1020 SamSs - ok
03:05:58.0785 1020 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:05:58.0785 1020 Suspicious file (NoAccess): C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS. md5: 3289766038DB2CB14D07DC84392138D5
03:05:58.0787 1020 SASDIFSV ( LockedFile.Multi.Generic ) - warning
03:05:58.0787 1020 SASDIFSV - detected LockedFile.Multi.Generic (1)
03:05:58.0834 1020 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:05:58.0834 1020 Suspicious file (NoAccess): C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS. md5: 58A38E75F3316A83C23DF6173D41F2B5
03:05:58.0837 1020 SASKUTIL ( LockedFile.Multi.Generic ) - warning
03:05:58.0837 1020 SASKUTIL - detected LockedFile.Multi.Generic (1)
03:05:58.0897 1020 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:05:58.0897 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: CD9C693589C60AD59BBBCFB0E524E01B
03:05:58.0911 1020 sbp2port ( LockedFile.Multi.Generic ) - warning
03:05:58.0911 1020 sbp2port - detected LockedFile.Multi.Generic (1)
03:05:58.0948 1020 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:05:58.0969 1020 SCardSvr - ok
03:05:59.0008 1020 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
03:05:59.0059 1020 Schedule - ok
03:05:59.0109 1020 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
03:05:59.0128 1020 SCPolicySvc - ok
03:05:59.0193 1020 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:05:59.0205 1020 SDRSVC - ok
03:05:59.0249 1020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:05:59.0250 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
03:05:59.0269 1020 secdrv ( LockedFile.Multi.Generic ) - warning
03:05:59.0269 1020 secdrv - detected LockedFile.Multi.Generic (1)
03:05:59.0296 1020 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
03:05:59.0330 1020 seclogon - ok
03:05:59.0350 1020 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
03:05:59.0385 1020 SENS - ok
03:05:59.0425 1020 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
03:05:59.0425 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\serenum.sys. md5: F71BFE7AC6C52273B7C82CBF1BB2A222
03:05:59.0427 1020 Serenum ( LockedFile.Multi.Generic ) - warning
03:05:59.0427 1020 Serenum - detected LockedFile.Multi.Generic (1)
03:05:59.0447 1020 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
03:05:59.0447 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\serial.sys. md5: E62FAC91EE288DB29A9696A9D279929C
03:05:59.0450 1020 Serial ( LockedFile.Multi.Generic ) - warning
03:05:59.0450 1020 Serial - detected LockedFile.Multi.Generic (1)
03:05:59.0481 1020 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:05:59.0481 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sermouse.sys. md5: A842F04833684BCEEA7336211BE478DF
03:05:59.0495 1020 sermouse ( LockedFile.Multi.Generic ) - warning
03:05:59.0495 1020 sermouse - detected LockedFile.Multi.Generic (1)
03:05:59.0562 1020 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
03:05:59.0605 1020 SessionEnv - ok
03:05:59.0621 1020 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:05:59.0622 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: 14D4B4465193A87C127933978E8C4106
03:05:59.0630 1020 sffdisk ( LockedFile.Multi.Generic ) - warning
03:05:59.0630 1020 sffdisk - detected LockedFile.Multi.Generic (1)
03:05:59.0650 1020 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:05:59.0650 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 7073AEE3F82F3D598E3825962AA98AB2
03:05:59.0654 1020 sffp_mmc ( LockedFile.Multi.Generic ) - warning
03:05:59.0654 1020 sffp_mmc - detected LockedFile.Multi.Generic (1)
03:05:59.0669 1020 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:05:59.0669 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: 35E59EBE4A01A0532ED67975161C7B82
03:05:59.0673 1020 sffp_sd ( LockedFile.Multi.Generic ) - warning
03:05:59.0673 1020 sffp_sd - detected LockedFile.Multi.Generic (1)
03:05:59.0705 1020 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
03:05:59.0705 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sfloppy.sys. md5: 6B7838C94135768BD455CBDC23E39E5F
03:05:59.0707 1020 sfloppy ( LockedFile.Multi.Generic ) - warning
03:05:59.0707 1020 sfloppy - detected LockedFile.Multi.Generic (1)
03:05:59.0766 1020 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:05:59.0842 1020 SharedAccess - ok
03:05:59.0878 1020 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:05:59.0892 1020 ShellHWDetection - ok
03:05:59.0927 1020 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
03:05:59.0927 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sisraid2.sys. md5: 7A5DE502AEB719D4594C6471060A78B3
03:05:59.0936 1020 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
03:05:59.0936 1020 SiSRaid2 - detected LockedFile.Multi.Generic (1)
03:05:59.0972 1020 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:05:59.0972 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sisraid4.sys. md5: 3A2F769FAB9582BC720E11EA1DFB184D
03:05:59.0975 1020 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
03:05:59.0975 1020 SiSRaid4 - detected LockedFile.Multi.Generic (1)
03:06:00.0048 1020 [ 8C5477EB1C03CA76CD8EB66A610A9E90 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:06:00.0059 1020 SkypeUpdate - ok
03:06:00.0133 1020 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
03:06:00.0371 1020 slsvc - ok
03:06:00.0501 1020 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
03:06:00.0548 1020 SLUINotify - ok
03:06:00.0599 1020 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:06:00.0599 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 290B6F6A0EC4FCDFC90F5CB6D7020473
03:06:00.0621 1020 Smb ( LockedFile.Multi.Generic ) - warning
03:06:00.0621 1020 Smb - detected LockedFile.Multi.Generic (1)
03:06:00.0663 1020 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:06:00.0681 1020 SNMPTRAP - ok
03:06:00.0972 1020 [ 8B28F3CB8AD97924BFFF94922018B3D8 ] SNP2STD C:\Windows\system32\DRIVERS\snp2sxp.sys
03:06:00.0972 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\snp2sxp.sys. md5: 8B28F3CB8AD97924BFFF94922018B3D8
03:06:01.0033 1020 SNP2STD ( LockedFile.Multi.Generic ) - warning
03:06:01.0033 1020 SNP2STD - detected LockedFile.Multi.Generic (1)
03:06:01.0054 1020 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
03:06:01.0055 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: 386C3C63F00A7040C7EC5E384217E89D
03:06:01.0057 1020 spldr ( LockedFile.Multi.Generic ) - warning
03:06:01.0057 1020 spldr - detected LockedFile.Multi.Generic (1)
03:06:01.0089 1020 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
03:06:01.0106 1020 Spooler - ok
03:06:01.0136 1020 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
03:06:01.0137 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 880A57FCCB571EBD063D4DD50E93E46D
03:06:01.0141 1020 srv ( LockedFile.Multi.Generic ) - warning
03:06:01.0141 1020 srv - detected LockedFile.Multi.Generic (1)
03:06:01.0164 1020 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:06:01.0164 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: A1AD14A6D7A37891FFFECA35EBBB0730
03:06:01.0167 1020 srv2 ( LockedFile.Multi.Generic ) - warning
03:06:01.0167 1020 srv2 - detected LockedFile.Multi.Generic (1)
03:06:01.0192 1020 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:06:01.0192 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 4BED62F4FA4D8300973F1151F4C4D8A7
03:06:01.0194 1020 srvnet ( LockedFile.Multi.Generic ) - warning
03:06:01.0194 1020 srvnet - detected LockedFile.Multi.Generic (1)
03:06:01.0221 1020 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:06:01.0247 1020 SSDPSRV - ok
03:06:01.0293 1020 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:06:01.0316 1020 SstpSvc - ok
03:06:01.0340 1020 Steam Client Service - ok
03:06:01.0388 1020 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
03:06:01.0448 1020 stisvc - ok
03:06:01.0493 1020 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:06:01.0494 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\swenum.sys. md5: 8A851CA908B8B974F89C50D2E18D4F0C
03:06:01.0508 1020 swenum ( LockedFile.Multi.Generic ) - warning
03:06:01.0508 1020 swenum - detected LockedFile.Multi.Generic (1)
03:06:01.0629 1020 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:06:01.0643 1020 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
03:06:01.0643 1020 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
03:06:01.0696 1020 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
03:06:01.0766 1020 swprv - ok
03:06:01.0809 1020 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
03:06:01.0810 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\symc8xx.sys. md5: 2F26A2C6FC96B29BEFF5D8ED74E6625B
03:06:01.0840 1020 Symc8xx ( LockedFile.Multi.Generic ) - warning
03:06:01.0840 1020 Symc8xx - detected LockedFile.Multi.Generic (1)
03:06:01.0882 1020 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
03:06:01.0882 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sym_hi.sys. md5: A909667976D3BCCD1DF813FED517D837
03:06:01.0885 1020 Sym_hi ( LockedFile.Multi.Generic ) - warning
03:06:01.0885 1020 Sym_hi - detected LockedFile.Multi.Generic (1)
03:06:01.0933 1020 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
03:06:01.0934 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\sym_u3.sys. md5: 36887B56EC2D98B9C362F6AE4DE5B7B0
03:06:01.0937 1020 Sym_u3 ( LockedFile.Multi.Generic ) - warning
03:06:01.0937 1020 Sym_u3 - detected LockedFile.Multi.Generic (1)
03:06:01.0998 1020 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
03:06:02.0072 1020 SysMain - ok
03:06:02.0111 1020 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:06:02.0130 1020 TabletInputService - ok
03:06:02.0228 1020 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
03:06:02.0228 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\taphss.sys. md5: F33FDC72298DF4BF9813A55D21F4EB31
03:06:02.0252 1020 taphss ( LockedFile.Multi.Generic ) - warning
03:06:02.0252 1020 taphss - detected LockedFile.Multi.Generic (1)
03:06:02.0281 1020 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:06:02.0303 1020 TapiSrv - ok
03:06:02.0334 1020 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
03:06:02.0361 1020 TBS - ok
03:06:02.0412 1020 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:06:02.0412 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: 46D448E9117464E4D3BBF36D7E3FA48E
03:06:02.0418 1020 Tcpip ( LockedFile.Multi.Generic ) - warning
03:06:02.0418 1020 Tcpip - detected LockedFile.Multi.Generic (1)
03:06:02.0437 1020 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
03:06:02.0437 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 46D448E9117464E4D3BBF36D7E3FA48E
03:06:02.0441 1020 Tcpip6 ( LockedFile.Multi.Generic ) - warning
03:06:02.0441 1020 Tcpip6 - detected LockedFile.Multi.Generic (1)
03:06:02.0467 1020 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:06:02.0467 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: C7E72A4071EE0200E3C075DACFB2B334
03:06:02.0469 1020 tcpipreg ( LockedFile.Multi.Generic ) - warning
03:06:02.0469 1020 tcpipreg - detected LockedFile.Multi.Generic (1)
03:06:02.0489 1020 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:06:02.0489 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 1D8BF4AAA5FB7A2761475781DC1195BC
03:06:02.0502 1020 TDPIPE ( LockedFile.Multi.Generic ) - warning
03:06:02.0502 1020 TDPIPE - detected LockedFile.Multi.Generic (1)
03:06:02.0533 1020 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:06:02.0533 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 7F7E00CDF609DF657F4CDA02DD1C9BB1
03:06:02.0535 1020 TDTCP ( LockedFile.Multi.Generic ) - warning
03:06:02.0535 1020 TDTCP - detected LockedFile.Multi.Generic (1)
03:06:02.0580 1020 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:06:02.0580 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: 458919C8C42E398DC4802178D5FFEE27
03:06:02.0599 1020 tdx ( LockedFile.Multi.Generic ) - warning
03:06:02.0599 1020 tdx - detected LockedFile.Multi.Generic (1)
03:06:02.0630 1020 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:06:02.0630 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\termdd.sys. md5: 8C19678D22649EC002EF2282EAE92F98
03:06:02.0632 1020 TermDD ( LockedFile.Multi.Generic ) - warning
03:06:02.0632 1020 TermDD - detected LockedFile.Multi.Generic (1)
03:06:02.0667 1020 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
03:06:02.0693 1020 TermService - ok
03:06:02.0743 1020 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
03:06:02.0744 1020 Suspicious file (NoAccess): C:\Windows\System32\Drivers\TFsExDisk.sys. md5: CE4B6956E4E12492715A53076E58761F
03:06:02.0747 1020 TFsExDisk ( LockedFile.Multi.Generic ) - warning
03:06:02.0747 1020 TFsExDisk - detected LockedFile.Multi.Generic (1)
03:06:02.0769 1020 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
03:06:02.0782 1020 Themes - ok
03:06:02.0803 1020 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
03:06:02.0834 1020 THREADORDER - ok
03:06:02.0896 1020 [ 69A7B3E2DA1D754ED33DE11E52B7F0D3 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
03:06:02.0905 1020 TomTomHOMEService - ok
03:06:02.0960 1020 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
03:06:02.0992 1020 TrkWks - ok
03:06:03.0043 1020 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:06:03.0073 1020 TrustedInstaller - ok
03:06:03.0126 1020 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:06:03.0126 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 9E5409CD17C8BEF193AAD498F3BC2CB8
03:06:03.0128 1020 tssecsrv ( LockedFile.Multi.Generic ) - warning
03:06:03.0128 1020 tssecsrv - detected LockedFile.Multi.Generic (1)
03:06:03.0168 1020 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
03:06:03.0168 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunmp.sys. md5: 89EC74A9E602D16A75A4170511029B3C
03:06:03.0183 1020 tunmp ( LockedFile.Multi.Generic ) - warning
03:06:03.0183 1020 tunmp - detected LockedFile.Multi.Generic (1)
03:06:03.0215 1020 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:06:03.0215 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 30A9B3F45AD081BFFC3BCAA9C812B609
03:06:03.0217 1020 tunnel ( LockedFile.Multi.Generic ) - warning
03:06:03.0217 1020 tunnel - detected LockedFile.Multi.Generic (1)
03:06:03.0251 1020 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:06:03.0251 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\uagp35.sys. md5: FEC266EF401966311744BD0F359F7F56
03:06:03.0254 1020 uagp35 ( LockedFile.Multi.Generic ) - warning
03:06:03.0254 1020 uagp35 - detected LockedFile.Multi.Generic (1)
03:06:03.0298 1020 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:06:03.0299 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FAF2640A2A76ED03D449E443194C4C34
03:06:03.0301 1020 udfs ( LockedFile.Multi.Generic ) - warning
03:06:03.0301 1020 udfs - detected LockedFile.Multi.Generic (1)
03:06:03.0347 1020 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:06:03.0379 1020 UI0Detect - ok
03:06:03.0442 1020 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:06:03.0443 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4EC9447AC3AB462647F60E547208CA00
03:06:03.0468 1020 uliagpkx ( LockedFile.Multi.Generic ) - warning
03:06:03.0468 1020 uliagpkx - detected LockedFile.Multi.Generic (1)
03:06:03.0501 1020 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
03:06:03.0501 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliahci.sys. md5: 697F0446134CDC8F99E69306184FBBB4
03:06:03.0504 1020 uliahci ( LockedFile.Multi.Generic ) - warning
03:06:03.0504 1020 uliahci - detected LockedFile.Multi.Generic (1)
03:06:03.0526 1020 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
03:06:03.0526 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ulsata.sys. md5: 31707F09846056651EA2C37858F5DDB0
03:06:03.0529 1020 UlSata ( LockedFile.Multi.Generic ) - warning
03:06:03.0529 1020 UlSata - detected LockedFile.Multi.Generic (1)
03:06:03.0552 1020 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
03:06:03.0553 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ulsata2.sys. md5: 85E5E43ED5B48C8376281BAB519271B7
03:06:03.0556 1020 ulsata2 ( LockedFile.Multi.Generic ) - warning
03:06:03.0556 1020 ulsata2 - detected LockedFile.Multi.Generic (1)
03:06:03.0573 1020 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:06:03.0574 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: 46E9A994C4FED537DD951F60B86AD3F4
03:06:03.0576 1020 umbus ( LockedFile.Multi.Generic ) - warning
03:06:03.0576 1020 umbus - detected LockedFile.Multi.Generic (1)
03:06:03.0616 1020 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
03:06:03.0715 1020 upnphost - ok
03:06:03.0748 1020 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
03:06:03.0748 1020 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbaapl64.sys. md5: AA33FC47ED58C34E6E9261E4F850B7EB
03:06:03.0757 1020 USBAAPL64 ( LockedFile.Multi.Generic ) - warning
03:06:03.0758 1020 USBAAPL64 - detected LockedFile.Multi.Generic (1)
03:06:03.0791 1020 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
03:06:03.0791 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbaudio.sys. md5: C6BA890DE6E41857FBE84175519CAE7D
03:06:03.0793 1020 usbaudio ( LockedFile.Multi.Generic ) - warning
03:06:03.0793 1020 usbaudio - detected LockedFile.Multi.Generic (1)
03:06:03.0840 1020 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:06:03.0840 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 07E3498FC60834219D2356293DA0FECC
03:06:03.0843 1020 usbccgp ( LockedFile.Multi.Generic ) - warning
03:06:03.0843 1020 usbccgp - detected LockedFile.Multi.Generic (1)
03:06:03.0887 1020 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
03:06:03.0887 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: 9247F7E0B65852C1F6631480984D6ED2
03:06:03.0891 1020 usbcir ( LockedFile.Multi.Generic ) - warning
03:06:03.0891 1020 usbcir - detected LockedFile.Multi.Generic (1)
03:06:03.0908 1020 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:06:03.0908 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: 827E44DE934A736EA31E91D353EB126F
03:06:03.0911 1020 usbehci ( LockedFile.Multi.Generic ) - warning
03:06:03.0911 1020 usbehci - detected LockedFile.Multi.Generic (1)
03:06:03.0977 1020 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:06:03.0977 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: BB35CD80A2ECECFADC73569B3D70C7D1
03:06:04.0004 1020 usbhub ( LockedFile.Multi.Generic ) - warning
03:06:04.0004 1020 usbhub - detected LockedFile.Multi.Generic (1)
03:06:04.0026 1020 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:06:04.0026 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: EBA14EF0C07CEC233F1529C698D0D154
03:06:04.0028 1020 usbohci ( LockedFile.Multi.Generic ) - warning
03:06:04.0028 1020 usbohci - detected LockedFile.Multi.Generic (1)
03:06:04.0058 1020 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
03:06:04.0058 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 28B693B6D31E7B9332C1BDCEFEF228C1
03:06:04.0061 1020 usbprint ( LockedFile.Multi.Generic ) - warning
03:06:04.0061 1020 usbprint - detected LockedFile.Multi.Generic (1)
03:06:04.0099 1020 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
03:06:04.0099 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: EA0BF666868964FBE8CB10E50C97B9F1
03:06:04.0116 1020 usbscan ( LockedFile.Multi.Generic ) - warning
03:06:04.0116 1020 usbscan - detected LockedFile.Multi.Generic (1)
03:06:04.0170 1020 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:06:04.0170 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: B854C1558FCA0C269A38663E8B59B581
03:06:04.0173 1020 USBSTOR ( LockedFile.Multi.Generic ) - warning
03:06:04.0173 1020 USBSTOR - detected LockedFile.Multi.Generic (1)
03:06:04.0217 1020 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
03:06:04.0218 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: B2872CBF9F47316ABD0E0C74A1ABA507
03:06:04.0243 1020 usbuhci ( LockedFile.Multi.Generic ) - warning
03:06:04.0243 1020 usbuhci - detected LockedFile.Multi.Generic (1)
03:06:04.0269 1020 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
03:06:04.0306 1020 UxSms - ok
03:06:04.0344 1020 [ 8FC6E3D302550A06C7C5DB9F1AB54193 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
03:06:04.0345 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VClone.sys. md5: 8FC6E3D302550A06C7C5DB9F1AB54193
03:06:04.0348 1020 VClone ( LockedFile.Multi.Generic ) - warning
03:06:04.0348 1020 VClone - detected LockedFile.Multi.Generic (1)
03:06:04.0400 1020 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
03:06:04.0463 1020 vds - ok
03:06:04.0504 1020 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:06:04.0504 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 916B94BCF1E09873FFF2D5FB11767BBC
03:06:04.0527 1020 vga ( LockedFile.Multi.Generic ) - warning
03:06:04.0527 1020 vga - detected LockedFile.Multi.Generic (1)
03:06:04.0575 1020 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
03:06:04.0575 1020 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: B83AB16B51FEDA65DD81B8C59D114D63
03:06:04.0579 1020 VgaSave ( LockedFile.Multi.Generic ) - warning
03:06:04.0579 1020 VgaSave - detected LockedFile.Multi.Generic (1)
03:06:04.0632 1020 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
03:06:04.0632 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: 8294B6C3FDB6C33F24E150DE647ECDAA
03:06:04.0634 1020 viaide ( LockedFile.Multi.Generic ) - warning
03:06:04.0634 1020 viaide - detected LockedFile.Multi.Generic (1)
03:06:04.0651 1020 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:06:04.0652 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: 2B7E885ED951519A12C450D24535DFCA
03:06:04.0654 1020 volmgr ( LockedFile.Multi.Generic ) - warning
03:06:04.0654 1020 volmgr - detected LockedFile.Multi.Generic (1)
03:06:04.0692 1020 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:06:04.0692 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: CEC5AC15277D75D9E5DEC2E1C6EAF877
03:06:04.0694 1020 volmgrx ( LockedFile.Multi.Generic ) - warning
03:06:04.0695 1020 volmgrx - detected LockedFile.Multi.Generic (1)
03:06:04.0719 1020 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:06:04.0719 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 5280AADA24AB36B01A84A6424C475C8D
03:06:04.0732 1020 volsnap ( LockedFile.Multi.Generic ) - warning
03:06:04.0732 1020 volsnap - detected LockedFile.Multi.Generic (1)
03:06:04.0756 1020 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:06:04.0756 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\vsmraid.sys. md5: A68F455ED2673835209318DD61BFBB0E
03:06:04.0774 1020 vsmraid ( LockedFile.Multi.Generic ) - warning
03:06:04.0774 1020 vsmraid - detected LockedFile.Multi.Generic (1)
03:06:04.0826 1020 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
03:06:05.0009 1020 VSS - ok
03:06:05.0058 1020 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
03:06:05.0129 1020 W32Time - ok
03:06:05.0191 1020 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:06:05.0191 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\wacompen.sys. md5: FEF8FE5923FEAD2CEE4DFABFCE3393A7
03:06:05.0219 1020 WacomPen ( LockedFile.Multi.Generic ) - warning
03:06:05.0219 1020 WacomPen - detected LockedFile.Multi.Generic (1)
03:06:05.0267 1020 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
03:06:05.0267 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: B8E7049622300D20BA6D8BE0C47C0CFD
03:06:05.0271 1020 Wanarp ( LockedFile.Multi.Generic ) - warning
03:06:05.0271 1020 Wanarp - detected LockedFile.Multi.Generic (1)
03:06:05.0278 1020 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:06:05.0278 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: B8E7049622300D20BA6D8BE0C47C0CFD
03:06:05.0281 1020 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
03:06:05.0281 1020 Wanarpv6 - detected LockedFile.Multi.Generic (1)
03:06:05.0339 1020 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:06:05.0391 1020 wcncsvc - ok
03:06:05.0427 1020 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:06:05.0457 1020 WcsPlugInService - ok
03:06:05.0472 1020 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
03:06:05.0473 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\wd.sys. md5: 0C17A0816F65B89E362E682AD5E7266E
03:06:05.0475 1020 Wd ( LockedFile.Multi.Generic ) - warning
03:06:05.0475 1020 Wd - detected LockedFile.Multi.Generic (1)
03:06:05.0525 1020 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
03:06:05.0526 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wdcsam64.sys. md5: A3D04EBF5227886029B4532F20D026F7
03:06:05.0528 1020 WDC_SAM ( LockedFile.Multi.Generic ) - warning
03:06:05.0528 1020 WDC_SAM - detected LockedFile.Multi.Generic (1)
03:06:05.0562 1020 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:06:05.0563 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: D02E7E4567DA1E7582FBF6A91144B0DF
03:06:05.0575 1020 Wdf01000 ( LockedFile.Multi.Generic ) - warning
03:06:05.0575 1020 Wdf01000 - detected LockedFile.Multi.Generic (1)
03:06:05.0594 1020 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:06:05.0644 1020 WdiServiceHost - ok
03:06:05.0654 1020 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:06:05.0694 1020 WdiSystemHost - ok
03:06:05.0736 1020 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
03:06:05.0762 1020 WebClient - ok
03:06:05.0810 1020 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:06:05.0835 1020 Wecsvc - ok
03:06:05.0871 1020 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:06:05.0890 1020 wercplsupport - ok
03:06:05.0920 1020 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
03:06:05.0944 1020 WerSvc - ok
03:06:05.0986 1020 WinDefend - ok
03:06:06.0000 1020 WinHttpAutoProxySvc - ok
03:06:06.0051 1020 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:06:06.0078 1020 Winmgmt - ok
03:06:06.0172 1020 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
03:06:06.0255 1020 WinRM - ok
03:06:06.0304 1020 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
03:06:06.0343 1020 Wlansvc - ok
03:06:06.0450 1020 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:06:06.0630 1020 wlidsvc - ok
03:06:06.0755 1020 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:06:06.0756 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: E18AEBAAA5A773FE11AA2C70F65320F5
03:06:06.0780 1020 WmiAcpi ( LockedFile.Multi.Generic ) - warning
03:06:06.0780 1020 WmiAcpi - detected LockedFile.Multi.Generic (1)
03:06:06.0858 1020 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:06:06.0899 1020 wmiApSrv - ok
03:06:06.0927 1020 WMPNetworkSvc - ok
03:06:06.0974 1020 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:06:06.0997 1020 WPCSvc - ok
03:06:07.0033 1020 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:06:07.0064 1020 WPDBusEnum - ok
03:06:07.0101 1020 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
03:06:07.0101 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wpdusb.sys. md5: 5E2401B3FC1089C90E081291357371A9
03:06:07.0103 1020 WpdUsb ( LockedFile.Multi.Generic ) - warning
03:06:07.0103 1020 WpdUsb - detected LockedFile.Multi.Generic (1)
03:06:07.0235 1020 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:06:07.0293 1020 WPFFontCache_v0400 - ok
03:06:07.0424 1020 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:06:07.0424 1020 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 8A900348370E359B6BFF6A550E4649E1
03:06:07.0428 1020 ws2ifsl ( LockedFile.Multi.Generic ) - warning
03:06:07.0428 1020 ws2ifsl - detected LockedFile.Multi.Generic (1)
03:06:07.0486 1020 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
03:06:07.0505 1020 wscsvc - ok
03:06:07.0513 1020 WSearch - ok
03:06:07.0615 1020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:06:07.0799 1020 wuauserv - ok
03:06:07.0893 1020 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:06:07.0893 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 501A65252617B495C0F1832F908D54D8
03:06:07.0907 1020 WUDFRd ( LockedFile.Multi.Generic ) - warning
03:06:07.0907 1020 WUDFRd - detected LockedFile.Multi.Generic (1)
03:06:07.0976 1020 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:06:08.0015 1020 wudfsvc - ok
03:06:08.0080 1020 X6va005 - ok
03:06:08.0151 1020 [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
03:06:08.0151 1020 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\yk60x64.sys. md5: 2AE06B41B36549FABF0886B2AF89A599
03:06:08.0182 1020 yukonx64 ( LockedFile.Multi.Generic ) - warning
03:06:08.0182 1020 yukonx64 - detected LockedFile.Multi.Generic (1)
03:06:08.0197 1020 ================ Scan global ===============================
03:06:08.0220 1020 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
03:06:08.0245 1020 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:06:08.0256 1020 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:06:08.0279 1020 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
03:06:08.0281 1020 [Global] - ok
03:06:08.0281 1020 ================ Scan MBR ==================================
03:06:08.0283 1020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
03:06:08.0341 1020 \Device\Harddisk0\DR0 - ok
03:06:08.0356 1020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
03:06:08.0447 1020 \Device\Harddisk1\DR1 - ok
03:06:08.0457 1020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
03:06:08.0803 1020 \Device\Harddisk2\DR2 - ok
03:06:08.0803 1020 ================ Scan VBR ==================================
03:06:08.0805 1020 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
03:06:08.0805 1020 \Device\Harddisk0\DR0\Partition1 - ok
03:06:08.0807 1020 [ D519E97E6F29C24AF444FDA9AF25E828 ] \Device\Harddisk0\DR0\Partition2
03:06:08.0808 1020 \Device\Harddisk0\DR0\Partition2 - ok
03:06:08.0810 1020 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
03:06:08.0810 1020 \Device\Harddisk1\DR1\Partition1 - ok
03:06:08.0836 1020 [ 9DCB8F908916BF527DBBE11F68CF49CD ] \Device\Harddisk1\DR1\Partition2
03:06:08.0837 1020 \Device\Harddisk1\DR1\Partition2 - ok
03:06:08.0839 1020 [ A2E83A16EE0F3656564574A36EF0FADC ] \Device\Harddisk2\DR2\Partition1
03:06:08.0840 1020 \Device\Harddisk2\DR2\Partition1 - ok
03:06:08.0840 1020 ============================================================
03:06:08.0840 1020 Scan finished
03:06:08.0840 1020 ============================================================
03:06:08.0846 3612 Detected object count: 173
03:06:08.0846 3612 Actual detected object count: 173
03:07:30.0391 3612 C:\Windows\System32\Drivers\ab4ace225aba4d0.sys - copied to quarantine
03:07:30.0418 3612 HKLM\SYSTEM\ControlSet001\services\ab4ace225aba4d0 - will be deleted on reboot
03:07:30.0443 3612 HKLM\SYSTEM\ControlSet003\services\ab4ace225aba4d0 - will be deleted on reboot
03:07:30.0686 3612 C:\Windows\System32\Drivers\ab4ace225aba4d0.sys - will be deleted on reboot
03:07:30.0686 3612 ab4ace225aba4d0 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
03:07:30.0687 3612 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0687 3612 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0689 3612 GEARAspiWDM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0689 3612 GEARAspiWDM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0690 3612 hamachi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0690 3612 hamachi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0692 3612 HidBth ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0692 3612 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0693 3612 HidIr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0693 3612 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0695 3612 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0695 3612 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0696 3612 HTTP ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0696 3612 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0698 3612 i2omp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0698 3612 i2omp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0699 3612 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0699 3612 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0701 3612 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0701 3612 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0702 3612 intelide ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0702 3612 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0704 3612 intelppm ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0704 3612 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0705 3612 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0705 3612 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0707 3612 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0707 3612 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0708 3612 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0708 3612 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0710 3612 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0710 3612 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0711 3612 isapnp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0711 3612 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0713 3612 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0713 3612 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0714 3612 iteatapi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0714 3612 iteatapi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0716 3612 iteraid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0716 3612 iteraid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0717 3612 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0717 3612 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0719 3612 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0719 3612 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0720 3612 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0720 3612 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0722 3612 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0722 3612 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0723 3612 lltdio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0723 3612 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0725 3612 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0725 3612 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0726 3612 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0726 3612 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0728 3612 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0728 3612 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0729 3612 luafv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0729 3612 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0731 3612 megasas ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0731 3612 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0732 3612 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0732 3612 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0734 3612 Modem ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0734 3612 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0735 3612 monitor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0735 3612 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0737 3612 mouclass ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0737 3612 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0738 3612 mouhid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0738 3612 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0740 3612 MountMgr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0740 3612 MountMgr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0741 3612 mpio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0741 3612 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0742 3612 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0743 3612 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0744 3612 Mraid35x ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0744 3612 Mraid35x ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0745 3612 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0746 3612 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0747 3612 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0747 3612 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0748 3612 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0749 3612 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0750 3612 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0750 3612 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0751 3612 msahci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0751 3612 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0753 3612 msdsm ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0753 3612 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0754 3612 Msfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0754 3612 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0756 3612 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0756 3612 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0757 3612 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0757 3612 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0759 3612 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0759 3612 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0760 3612 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0760 3612 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0762 3612 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0762 3612 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0763 3612 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0763 3612 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0765 3612 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0765 3612 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0766 3612 MTsensor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0766 3612 MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0768 3612 Mup ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0768 3612 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0769 3612 mv61xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0769 3612 mv61xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0771 3612 mv64xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0771 3612 mv64xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0772 3612 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0772 3612 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0774 3612 NDIS ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0774 3612 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0775 3612 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0775 3612 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0777 3612 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0777 3612 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0778 3612 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0778 3612 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0780 3612 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0780 3612 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0781 3612 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0782 3612 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0783 3612 netbt ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0783 3612 netbt ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0784 3612 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0784 3612 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0786 3612 Npfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0786 3612 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0787 3612 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0787 3612 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0789 3612 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0789 3612 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0790 3612 Null ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0790 3612 Null ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0792 3612 nvraid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0792 3612 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0793 3612 nvstor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0793 3612 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0795 3612 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0795 3612 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0796 3612 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0796 3612 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0798 3612 Parport ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0798 3612 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0799 3612 partmgr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0799 3612 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0801 3612 pci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0801 3612 pci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0802 3612 pciide ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0802 3612 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0804 3612 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0804 3612 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0805 3612 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0805 3612 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0806 3612 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0806 3612 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0807 3612 Processor ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0807 3612 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0807 3612 PS3 Media Server ( UnsignedFile.Multi.Generic ) - skipped by user
03:07:30.0807 3612 PS3 Media Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:07:30.0808 3612 PSched ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0808 3612 PSched ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0809 3612 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0809 3612 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0810 3612 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0810 3612 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0811 3612 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0811 3612 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0812 3612 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0812 3612 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0813 3612 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0813 3612 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0814 3612 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0814 3612 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0814 3612 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0814 3612 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0815 3612 rdbss ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0815 3612 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0816 3612 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0816 3612 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0817 3612 rdpdr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0817 3612 rdpdr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0818 3612 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0818 3612 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0819 3612 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0819 3612 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0820 3612 RivaTuner64 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0820 3612 RivaTuner64 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0821 3612 rspndr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0821 3612 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0821 3612 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0821 3612 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0822 3612 SASDIFSV ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0822 3612 SASDIFSV ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0823 3612 SASKUTIL ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0823 3612 SASKUTIL ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0824 3612 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0824 3612 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0825 3612 secdrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0825 3612 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0826 3612 Serenum ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0826 3612 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0827 3612 Serial ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0827 3612 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0828 3612 sermouse ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0828 3612 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0829 3612 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0829 3612 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0830 3612 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0830 3612 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0831 3612 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0831 3612 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0831 3612 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0831 3612 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0832 3612 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0832 3612 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0833 3612 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0833 3612 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0834 3612 Smb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0834 3612 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0835 3612 SNP2STD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0835 3612 SNP2STD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0836 3612 spldr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0836 3612 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0837 3612 srv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0837 3612 srv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0838 3612 srv2 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0838 3612 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0838 3612 srvnet ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0838 3612 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0839 3612 swenum ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0839 3612 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0840 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
03:07:30.0840 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:07:30.0841 3612 Symc8xx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0841 3612 Symc8xx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0842 3612 Sym_hi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0842 3612 Sym_hi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0843 3612 Sym_u3 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0843 3612 Sym_u3 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0844 3612 taphss ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0844 3612 taphss ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0844 3612 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0845 3612 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0845 3612 Tcpip6 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0845 3612 Tcpip6 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0846 3612 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0846 3612 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0847 3612 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0847 3612 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0848 3612 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0848 3612 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0849 3612 tdx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0849 3612 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0850 3612 TermDD ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0850 3612 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0851 3612 TFsExDisk ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0851 3612 TFsExDisk ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0851 3612 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0852 3612 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0852 3612 tunmp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0852 3612 tunmp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0853 3612 tunnel ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0853 3612 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0854 3612 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0854 3612 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0855 3612 udfs ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0855 3612 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0856 3612 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0856 3612 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0857 3612 uliahci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0857 3612 uliahci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0857 3612 UlSata ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0857 3612 UlSata ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0858 3612 ulsata2 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0858 3612 ulsata2 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0859 3612 umbus ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0859 3612 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0860 3612 USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0860 3612 USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0860 3612 usbaudio ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0861 3612 usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0861 3612 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0861 3612 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0862 3612 usbcir ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0862 3612 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0863 3612 usbehci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0863 3612 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0864 3612 usbhub ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0864 3612 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0865 3612 usbohci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0865 3612 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0866 3612 usbprint ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0866 3612 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0867 3612 usbscan ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0867 3612 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0867 3612 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0868 3612 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0868 3612 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0868 3612 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0869 3612 VClone ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0869 3612 VClone ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0870 3612 vga ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0870 3612 vga ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0871 3612 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0871 3612 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0872 3612 viaide ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0872 3612 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0873 3612 volmgr ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0873 3612 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0874 3612 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0874 3612 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0874 3612 volsnap ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0874 3612 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0875 3612 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0875 3612 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0876 3612 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0876 3612 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0877 3612 Wanarp ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0877 3612 Wanarp ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0878 3612 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0878 3612 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0879 3612 Wd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0879 3612 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0880 3612 WDC_SAM ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0880 3612 WDC_SAM ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0881 3612 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0881 3612 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0881 3612 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0881 3612 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0882 3612 WpdUsb ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0882 3612 WpdUsb ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0883 3612 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0883 3612 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0884 3612 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0884 3612 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:30.0885 3612 yukonx64 ( LockedFile.Multi.Generic ) - skipped by user
03:07:30.0885 3612 yukonx64 ( LockedFile.Multi.Generic ) - User select action: Skip
03:07:52.0045 3632 Deinitialize success


Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: 166005-PC [administrator]

Protection: Disabled

02/09/2012 03:35:49
mbam-log-2012-09-02 (03-35-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 217232
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/09/2012 04:20:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/09/2012 03:13:11
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/09/2012 04:21:19

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/09/2012 03:13:10
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



OTL logfile created on: 02/09/2012 04:22:43 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.99 Gb Total Physical Memory | 7.89 Gb Available Physical Memory | 78.98% Memory free
19.97 Gb Paging File | 18.02 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 282.83 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS

Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/28 22:26:30 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/26 23:53:23 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/06 21:11:51 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/07/15 18:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 16:54:08 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdvcoms.exe -- (lxdv_device)
SRV:64bit: - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV:64bit: - [2007/03/16 02:24:18 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device)
SRV - [2012/08/28 22:26:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 07:54:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/06 19:25:54 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 16:05:04 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/17 09:40:50 | 000,217,088 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2007/10/18 16:53:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdvcoms.exe -- (lxdv_device)
SRV - [2007/10/18 15:54:00 | 000,033,448 | ---- | M] () [Disabled | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2007/03/16 02:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbccoms.exe -- (lxbc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/25 18:30:52 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/09/24 11:29:20 | 000,035,840 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2008/09/01 07:03:01 | 000,316,456 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv64xx.sys -- (mv64xx)
DRV:64bit: - [2008/07/21 13:11:56 | 000,032,200 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008/07/10 16:01:46 | 000,472,064 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008/06/23 23:21:32 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/06 10:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/09/10 11:41:18 | 012,528,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snp2sxp.sys -- (SNP2STD)
DRV:64bit: - [2006/11/01 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011/06/14 13:40:52 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/12/14 10:21:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2007/09/05 13:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ROTTEN TOMATOES"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/30 08:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/29 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/09/10 21:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/01 22:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions
[2011/01/03 04:15:19 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/07/18 00:53:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(31)
[2011/11/13 00:43:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(35)
[2010/02/23 13:37:04 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2010/03/11 00:11:42 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2009/12/09 17:36:52 | 000,000,000 | ---D | M] (Pterodactl) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2011/07/16 21:17:47 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected](30)
[2011/02/17 08:13:03 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2012/03/22 03:05:48 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\extensions\[email protected]
[2012/07/25 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions
[2011/05/03 06:25:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/17 08:15:12 | 000,002,003 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\boltcd.xml
[2009/02/03 04:19:51 | 000,002,213 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\google-image-search.xml
[2011/06/21 22:37:56 | 000,002,009 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\hd-bb--index-page.xml
[2009/01/23 12:26:56 | 000,002,838 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\imdb-385.xml
[2009/12/10 21:34:43 | 000,001,504 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\mr-skin---search-results-for.xml
[2011/06/17 18:16:05 | 000,001,274 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\reddit.xml
[2009/01/27 19:09:26 | 000,002,137 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\rotten-tomatoes.xml
[2012/03/06 03:48:22 | 000,002,762 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-byskipity-uk.xml
[2012/02/05 22:23:31 | 000,002,291 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\s-amazon-uk.xml
[2012/03/08 22:50:16 | 000,002,710 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\skipity-search.xml
[2009/04/17 20:33:20 | 000,000,909 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ktm1aocl.default\searchplugins\ultimate-guitar.xml
[2012/01/08 23:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 01:44:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}(0)
[2012/08/30 08:43:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/11 00:44:40 | 000,340,132 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/08/25 11:07:28 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012/06/21 18:09:50 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\[email protected]
[2012/07/09 23:48:27 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTM1AOCL.DEFAULT\EXTENSIONS\[email protected]
[2012/08/28 22:26:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/18 21:54:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/28 22:26:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 21:54:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/18 21:54:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/28 22:26:29 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/18 21:54:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Administrator\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: avast! WebRep = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2012/09/02 02:54:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9441A29-21BA-4127-8E6F-996D74C7079E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/26 23:33:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: FixCamera - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Lexmark X5400 Series - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: lxdvamon - hkey= - key= - C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe ()
MsConfig:64bit - StartUpReg: lxdvmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe ()
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: snp2std - hkey= - key= - C:\Windows\vsnp2std.exe (Sonix)
MsConfig:64bit - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: tsnp2std - hkey= - key= - C:\Windows\tsnp2std.exe ()
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: 98059560.sys - Driver
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 98059560.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: 98059560.sys - Driver
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 98059560.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {39144A18-31F9-C332-7A97-0BC28FFAB5D8} - Offline Browsing Pack
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3BFE1E82-0021-C2AB-4DE3-646CB754171C} - Browser Customizations
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5D5CF70B-F465-5619-443B-76DA0CA99232} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6BF93B1F-6DAD-3795-8D37-9A90F1B5AD4C} - Themes Setup
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {A0766FB3-216B-D70D-A140-A545DCCBFF6A} -
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 04:07:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/02 03:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/02 03:34:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 03:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/02 03:07:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/02 03:03:34 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/09/02 03:01:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/02 02:55:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/02 02:51:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/09/02 02:37:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/02 02:37:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/02 02:37:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/02 02:37:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/01 23:28:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/01 23:28:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/01 23:26:51 | 004,742,651 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/09/01 22:57:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/09/01 22:51:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/01 12:44:01 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2012/08/31 23:49:36 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 18:24:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/30 11:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/30 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/30 08:43:14 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/30 08:43:14 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/30 08:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/30 08:43:12 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/30 08:43:12 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/30 08:43:12 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/30 08:43:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/30 08:43:11 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/30 08:42:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/30 08:42:57 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/30 08:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/30 08:26:59 | 000,000,000 | ---D | C] -- C:\c2a434b5512df75af25a19
[2012/08/29 23:39:39 | 072,630,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\msert.exe
[2012/08/29 17:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/29 17:58:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/29 17:58:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/29 17:58:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/29 17:58:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/29 17:58:25 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/29 17:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/08/27 14:29:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2012/08/27 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\maya
[2012/08/27 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Autodesk
[2012/08/26 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Inventor Server x64 Direct Connect
[2012/08/26 23:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/08/26 23:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/08/26 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2012/08/26 23:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/08/26 23:33:35 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012/08/26 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.nuke
[2012/08/26 23:30:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\cache
[2012/08/26 23:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\The Foundry
[2012/08/26 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nuke6.3v8
[2012/08/26 23:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/08/26 23:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/26 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/26 22:45:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Jacqui documents
[2012/08/26 22:00:17 | 135,734,440 | ---- | C] (The Foundry ) -- C:\Users\Administrator\Desktop\Nuke6.3v8-win-x86-release-64.exe
[2012/08/26 21:58:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Adobe Photoshop CS6
[2012/08/26 21:57:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/26 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/08/26 16:44:52 | 002,625,536 | ---- | C] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Akamai
[2012/08/26 16:41:24 | 010,965,664 | ---- | C] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/21 16:17:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Shiner
[2012/08/14 23:29:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/14 23:29:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/14 23:29:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/14 23:29:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/14 23:29:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/14 23:29:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/14 23:29:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/14 23:29:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/14 23:29:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/14 23:29:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/14 23:29:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/14 23:29:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/14 23:29:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/14 23:22:40 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 23:22:39 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/14 23:22:34 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

========== Files - Modified Within 30 Days ==========

[2012/09/02 04:27:10 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500UA.job
[2012/09/02 04:17:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\Administrator\Desktop\VEW.exe
[2012/09/02 04:11:54 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 04:11:54 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 04:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/02 04:06:58 | 004,009,167 | ---- | M] () -- C:\Users\Administrator\Desktop\ServicesRepair.exe
[2012/09/02 03:03:37 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/09/02 02:54:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/01 23:27:09 | 004,742,651 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/09/01 22:57:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/09/01 12:44:04 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FSS.exe
[2012/08/31 23:49:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/31 23:39:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2012/08/31 18:24:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/31 18:24:30 | 000,600,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/31 18:24:30 | 000,108,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 00:48:26 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/08/30 18:51:46 | 000,231,424 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/30 08:50:41 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012/08/30 08:43:11 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:43:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/30 08:30:40 | 000,722,410 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:42:02 | 072,630,320 | ---- | M] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\msert.exe
[2012/08/29 23:15:51 | 490,275,803 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/29 17:58:02 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/29 17:57:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/29 17:57:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/29 17:57:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/29 17:57:53 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/29 17:57:53 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/29 14:27:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500Core.job
[2012/08/29 03:29:27 | 000,002,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Camtasia Recorder.lnk
[2012/08/29 01:29:24 | 000,712,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/28 21:06:08 | 255,358,211 | ---- | M] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/28 05:57:01 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/27 14:27:07 | 002,029,424 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:56:54 | 000,017,666 | ---- | M] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:14 | 005,245,090 | ---- | M] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:30:29 | 002,029,277 | ---- | M] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:39:55 | 333,550,554 | ---- | M] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/27 00:03:29 | 004,928,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/26 23:53:23 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | M] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | M] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 17:59:38 | 1630,552,088 | ---- | M] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/26 16:46:04 | 002,625,536 | ---- | M] (The Foundry) -- C:\Users\Administrator\Desktop\FLU_7.0v1_win-x86-release-32.exe
[2012/08/26 16:43:34 | 010,965,664 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\Desktop\installer.exe
[2012/08/22 07:28:42 | 000,002,083 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 10:13:12 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 10:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 10:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 10:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/17 08:31:17 | 000,000,208 | ---- | M] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url

========== Files Created - No Company Name ==========

[2012/09/02 04:17:55 | 000,061,440 | ---- | C] ( ) -- C:\Users\Administrator\Desktop\VEW.exe
[2012/09/02 04:06:48 | 004,009,167 | ---- | C] () -- C:\Users\Administrator\Desktop\ServicesRepair.exe
[2012/09/02 02:37:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/02 02:37:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/02 02:37:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/02 02:37:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/02 02:37:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/30 08:43:11 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/30 08:30:40 | 000,722,410 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/29 23:15:51 | 490,275,803 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/28 20:57:34 | 255,358,211 | ---- | C] () -- C:\Users\Administrator\Desktop\GRIMES - (live @ Pier 84 8_9_12)(720p_H.264-AAC).mp4
[2012/08/27 13:56:54 | 000,017,666 | ---- | C] () -- C:\Users\Administrator\Desktop\green-screen.jpg
[2012/08/27 13:39:52 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm(1).nk
[2012/08/27 13:39:12 | 005,245,090 | ---- | C] () -- C:\Users\Administrator\Desktop\rigRemoval_v27_sl_arm.nk
[2012/08/27 13:31:33 | 002,029,424 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk.autosave
[2012/08/27 13:30:28 | 002,029,277 | ---- | C] () -- C:\Users\Administrator\Desktop\keying_v60_colour.nk
[2012/08/27 01:30:20 | 333,550,554 | ---- | C] () -- C:\Users\Administrator\Desktop\grimes.mp4
[2012/08/26 23:53:23 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk
[2012/08/26 23:30:16 | 000,001,646 | ---- | C] () -- C:\Users\Administrator\Desktop\NukeX 6.3v8.lnk
[2012/08/26 23:30:16 | 000,001,636 | ---- | C] () -- C:\Users\Administrator\Desktop\Nuke 6.3v8.lnk
[2012/08/26 23:25:48 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/08/26 23:25:05 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/08/26 23:24:16 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/08/26 23:23:51 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/08/26 23:21:55 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/08/26 23:21:50 | 000,001,350 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/08/26 21:57:16 | 000,000,954 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/08/26 21:57:16 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012/08/26 16:45:17 | 1630,552,088 | ---- | C] () -- C:\Users\Administrator\Desktop\Autodesk_Maya_2013_English_Japanese_SimplifiedChinese_Win_64bit.exe
[2012/08/20 13:42:26 | 000,608,711 | ---- | C] () -- C:\Users\Administrator\Desktop\P90X Calendar.pdf
[2012/08/17 08:31:17 | 000,000,208 | ---- | C] () -- C:\Users\Administrator\Desktop\Orcs Must Die! 2.url
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/13 05:26:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 19:47:31 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvserv.dll
[2011/10/25 19:47:31 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvusb1.dll
[2011/10/25 19:47:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvpmui.dll
[2011/10/25 19:47:31 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvlmpm.dll
[2011/10/25 19:47:31 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdvcomx.dll
[2011/10/25 19:47:31 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvinpa.dll
[2011/10/25 19:47:31 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDVinst.dll
[2011/10/25 19:47:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdviesc.dll
[2011/10/25 19:47:31 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvih.exe
[2011/10/25 19:47:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvprox.dll
[2011/10/25 19:47:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomc.dll
[2011/10/25 19:47:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvhbn3.dll
[2011/10/25 19:47:30 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcoms.exe
[2011/10/25 19:47:30 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcfg.exe
[2011/10/25 19:47:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomm.dll
[2011/10/25 19:37:36 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/06 03:57:03 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/06/24 04:58:38 | 000,000,336 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Drives Meter_Settings.ini
[2011/06/24 04:54:49 | 000,000,412 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\All CPU Meter_Settings.ini
[2011/04/11 17:23:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/03/08 18:59:11 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/08 18:59:10 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/08 18:59:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/06 00:53:53 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009/03/21 05:03:24 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/01/21 18:46:49 | 000,231,424 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 18:25:26 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103UJ ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDP725050GLA360 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Lexmark USB Mass Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE6 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE7 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE8 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 135266304
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 135266304
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 1048576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/03/13 05:27:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012/08/27 14:30:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/12/04 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2009/01/19 18:40:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI
[2012/08/27 12:24:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2010/12/14 00:30:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BITS
[2012/08/26 21:57:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/04/07 22:04:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2009/09/17 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMCache
[2009/04/07 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dr. DivX 2.0 OSS
[2011/11/23 07:21:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2010/12/28 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010/02/17 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2010/05/03 13:39:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Facebook
[2010/05/23 00:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FFSJ
[2010/08/23 11:43:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGet
[2010/08/23 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashGetBHO
[2009/01/20 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\[email protected]
[2012/06/05 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GameFly
[2009/03/11 01:20:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabIt
[2009/01/19 18:25:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2009/01/20 16:17:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2012/03/11 19:22:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lexmark Productivity Studio
[2009/01/21 17:33:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/02/16 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2006/11/02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/05/26 19:47:28 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2009/01/26 19:21:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Games
[2011/03/17 09:51:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC
[2010/08/29 01:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/08/22 00:48:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nero
[2010/08/29 23:13:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2012/08/27 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2010/01/06 00:53:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2011/10/29 19:31:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real
[2011/01/09 03:27:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Replay Media Catcher 4
[2010/12/04 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2009/01/22 02:29:30 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2012/08/28 06:02:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2010/03/18 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Corporation
[2012/05/03 00:17:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2012/08/29 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2011/09/06 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/22 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2
[2009/01/20 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TMP
[2009/09/10 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2009/03/12 15:07:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TSO
[2011/08/25 00:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2011/03/29 18:52:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2012/08/30 02:32:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2009/01/21 23:58:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2010/05/07 12:01:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\X5400 Series

< MD5 for: ATAPI.SYS >
[2008/01/21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\erdnt\cache64\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/21 03:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/21 03:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/21 03:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache86\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\erdnt\cache64\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 08:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 03:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/21 03:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/21 03:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/21 03:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 03:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/21 03:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/21 03:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/21 03:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/21 03:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/21 03:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/21 03:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\erdnt\cache64\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/21 03:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/21 03:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 07:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 10:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 10:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 12:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 12:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/28 22:26:28 | 000,851,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/28 22:26:30 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/12 20:44:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 23:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/12 20:44:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 02:08:59 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >





OTL Extras logfile created on: 02/09/2012 04:22:43 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

9.99 Gb Total Physical Memory | 7.89 Gb Available Physical Memory | 78.98% Memory free
19.97 Gb Paging File | 18.02 Gb Available in Paging File | 90.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 282.83 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive K: | 931.39 Gb Total Space | 50.99 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive M: | 931.39 Gb Total Space | 87.77 Gb Free Space | 9.42% Space Free | Partition Type: NTFS

Computer Name: 166005-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FB 82 E0 A4 8A 4B CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1983ECCE-1555-4599-9267-66C00E21898A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E714360-4E4D-4400-B8ED-FF49FD8BC10A}" = lport=138 | protocol=17 | dir=in | app=system |
"{4AF5DA6D-1B2C-4108-8F4D-C457D6F28014}" = rport=139 | protocol=6 | dir=out | app=system |
"{8701DEA1-BFE9-4827-A177-AB496A453A7F}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4F6DB6C-FD3F-4F3E-8E35-440550392B80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B9BA9E0A-9069-4C58-B14A-661CC528A409}" = rport=137 | protocol=17 | dir=out | app=system |
"{C56FC6E1-2CA7-49B8-97E8-52707A0905E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0DF77B4-DB20-4239-B267-DEFF1155623D}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC483A8F-FEF9-419E-BF14-1067E711C127}" = lport=137 | protocol=17 | dir=in | app=system |
"{E266C946-D887-46E3-88A5-FA7F10DA0911}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E2BD0195-A332-4B8B-9138-ACE41C524665}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDDE57B9-9438-4E88-8CD0-41E3770C4069}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D522A44B-C6BB-487E-B660-4EB4ADC09ACD}" = protocol=58 | dir=out | [email protected],-28546 |
"{DF50B3E4-08BC-4395-A098-1CA021B704D9}" = protocol=58 | dir=in | [email protected],-28545 |
"{EF98B1B2-F72B-444C-962F-185127B70762}" = protocol=1 | dir=out | [email protected],-28544 |
"{FA1E80CA-EF55-4B59-A478-4630FC0DDE29}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{E60E0B5D-DB17-419C-A87D-6993026FB59F}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D3DDD300-CEBB-4F70-964A-7DABFAA12A0B}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
"CCleaner" = CCleaner
"Lexmark X5400 Series" = Lexmark X5400 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nuke 6.3v8_is1" = Nuke 6.3v8
"XviD MPEG-4 Video Codec_is1" = XviD v1.2.0 CVS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{011009B3-FEDD-18E7-D54A-A968BE5987F8}" = GameFly
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30E1022C-17EB-482A-8C82-16B79B98C4E4}" = Express Gate Updater
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB PC Camera-268
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV Player2.0.25" = Applian FLV Player
"avast" = avast! Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"FormatFactory" = FormatFactory 2.70
"GameFly" = GameFly
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0 (x86 en-GB)" = Mozilla Firefox 15.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"Rockstar Games Social Club" = Rockstar Games Social Club
"Spotify" = Spotify
"Steam App 102600" = Orcs Must Die!
"Steam App 201790" = Orcs Must Die! 2
"Steam App 24240" = PAYDAY: The Heist
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 91310" = Dead Island
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"TomTom HOME" = TomTom HOME 2.7.2.1825
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/09/2012 23:13:10 | Computer Name = 166005-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 08/06/2011 11:11:43 | Computer Name = 166005-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 01/09/2012 23:13:11 | Computer Name = 166005-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >



Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 02-09-2012 at 04:46:33
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 18:25] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 20:59] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 19:53] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-11 08:25] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 16:08] - [2012-04-23 17:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
This is supposed to turn off the test mode.
Copy the next 2 lines:

bcdedit.exe /set nointegritychecks ON
bcdedit /set testsigning off

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter.

reboot

TDSSKiller found something and removed it even tho it wasn't quite happy.

Now let's try and remove what Combofix found:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************


AtJob::

DirLook::
C:\Program Files\Common
%user%\library
C:\$Recycle.Bin\S-1-5-18

File::
C:\windows\System32\Drivers\ab4ace225aba4d0.sys
c:\users\ADMINI~1\AppData\Local\Temp\005E3B4.tmp

Driver::
hsjxrndqv
ab4ace225aba4d0
X6va005

NetSvcs::
hsjxrndqv



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.
  • 0

#9
lil_jim

lil_jim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
1. Again when running Combofix I got the message saying

"Combofix is peparing to run. Access denied. Administrator priveleges are needed to use the selected options. Use an administrator command to prompt to complete these tasks. Attempting to create a new system restore point".

2. I seem to have turned off test mode of Windows successfully, but there still is a 20-30 second long blank blue screen when Windows boots up before my Wallpaper comes in, which was not present a few days ago. Is there any particular reason for this?


Here is the following log that you requested:

ComboFix 12-08-31.08 - Administrator 02/09/2012 9:52.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.10230.8249 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\ADMINI~1\AppData\Local\Temp\005E3B4.tmp"
"c:\windows\System32\Drivers\ab4ace225aba4d0.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\FFSJ
c:\users\Administrator\AppData\Roaming\FFSJ\FFSJ.cfg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AB4ACE225ABA4D0
-------\Legacy_X6VA005
-------\Service_hsjxrndqv
-------\Service_X6va005
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 09:02 . 2012-09-02 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 09:02 . 2012-09-02 09:02 -------- d-----w- c:\users\166005\AppData\Local\temp
2012-09-02 02:34 . 2012-09-02 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-02 02:34 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 02:07 . 2012-09-02 02:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-01 21:51 . 2012-09-01 21:51 -------- d-----w- C:\_OTL
2012-08-30 10:37 . 2012-08-30 23:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-30 10:37 . 2012-08-30 10:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-30 07:43 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-30 07:43 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-30 07:43 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-30 07:43 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-30 07:43 . 2012-08-21 09:13 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-30 07:43 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-30 07:43 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-30 07:42 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-30 07:42 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-30 07:42 . 2012-08-30 07:42 -------- d-----w- c:\programdata\AVAST Software
2012-08-30 07:42 . 2012-08-30 07:42 -------- d-----w- c:\program files\AVAST Software
2012-08-30 07:26 . 2012-08-30 07:28 -------- d-----w- C:\c2a434b5512df75af25a19
2012-08-29 16:59 . 2012-08-29 16:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-29 16:58 . 2012-08-29 16:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-29 16:58 . 2012-08-29 16:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-29 16:56 . 2012-08-31 17:26 -------- d-----w- c:\program files (x86)\Citrix
2012-08-28 21:26 . 2012-08-28 21:26 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 13:29 . 2012-08-27 13:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\PDAppFlex
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\programdata\FLEXnet
2012-08-27 11:22 . 2012-08-27 11:22 -------- d-----w- c:\users\Administrator\AppData\Local\Autodesk
2012-08-26 22:55 . 2012-08-26 22:55 -------- d-----w- c:\program files (x86)\Autodesk
2012-08-26 22:53 . 2012-08-26 22:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-26 22:49 . 2012-08-26 22:56 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-08-26 22:49 . 2012-08-26 22:54 -------- d-----w- c:\program files\Autodesk
2012-08-26 22:37 . 2012-08-27 11:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Autodesk
2012-08-26 22:37 . 2012-08-27 11:24 -------- d-----w- c:\programdata\Autodesk
2012-08-26 22:33 . 2012-08-26 22:33 -------- d-----w- C:\Autodesk
2012-08-26 22:30 . 2012-08-27 12:30 -------- d-----w- c:\users\Administrator\.nuke
2012-08-26 22:30 . 2012-08-26 22:30 -------- d-----w- c:\users\Administrator\AppData\Local\cache
2012-08-26 22:28 . 2012-08-26 22:30 -------- d-----w- c:\program files\Nuke6.3v8
2012-08-26 22:28 . 2012-08-26 22:28 -------- d-----w- c:\program files\The Foundry
2012-08-26 22:25 . 2012-08-26 22:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-26 22:24 . 2012-08-26 22:25 -------- d-----w- c:\program files\Adobe
2012-08-26 22:19 . 2012-08-26 22:25 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-26 20:57 . 2012-08-26 20:57 -------- d-----w- c:\users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-08-26 20:57 . 2012-08-26 20:57 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-08-26 15:44 . 2012-08-29 21:55 -------- d-----w- c:\users\Administrator\AppData\Local\Akamai
2012-08-14 22:28 . 2012-06-28 04:10 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-14 22:28 . 2012-06-28 03:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-14 22:27 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 22:22 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 22:22 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-14 22:22 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 16:57 . 2010-05-28 16:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 08:26 . 2012-09-02 02:25 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72DDDC09-6340-4BD9-9994-FCFA9C2EC868}\mpengine.dll
2012-08-14 22:24 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-01 23:45 . 2012-03-30 03:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 23:45 . 2011-05-30 23:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 17:59 . 2012-07-11 13:00 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 13:00 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 13:00 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 13:00 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 13:00 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 13:00 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\$recycle.bin\S-1-5-18 ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-06 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-30 09:12]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 19:16]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3684563935-154265042-2527617396-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lr4s71y5.Home\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-98059560.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="k:\\Games\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="k:\\Games\\Football Manager 2011"
"ScreenshotsDir"="k:\\Games\\Football Manager 2011"
"SaveDir"="k:\\Games\\Football Manager 2011\\"
"HistoryDir"="k:\\Games\\Football Manager 2011\\FM Genie Scout 11\\History Points"
"LangDB"="k:\\Games\\Football Manager 2011\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="k:\\Games\\Football Manager 2011\\games\\Man U 1st.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f5b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="A5-A2B0-EF5F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000005
"StaffSearchFeatureNum"=dword:00000003
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000006
"CompareFeatureNum"=dword:00000001
"ShortlistFeatureNum"=dword:00000002
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000009
"HintsFeatureNum"=dword:00000001
"GenieReportFeatureNum"=dword:00000004
"TopFormationFeatureNum"=dword:00000001
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
"VersionOf"=dword:0000007b
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Administrator\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Administrator\\Desktop\\Games\\Football Manager 2009\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"="k:\\Games\\Football Manager 2009\\Man Utd 2.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="A5-A2B0-EF5F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,11,
ee,69,9a,47,00,aa,33,d1,a9,28,90,14,1d
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,fe,
ac,56,94,b9,5f,a9,e5,47,e0,c8,4c,f4,11
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cb,
09,9e,be,ea,0c,b0,9e,bd,17,8d,68,fc,dd
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,dc,
ca,76,f2,32,0d,a9,7c,db,65,c0,83,c9,b7
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:a3,af,f0,dd,54,f9,cb,01
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,29,97,36,1f,74,8f,43,af,b9,0d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,29,97,36,1f,74,8f,43,af,b9,0d,\
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\hjsplit.url"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3g2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gp2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.3gpp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aac"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ac3"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adt"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aif"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aifc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aiff"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amr"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ape"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.au"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b4s\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.b4s"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cda"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.divx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flac"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ifo"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m1v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2t"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2ts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m2v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u8"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mid"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mka"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mkv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mod"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp1"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4v"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpa"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpv2"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NukeScript"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nsv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oga"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogg"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.pls"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ram"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmi"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmvb"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.snd"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tta"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tts"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vob"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wav"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.webm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wma"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wmv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wv"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:53,09,c2,34,e4,f3,53,34,8c,58,1e,e8,9e,89,09,3e,6b,83,15,38,e5,48,35,
24,15,da,a3,b7,45,21,60,3c,a3,37,3a,89,7b,a1,3d,78,90,7e,62,f3,1a,fe,d7,d3,\
"??"=hex:3d,e0,20,17,7e,19,c7,6d,da,21,90,a9,a1,a0,d7,c9
.
[HKEY_USERS\S-1-5-21-3684563935-154265042-2527617396-500\Software\SecuROM\License information*]
"datasecu"=hex:68,dd,87,18,a6,81,21,7f,08,66,e2,4e,e4,c7,37,c5,b1,b2,28,81,77,
b5,c1,22,be,d8,8c,28,a6,5f,e1,c9,6f,10,9e,13,fe,91,b9,e3,9e,3b,96,07,7d,41,\
"rkeysecu"=hex:11,37,5f,48,de,df,82,d7,90,ec,35,6f,ef,95,25,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C6B80683-42E1-44BB-AB00-01DE6B82A393}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.474.0"
"UniqueId"="000D7EC04B7BD45B"
"ScannerBuild"=dword:000017cd
"ScannerVersionId"=dword:00001214
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\SysWOW64\conime.exe
.
**************************************************************************
.
Completion time: 2012-09-02 10:14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 09:14
ComboFix2.txt 2012-09-02 02:01
.
Pre-Run: 304,378,490,880 bytes free
Post-Run: 303,854,583,808 bytes free
.
- - End Of File - - 17104B519B8BA388AD7F7DCBA0603A44
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

Reboot

Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner again

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

I'll be out for a while so won't get back to you until noon Pacific.
  • 0

Advertisements


#11
lil_jim

lil_jim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 02-09-2012 at 16:58:45
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 18:25] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 20:59] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 19:53] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-11 08:25] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 16:08] - [2012-04-23 17:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Right click on Computer and select manage (Continue) then Services and Applications then Services.

Find the Windows Update service and try to Start it. (click on it then in the upper left will be an option to Start the Service.) Do you get an Error? What does it say?

Find the Security Center service and try to Start it. Do you get an error? What does it say?
  • 0

#13
lil_jim

lil_jim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The Windows Update service and the Security Center are both on Automatic (Delayed Start) and there is no option to start the services. Only Stop or Restart.


Just ran FSS again to confirm and here is the log

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 02-09-2012 at 20:22:03
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 18:25] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 20:59] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 19:53] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-11 08:25] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-11 08:23] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-11 08:24] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 16:08] - [2012-04-23 17:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-11 08:25] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Edited by lil_jim, 02 September 2012 - 01:22 PM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
That's good. Don't know why Farbar said they weren't running. Looks good now. Let's see if anything else is unhappy:


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#15
lil_jim

lil_jim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/09/2012 21:11:05

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/09/2012 19:53:11
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/09/2012 21:11:42

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/09/2012 19:53:09
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP