Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Moneypak Virus has infected my computer...please help


  • Please log in to reply

#1
Dalancy

Dalancy

    New Member

  • Member
  • Pip
  • 8 posts
My computer is infected with the FBI Moneypak Virus or Malware. When I start my computer, as soon as Windows finishes loading, it goes to the black screen and then posts the FBI Moneypak warning and request for money, and I can only get out of it by shutting off the computer using the power switch. I can start the computer in Safe Mode, and that's what I'm using to post this. I ran The Killer, MBAM, and then RegClean Pro and it seemed to take care of it for a few days, but now it's back. Any help you can provide would be appreciated.

OTL logfile created on: 9/20/2012 1:17:36 AM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Dave\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 82.43% Memory free
5.99 Gb Paging File | 5.50 Gb Available in Paging File | 91.69% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 137.16 Gb Free Space | 30.43% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.02 Gb Free Space | 33.45% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 01:16:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - File not found [On_Demand | Stopped] -- -- (DellAMBrokerService)
SRV - [2012/09/07 17:26:14 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 11:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/19 02:53:45 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/27 01:07:58 | 004,060,752 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/06/13 16:13:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/05/06 05:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/06/11 10:25:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/14 14:25:22 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/12/14 14:25:20 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/12/14 14:25:12 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PTproct)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/18 13:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/18 12:42:24 | 001,227,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2010/05/05 18:36:12 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 18:36:04 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 18:35:56 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 18:35:48 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 18:31:40 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 18:31:24 | 000,528,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/05/05 18:31:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 18:27:08 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010/05/05 18:27:08 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 18:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010/05/05 18:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 18:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010/05/05 18:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/03/18 05:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 05:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 05:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 05:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/03/18 05:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2010/03/16 23:00:11 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/16 23:00:11 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2008/11/07 17:15:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/10/29 16:44:12 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2007/08/23 18:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?fr=yfp-t-403
IE - HKCU\..\SearchScopes,DefaultScope = {C13D584E-7EC8-447A-9AE6-30F9E81A2631}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C13D584E-7EC8-447A-9AE6-30F9E81A2631}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dave\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dave\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/25 17:40:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/16 20:37:16 | 000,000,000 | ---D | M]

[2010/06/13 14:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\Application Data\mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Dave\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120623111538.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" File not found
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [GoogleChrome] C:\Users\Dave\AppData\Local\Temp\appipu.exe ()
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PowerSuite] "C:\Program Files\Uniblue\PowerSuite\launcher.exe" delay 20000 -m File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msni in Computer)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msni in Local intranet)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msn in Computer)
O15 - HKCU\..Trusted Domains: champions-online.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: digitalchocolate.com ([*.zlane] * in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn...k.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CED993FB-9B12-43DA-90A7-47D98F04AFC2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 01:16:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/09/16 18:58:14 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Dave\Desktop\TheKiller.exe
[2012/09/16 18:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/16 18:15:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/20 01:17:10 | 000,647,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/20 01:17:10 | 000,116,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/20 01:16:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/09/20 01:12:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/20 01:12:40 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 01:11:58 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2012/09/20 01:11:58 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2012/09/20 01:11:58 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2012/09/20 00:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773537772-299500091-2391472651-1000UA.job
[2012/09/20 00:58:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773537772-299500091-2391472651-1000Core.job
[2012/09/20 00:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/20 00:45:45 | 000,000,485 | ---- | M] () -- C:\Users\Dave\Desktop\Administrative Tools - Shortcut.lnk
[2012/09/19 22:11:15 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/09/19 15:01:10 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/09/16 21:32:17 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 21:32:17 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 19:11:21 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/16 18:58:14 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Dave\Desktop\TheKiller.exe
[2012/09/16 18:20:27 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 00:45:45 | 000,000,485 | ---- | C] () -- C:\Users\Dave\Desktop\Administrative Tools - Shortcut.lnk
[2012/09/16 19:11:21 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/16 18:20:27 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/07 20:14:07 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/12/10 23:23:09 | 000,002,216 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011/05/21 01:43:48 | 002,928,640 | ---- | C] () -- C:\Windows\System32\CrypticError.exe
[2011/03/07 20:12:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/10 20:47:06 | 000,000,092 | ---- | C] () -- C:\Users\Dave\AppData\Local\fusioncache.dat
[2010/05/12 00:06:51 | 004,629,082 | ---- | C] () -- C:\Users\Dave\ac_desktops.zip

========== ZeroAccess Check ==========

[2011/07/18 00:01:16 | 000,000,576 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\home-pc$@mcafee[1].txt
[2011/04/08 06:36:30 | 000,000,506 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:926B6E7A
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:6E5B212D
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:1A66EC5F
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:954B00C4
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:161B4B1D
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:68DA8CC0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8E308BBF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:098DBB8A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2556A8A0

< End of report >

OTL Extras logfile created on: 9/20/2012 1:17:36 AM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Dave\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 82.43% Memory free
5.99 Gb Paging File | 5.50 Gb Available in Paging File | 91.69% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 137.16 Gb Free Space | 30.43% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.02 Gb Free Space | 33.45% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD88B6A-9742-44BB-A4E1-5325D20A4E96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0FADDEE0-72F3-450F-A49F-94B39C598266}" = lport=445 | protocol=6 | dir=in | app=system |
"{3981505B-8838-4ACC-B79F-E3C9D24D7B38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42AE22F8-A131-4E89-9818-712D7D069FAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4667FB4C-BE9A-43F8-B5C4-C000AA9FAA9E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{50632076-4FEF-4E46-BE51-5D5C73023AB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50C54C4B-72CA-4BEF-AF3A-DB370819546C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F689167-F155-4BD3-BC0D-C63C35327538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66C6BC07-7BC7-42C1-98CC-F6541ED206D0}" = lport=65125 | protocol=6 | dir=in | name=akamai netsession interface |
"{6C296132-5113-43BB-ACD5-61A1F608E97F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C583E98-B1DB-424C-8987-767DA62955C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{819DABC7-B340-461C-ADC5-3914E4C7E8DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{85164E91-DF04-4A48-B93C-B1ED602BB382}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CC93871-7104-4266-9100-1A3147DD9B36}" = rport=139 | protocol=6 | dir=out | app=system |
"{9280907C-A021-40A4-93CA-B0038D8FFEB6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3D5A68B-F7EE-4D88-B333-E161BA73A205}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4266BAD-89B6-4C0C-85AC-8A0E52F2A770}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4928E6D-B829-4B45-995D-5AAF52A0638B}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB07EA14-F9E2-409E-8F24-A2BE9F6AFB2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF632B3F-6D5B-4835-9A05-4E945A70ED73}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFAB2ACC-BFCB-4894-8FFB-435B82333826}" = rport=138 | protocol=17 | dir=out | app=system |
"{DCADC4A7-83E0-4B03-9C01-5B64A4FDB6B9}" = lport=138 | protocol=17 | dir=in | app=system |
"{E0BFD495-ADDA-4F4F-9517-F84B7BC46A2E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E2A89691-D2A0-4EB1-8319-592B88C1E901}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE634AE0-AFC2-4046-BB7F-EB82957E2E57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3C23713-4AC3-485F-B9B0-BA05787CA956}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD2D1D39-2FDA-4D22-8F4D-675209335133}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DFCB6D-032D-4EFE-AAF8-6A694FA6F594}" = protocol=6 | dir=in | app=c:\program files\funcom\the secret world\clientpatcher.exe |
"{0A0BF1BE-E54A-4F7D-AD37-0B43DB4E8AC6}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{0AA19158-A740-42A2-BD48-3155F7115AEA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.bat |
"{0FFA2F9F-232A-4DEA-895F-8E50ACC7B683}" = protocol=17 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe |
"{11E08267-C8EE-4A64-B524-99FEDBBC8BAD}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{16902AD7-8C55-400D-BA3F-14E989B8A8F4}" = protocol=17 | dir=in | app=c:\program files\funcom\the secret world\clientpatcher.exe |
"{16C9E287-7C61-4575-A6A2-DE960DA68742}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{177C5A96-97F4-4EBC-8AF3-443A78E996B2}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{17B01CEC-E567-4CB8-8919-57D8D7D92838}" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"{1D18CA41-0330-4344-A002-8E344F4F49EB}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{26804B56-6781-4E01-BD77-043D8191242D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{278A5631-FB8D-4B27-9FF5-E04F960BD5F1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{2809821A-4AB2-4653-BFF0-3AD5C605A8EF}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{286C8CB3-33C0-476E-B046-20B746BE94D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{287A303A-3132-49B5-AC1B-4E99D0595E05}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{30105A21-53FC-4AEF-A9AE-81290D9BD0C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3154156B-0BEB-49E1-BC20-D55A96CE2488}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{322ED2DE-B225-4497-9954-A1CD0A1905A6}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{33D3C5B3-1C57-48A3-81CA-EF2B4A4F14EA}" = protocol=17 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{3517441C-69DC-4445-A293-1DB972376257}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{360283ED-CA24-4D4B-89F7-1092E0BFF57E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3ABDDCA4-27F7-4A2E-8F74-C975975CE1E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C5810DB-F6C4-4596-B7FE-ABFF220E540D}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CF49F5E-6BB9-42C0-85E2-02A740AF3563}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{3D401E13-66DE-4945-910E-22FCE2C2193E}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{4310E855-AA3C-43D8-BDC8-401461593916}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{43576D09-2E63-4595-84FF-1AB6E470EC24}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{4489620D-F46A-4D48-978D-C4D64148D7A1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{488BA701-3B68-4912-8993-AE383F86E09B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{48C37BF2-250C-4F6E-B67F-F4C89547DDA1}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{4ACAA9FF-CEAF-4125-9AE6-502CE9D96CAD}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{4C30ABD7-6EF7-4CFD-A659-083AA0873312}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4E31CDC0-0608-4630-BDEC-F935D9675AF1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4F57DF63-BE8C-445E-A386-22418559B012}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{593BC28A-13F9-4D5C-B099-A6D6684CA0D0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{5B6003C1-D124-40C4-97FA-DA0D260759E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62D2B39D-E200-4EED-818D-16032782209C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{653343A8-21DA-416D-9B9E-02F45AB23432}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{668EFE44-B677-4F41-9C32-15353D0E27DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68572A85-ACE2-49AA-B774-B54517CAC226}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6A38FEEB-E8FE-40B6-9FB4-26B4101D660A}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{6BE82F47-C252-4AB6-B06F-36ED55DFC85B}" = protocol=6 | dir=out | app=system |
"{6E7BA66D-7709-4971-9D23-4533E9EAD714}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{7267A04D-FBE9-4440-B174-1BA41FD73177}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{72E77F96-8256-46EC-9911-8D5094B7265A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{7522C754-CF27-481A-9AA5-F01C8EF6377E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7B6FA4AA-A0EA-46A7-A8D1-F303C90F1627}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{7EB862A4-C09E-47EF-B3A4-F542535DDF7B}" = protocol=17 | dir=in | app=c:\program files\360share pro\jre\bin\javaw.exe |
"{7FB7CB0B-83AA-4BBC-97CF-7F3EC9A51AE4}" = protocol=6 | dir=in | app=c:\program files\360share pro\jre\bin\javaw.exe |
"{80AC110C-7F3E-4FA7-92F9-4A693C90BAA6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8465F80F-CE36-478A-9AD1-41D91D82D5D2}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{86E076A0-7E35-4A13-B927-FA51B0C325A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87AA0326-3451-4EB6-BD2E-1195BFA72C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{884213A1-FC69-4F54-9AAC-BAC77947EA42}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{88E57771-9479-4B9C-AD35-877649A56F12}" = protocol=6 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe |
"{89526AD7-3145-49AD-BB2C-8DBB898972EF}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{8C909A51-B9BE-4BB7-A95A-03D32FA514D2}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{96169C6C-39CA-4E98-8A53-421DE48A824C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{96A27900-F4E6-4495-9C86-245C6CD78887}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{96FD1C0C-B67E-48B3-B4C5-F61C7C7A9985}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{98BDC49A-D389-4B09-AE81-860A82D18DDB}" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"{992F46B6-612E-42F0-9A3C-2FF2C790920D}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{9DCD8E69-2ACB-4583-B316-F6AF898BF753}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{9DE96EC8-7681-4A4D-BA32-59BFCA7CDB20}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{A0BDED0B-258C-43E6-8EC1-7A85AE31EA7A}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{A1F11EF1-FF08-4529-8B82-E8483EC82485}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A90113E8-8D59-491B-AB57-677C2EBD8DEC}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{AAC3740A-4C45-47B4-81EC-E4171189FE5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB5708A4-879F-46DA-9633-9ADAEAFE0AD3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE9236F7-DD51-4130-8582-C06D48EE0CB5}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B020C7A9-2D5B-49A5-BCFD-0AC542958059}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{B427A92E-837F-4447-948C-BFEC8854F933}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{B65EFB46-7A2C-490B-A899-E093A5263290}" = protocol=17 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{B68706D5-524B-4A2B-ADE6-DDDCCCC7962F}" = protocol=6 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{B6C7BE78-54BF-4B89-80D5-83B69B5FEDC7}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B83C6755-B1A3-417C-9CC6-F8BB645CEF9F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.bat |
"{BC411FE8-C521-4F06-B974-7FD5A822E99D}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{BCDA93D5-F743-42D3-A862-A1049C4C6FBB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C090A438-0324-41DE-971E-7D88EA2B8A5B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4C22A52-4C1F-4E58-889B-9877A62FED10}" = protocol=1 | dir=out | [email protected],-28544 |
"{C4FBB289-11AB-41B9-BE56-48FA1D7E05BD}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{C59CC7C7-2E71-4635-B8F1-7E73A373186C}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{CFD8D6A6-C7F5-4E66-87D5-CCF9796B020B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D4275721-827C-4F24-AAD4-72C78E16793C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7B4AA8D-DF79-4AD6-8474-B1D4034D07E4}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{D90FF956-F1C9-4EC3-87A3-EAE0B976D695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA8BE7CA-6EEA-432E-81D8-8B8FD8BE00DB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DAA6A162-4DCC-4B66-99B2-F4FF3D7E1BDA}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{DAF1E9B5-835D-4B35-BE7F-9D9366CE6713}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DB85004F-943F-4222-9D68-99168A6496D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC465A94-8D84-4853-825B-8FE23400D219}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DCC7694C-B564-4F57-8AC4-5D3CAEDCAB04}" = protocol=58 | dir=out | [email protected],-28546 |
"{DF4B558E-935E-499F-A126-39AF7F134C0E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DF950D19-3B54-4712-B98E-9A35DFC7023C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E01675CB-C6B6-4EF7-AE07-A1C0C109EEE1}" = protocol=6 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{E05002A5-80BE-4085-BC60-B3C0B0D394E0}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{E142C01E-4E33-4144-A766-8393216A2CBD}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{E700DF05-7BE6-49B1-A552-85E5B6788C08}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{ED21E000-A463-49A7-9C5B-19CC1CC26359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEFCF647-CC9A-46A3-9E2C-4B327A8BE172}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F1661FC1-4855-422F-943A-C88AAF1796E5}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F24A7F90-0A40-4B59-9C4C-684D4DDEB00B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F63B1BD5-A327-496A-B7AE-C0C92AB7312B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{F7ADB349-68D4-4F50-BA0D-D1328BB5A124}" = protocol=58 | dir=in | [email protected],-28545 |
"{FA7807D2-100C-4D71-9B20-4F50552FE03A}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65B23C82-51A5-4ED9-ACE3-BB6029D5A733}" = Garmin City Navigator North America NT 2011.20 Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ - Mines of Moria™ - Live
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudibleManager" = AudibleManager
"AudioCS" = Creative Audio Control Panel
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Champions Online" = Champions Online
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Download Manager" = Download Manager 2.3.10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"New Lego Star Wars: The Complete Saga: Prima Official eGuide" = New Lego Star Wars: The Complete Saga: Prima Official eGuide
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"PROSetDX" = Intel® PRO Network Connections 12.1.12.4
"RegClean Pro_is1" = RegClean Pro
"SP6" = Logitech SetPoint 6.15
"Star Trek Online" = Star Trek Online
"Steam App 65800" = Dungeon Defenders
"SystemRequirementsLab" = System Requirements Lab
"The Secret World_is1" = The Secret World
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2012 8:37:12 PM | Computer Name = Home-PC | Source = VSS | ID = 8194
Description =

Error - 9/16/2012 10:22:52 PM | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/16/2012 11:56:07 PM | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/17/2012 5:02:56 PM | Computer Name = Home-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1660 Start
Time: 01cd95116bf4e8b0 Termination Time: 62 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 9/17/2012 6:30:14 PM | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/18/2012 1:34:20 PM | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/19/2012 8:45:11 AM | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/20/2012 12:48:29 AM | Computer Name = Home-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 7c4 Start
Time: 01cd946c1a108143 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: 60497e27-02de-11e2-bbb0-001ec93b41cd

Error - 9/20/2012 12:49:24 AM | Computer Name = Home-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 11cc Start
Time: 01cd96eb2dd3aed0 Termination Time: 31 Application Path: C:\Windows\explorer.exe

Report
Id: 88b06a74-02de-11e2-bbb0-001ec93b41cd

Error - 9/20/2012 1:07:13 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/20/2012 1:14:34 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/28/2008 5:34:03 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/20/2012 1:16:01 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:01 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:01 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:01 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:01 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:01 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:03 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:03 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:16:03 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/20/2012 1:17:03 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =


< End of report >

Edited by Dalancy, 19 September 2012 - 11:43 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter)
SRV - File not found [On_Demand | Stopped] -- -- (DellAMBrokerService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PTproct)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKCU..\Run: [GoogleChrome] C:\Users\Dave\AppData\Local\Temp\appipu.exe ()
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" File not found
[2012/09/19 22:11:15 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/09/19 15:01:10 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:926B6E7A
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:6E5B212D
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:1A66EC5F
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:954B00C4
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:161B4B1D
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:68DA8CC0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8E308BBF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:098DBB8A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2556A8A0


:files
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Dave\AppData\Local\Temp\*.exe


:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09182012-some number.log.



Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
Dalancy

Dalancy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the log file from the OTL Fix. I have to get up in a few hours for work, so I won't be able to complete the remaining actions until after work today (I get off at 6:00PM EDT). I'll download and run the remaining items as soon as I get home and post the results in my next reply. Thank you very much for the quick response. The computer booted up normally after the fix, but I'll still follow your remaining instructions as soon as I can.

========== OTL ==========
Service sprtsvc_dellsupportcenter stopped successfully!
Service sprtsvc_dellsupportcenter deleted successfully!
Service DellAMBrokerService stopped successfully!
Service DellAMBrokerService deleted successfully!
Service PTproct stopped successfully!
Service PTproct deleted successfully!
Service PCDSRVC{E9D79540-57D5953E-06020101}_0 stopped successfully!
Service PCDSRVC{E9D79540-57D5953E-06020101}_0 deleted successfully!
File c:\program files\dell support center\pcdsrvc.pkms not found.
Service MCSTRM stopped successfully!
Service MCSTRM deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChrome deleted successfully.
C:\Users\Dave\AppData\Local\Temp\appipu.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Turbine Download Manager Tray Icon deleted successfully.
C:\Windows\Tasks\RegClean Pro_UPDATES.job moved successfully.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job moved successfully.
ADS C:\ProgramData\TEMP:926B6E7A deleted successfully.
ADS C:\ProgramData\TEMP:6E5B212D deleted successfully.
ADS C:\ProgramData\TEMP:1A66EC5F deleted successfully.
ADS C:\ProgramData\TEMP:954B00C4 deleted successfully.
ADS C:\ProgramData\TEMP:161B4B1D deleted successfully.
ADS C:\ProgramData\TEMP:68DA8CC0 deleted successfully.
ADS C:\ProgramData\TEMP:8E308BBF deleted successfully.
ADS C:\ProgramData\TEMP:098DBB8A deleted successfully.
ADS C:\ProgramData\TEMP:2556A8A0 deleted successfully.
========== FILES ==========
< at /c >
The service has not been started.
C:\Users\Dave\Desktop\cmd.bat deleted successfully.
C:\Users\Dave\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Users\Dave\AppData\Local\Temp\GoogleUpdateSetup.exe86d683 moved successfully.
========== REGISTRY ==========
Unable to set value : HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E!
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Dave
->Flash cache emptied: 63180 bytes

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56502 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Dave
->Java cache emptied: 186981 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.64.0 log created on 09202012_020346

Edited by Dalancy, 20 September 2012 - 12:17 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
OK. No hurry. The OTL fix took out the immediate problem:

O4 - HKCU..\Run: [GoogleChrome] C:\Users\Dave\AppData\Local\Temp\appipu.exe ()


but since you say it keeps coming back there may be a hidden component which the other scans may turn up.

Ron
  • 0

#5
Dalancy

Dalancy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Again, Thank you so much for your help with this.

Conitnuing the program results logs:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-20 18:26:17
-----------------------------
18:26:17.401 OS Version: Windows 6.1.7601 Service Pack 1
18:26:17.401 Number of processors: 4 586 0x1707
18:26:17.401 ComputerName: HOME-PC UserName: Dave
18:26:27.931 Initialize success
18:26:36.215 AVAST engine defs: 12092001
18:26:46.230 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
18:26:46.230 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
18:26:46.355 Disk 0 MBR read successfully
18:26:46.355 Disk 0 MBR scan
18:26:46.355 Disk 0 Windows 7 default MBR code
18:26:46.355 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
18:26:46.370 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
18:26:46.386 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
18:26:46.386 Disk 0 scanning sectors +976771072
18:26:46.448 Disk 0 scanning C:\Windows\system32\drivers
18:27:12.828 Service scanning
18:27:40.393 Modules scanning
18:27:48.115 AVAST engine scan C:\Windows
18:27:51.391 AVAST engine scan C:\Windows\system32
18:31:26.734 AVAST engine scan C:\Windows\system32\drivers
18:31:44.128 AVAST engine scan C:\Users\Dave
18:52:11.134 AVAST engine scan C:\ProgramData
19:16:36.340 Scan finished successfully
19:39:44.103 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
19:39:44.118 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"

******************************************************************************

ComboFix 12-09-20.02 - Dave 09/20/2012 19:50:16.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2091 [GMT -4:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave\AppData\Roaming\.#
c:\users\Dave\AppData\Roaming\4B17EB
c:\users\Dave\AppData\Roaming\ntos.exe
c:\users\Dave\Application Data\64dlls.exe
c:\users\Dave\Application Data\intel64.exe
c:\users\Dave\Application Data\Kernel32.exe
c:\users\Dave\Application Data\localsys64.exe
c:\users\Dave\Application Data\ntos.exe
c:\users\Dave\Application Data\oembios.exe
c:\users\Dave\Application Data\sdra64.exe
c:\users\Dave\Application Data\sdra73.exe
c:\users\Dave\Application Data\swin32.exe
c:\users\Dave\Application Data\twex.exe
c:\users\Dave\Application Data\twext.exe
c:\users\Dave\Application Data\wsnpoema.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 00:05 . 2012-09-21 00:05 -------- d-----w- c:\users\Dave\AppData\Local\temp
2012-09-20 06:25 . 2012-09-20 06:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-20 06:03 . 2012-09-20 06:03 -------- d-----w- C:\_OTL
2012-09-16 22:20 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-16 22:19 . 2012-09-16 22:20 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-12 02:07 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 02:07 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 02:07 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 02:07 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 02:06 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 02:06 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-25 21:29 . 2012-08-25 21:29 -------- d-----w- c:\users\Dave\AppData\Roaming\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 06:24 . 2012-07-01 12:39 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-20 06:24 . 2011-10-30 16:55 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:26 . 2012-04-04 04:04 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 21:26 . 2011-05-13 22:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 17:01 . 2009-09-19 14:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-18 17:47 . 2012-08-14 18:30 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 01:44 . 2012-07-10 01:44 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42 . 2012-07-09 17:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-04 21:14 . 2012-08-14 18:30 102912 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-14 18:30 41984 ----a-w- c:\windows\system32\browcli.dll
2012-06-29 00:16 . 2012-08-18 05:10 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-18 05:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-18 05:10 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-18 05:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-18 05:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-10-29 128296]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
*Deregistered* - MPFP
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:26]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773537772-299500091-2391472651-1000Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-21 16:02]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3773537772-299500091-2391472651-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-21 16:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/?fr=yfp-t-403
uInternet Settings,ProxyOverride = *.local
Trusted Zone: champions-online.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: digitalchocolate.com\*.zlane
Trusted Zone: facebook.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PowerSuite - c:\program files\Uniblue\PowerSuite\launcher.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,a3,b5,ae,98,14,89,c9,e3,f7,0e,c1,04,94,46,d5,2d,c0,66,e6,06,
82,75,5c,c1,8c,b6,88,58,88,23,68,e8,16,cc,40,87,ab,21,4e,40,7b,64,f7,2c,48,\
"rkeysecu"=hex:4b,e3,af,41,9a,99,ed,ad,24,c8,37,88,a6,4b,cd,a5
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm]
@DACL=(02 0000)
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,11,00,00,00,14,00,00,00
"cFilterTags"=dword:00000000
"cFormatTags"=dword:00000002
"fdwSupport"=dword:00000001
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
@DACL=(02 0000)
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,55,00,00,00,1e,00,00,00
"cFilterTags"=dword:00000000
"cFormatTags"=dword:00000002
"fdwSupport"=dword:00000001
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm]
@DACL=(02 0000)
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,02,00,00,00,32,00,00,00
"cFilterTags"=dword:00000000
"cFormatTags"=dword:00000002
"fdwSupport"=dword:00000001
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711]
@DACL=(02 0000)
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,06,00,00,00,12,00,00,00,07,00,00,
00,12,00,00,00
"cFilterTags"=dword:00000000
"cFormatTags"=dword:00000003
"fdwSupport"=dword:00000001
.
[HKEY_USERS\S-1-5-21-3773537772-299500091-2391472651-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610]
@DACL=(02 0000)
"aFormatTagCache"=hex:01,00,00,00,10,00,00,00,31,00,00,00,14,00,00,00
"cFilterTags"=dword:00000000
"cFormatTags"=dword:00000002
"fdwSupport"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-20 20:08:51
ComboFix-quarantined-files.txt 2012-09-21 00:08
.
Pre-Run: 152,491,208,704 bytes free
Post-Run: 153,143,062,528 bytes free
.
- - End Of File - - 0893C8FC94F110786F27E43F8AFDF2EC

******************************************************************************

20:16:18.0041 3828 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:16:20.0053 3828 ============================================================
20:16:20.0053 3828 Current date / time: 2012/09/20 20:16:20.0053
20:16:20.0053 3828 SystemInfo:
20:16:20.0053 3828
20:16:20.0053 3828 OS Version: 6.1.7601 ServicePack: 1.0
20:16:20.0053 3828 Product type: Workstation
20:16:20.0053 3828 ComputerName: HOME-PC
20:16:20.0053 3828 UserName: Dave
20:16:20.0053 3828 Windows directory: C:\Windows
20:16:20.0053 3828 System windows directory: C:\Windows
20:16:20.0053 3828 Processor architecture: Intel x86
20:16:20.0053 3828 Number of processors: 4
20:16:20.0053 3828 Page size: 0x1000
20:16:20.0053 3828 Boot type: Normal boot
20:16:20.0053 3828 ============================================================
20:16:20.0521 3828 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:16:20.0568 3828 ============================================================
20:16:20.0568 3828 \Device\Harddisk0\DR0:
20:16:20.0568 3828 MBR partitions:
20:16:20.0568 3828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
20:16:20.0568 3828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000
20:16:20.0568 3828 ============================================================
20:16:20.0599 3828 C: <-> \Device\Harddisk0\DR0\Partition2
20:16:20.0631 3828 D: <-> \Device\Harddisk0\DR0\Partition1
20:16:20.0631 3828 ============================================================
20:16:20.0631 3828 Initialize success
20:16:20.0631 3828 ============================================================
20:16:24.0858 2924 ============================================================
20:16:24.0858 2924 Scan started
20:16:24.0858 2924 Mode: Manual;
20:16:24.0858 2924 ============================================================
20:16:25.0279 2924 ================ Scan system memory ========================
20:16:25.0279 2924 System memory - ok
20:16:25.0279 2924 ================ Scan services =============================
20:16:25.0467 2924 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:16:25.0467 2924 1394ohci - ok
20:16:25.0513 2924 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:16:25.0513 2924 ACPI - ok
20:16:25.0545 2924 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:16:25.0545 2924 AcpiPmi - ok
20:16:25.0669 2924 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:16:25.0669 2924 AdobeARMservice - ok
20:16:25.0747 2924 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:16:25.0747 2924 AdobeFlashPlayerUpdateSvc - ok
20:16:25.0794 2924 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:16:25.0794 2924 adp94xx - ok
20:16:25.0810 2924 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:16:25.0810 2924 adpahci - ok
20:16:25.0825 2924 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:16:25.0841 2924 adpu320 - ok
20:16:25.0872 2924 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:16:25.0872 2924 AeLookupSvc - ok
20:16:25.0903 2924 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:16:25.0919 2924 AFD - ok
20:16:25.0950 2924 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:16:25.0950 2924 agp440 - ok
20:16:25.0981 2924 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:16:25.0997 2924 aic78xx - ok
20:16:25.0997 2924 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:16:25.0997 2924 ALG - ok
20:16:26.0044 2924 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:16:26.0044 2924 aliide - ok
20:16:26.0059 2924 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:16:26.0059 2924 amdagp - ok
20:16:26.0075 2924 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:16:26.0075 2924 amdide - ok
20:16:26.0075 2924 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:16:26.0075 2924 AmdK8 - ok
20:16:26.0091 2924 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:16:26.0091 2924 AmdPPM - ok
20:16:26.0106 2924 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:16:26.0122 2924 amdsata - ok
20:16:26.0122 2924 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:16:26.0122 2924 amdsbs - ok
20:16:26.0137 2924 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:16:26.0215 2924 amdxata - ok
20:16:26.0262 2924 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:16:26.0340 2924 AppID - ok
20:16:26.0387 2924 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:16:26.0387 2924 AppIDSvc - ok
20:16:26.0418 2924 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:16:26.0418 2924 Appinfo - ok
20:16:26.0481 2924 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:16:26.0481 2924 Apple Mobile Device - ok
20:16:26.0512 2924 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:16:26.0512 2924 arc - ok
20:16:26.0527 2924 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:16:26.0527 2924 arcsas - ok
20:16:26.0605 2924 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:16:26.0605 2924 aspnet_state - ok
20:16:26.0621 2924 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:16:26.0621 2924 AsyncMac - ok
20:16:26.0652 2924 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:16:26.0652 2924 atapi - ok
20:16:26.0699 2924 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:16:26.0730 2924 atksgt - ok
20:16:26.0793 2924 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:16:26.0793 2924 AudioEndpointBuilder - ok
20:16:26.0808 2924 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:16:26.0808 2924 Audiosrv - ok
20:16:26.0871 2924 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:16:26.0871 2924 AxInstSV - ok
20:16:26.0886 2924 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:16:26.0886 2924 b06bdrv - ok
20:16:26.0917 2924 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:16:26.0917 2924 b57nd60x - ok
20:16:26.0949 2924 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:16:26.0949 2924 BDESVC - ok
20:16:26.0964 2924 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:16:26.0964 2924 Beep - ok
20:16:27.0011 2924 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:16:27.0027 2924 BFE - ok
20:16:27.0073 2924 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
20:16:27.0089 2924 BITS - ok
20:16:27.0089 2924 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:16:27.0105 2924 blbdrive - ok
20:16:27.0136 2924 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:16:27.0136 2924 Bonjour Service - ok
20:16:27.0183 2924 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:16:27.0183 2924 bowser - ok
20:16:27.0198 2924 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:16:27.0198 2924 BrFiltLo - ok
20:16:27.0214 2924 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:16:27.0214 2924 BrFiltUp - ok
20:16:27.0245 2924 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:16:27.0245 2924 BridgeMP - ok
20:16:27.0292 2924 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:16:27.0292 2924 Browser - ok
20:16:27.0307 2924 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:16:27.0307 2924 Brserid - ok
20:16:27.0323 2924 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:16:27.0323 2924 BrSerWdm - ok
20:16:27.0339 2924 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:16:27.0339 2924 BrUsbMdm - ok
20:16:27.0339 2924 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:16:27.0339 2924 BrUsbSer - ok
20:16:27.0354 2924 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:16:27.0354 2924 BTHMODEM - ok
20:16:27.0370 2924 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:16:27.0385 2924 bthserv - ok
20:16:27.0401 2924 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
20:16:27.0448 2924 BVRPMPR5 - ok
20:16:27.0588 2924 catchme - ok
20:16:27.0604 2924 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:16:27.0604 2924 cdfs - ok
20:16:27.0635 2924 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:16:27.0682 2924 cdrom - ok
20:16:27.0713 2924 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:16:27.0713 2924 CertPropSvc - ok
20:16:27.0729 2924 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\Windows\system32\drivers\cfwids.sys
20:16:27.0744 2924 cfwids - ok
20:16:27.0744 2924 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:16:27.0744 2924 circlass - ok
20:16:27.0775 2924 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:16:27.0775 2924 CLFS - ok
20:16:27.0822 2924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:27.0822 2924 clr_optimization_v2.0.50727_32 - ok
20:16:27.0869 2924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:16:27.0869 2924 clr_optimization_v4.0.30319_32 - ok
20:16:27.0885 2924 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:16:27.0885 2924 CmBatt - ok
20:16:27.0916 2924 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:16:27.0916 2924 cmdide - ok
20:16:27.0963 2924 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:16:27.0963 2924 CNG - ok
20:16:27.0978 2924 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:16:27.0978 2924 Compbatt - ok
20:16:28.0009 2924 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:16:28.0009 2924 CompositeBus - ok
20:16:28.0009 2924 COMSysApp - ok
20:16:28.0056 2924 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:16:28.0056 2924 crcdisk - ok
20:16:28.0072 2924 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:16:28.0072 2924 Creative ALchemy AL6 Licensing Service - ok
20:16:28.0103 2924 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:16:28.0134 2924 CryptSvc - ok
20:16:28.0165 2924 [ 92EF3400636BD8E9CA6144B089A943F0 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
20:16:28.0212 2924 CT20XUT - ok
20:16:28.0228 2924 [ 92EF3400636BD8E9CA6144B089A943F0 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
20:16:28.0290 2924 CT20XUT.SYS - ok
20:16:28.0321 2924 [ 20F2E80701FDD71EDD8EAE474DB72BCC ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
20:16:28.0368 2924 ctac32k - ok
20:16:28.0384 2924 [ 6DBE16DDF1EE79691443A0491308DD17 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
20:16:28.0462 2924 ctaud2k - ok
20:16:28.0493 2924 [ 68ADFC2BF18CBDD7ACEE0EEEEB242D1E ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
20:16:28.0540 2924 CTEXFIFX - ok
20:16:28.0555 2924 [ 68ADFC2BF18CBDD7ACEE0EEEEB242D1E ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
20:16:28.0555 2924 CTEXFIFX.SYS - ok
20:16:28.0555 2924 [ 522F2A3DC88C8CA0C19A7D4BFDA38512 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
20:16:28.0618 2924 CTHWIUT - ok
20:16:28.0618 2924 [ 522F2A3DC88C8CA0C19A7D4BFDA38512 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
20:16:28.0680 2924 CTHWIUT.SYS - ok
20:16:28.0680 2924 [ 8895F03FF0F72D46F34212D0C545F17B ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
20:16:28.0680 2924 ctprxy2k - ok
20:16:28.0696 2924 [ 17F772D7D1803956CA4C978634ACB977 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
20:16:28.0743 2924 ctsfm2k - ok
20:16:28.0774 2924 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] datunidr C:\Windows\system32\DRIVERS\datunidr.sys
20:16:28.0774 2924 datunidr - ok
20:16:28.0852 2924 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:16:28.0852 2924 DAUpdaterSvc - ok
20:16:28.0899 2924 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:16:28.0899 2924 DcomLaunch - ok
20:16:28.0930 2924 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:16:28.0930 2924 defragsvc - ok
20:16:28.0961 2924 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:16:28.0977 2924 DfsC - ok
20:16:29.0008 2924 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:16:29.0023 2924 Dhcp - ok
20:16:29.0055 2924 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:16:29.0055 2924 discache - ok
20:16:29.0070 2924 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:16:29.0070 2924 Disk - ok
20:16:29.0070 2924 dlcc_device - ok
20:16:29.0117 2924 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:16:29.0117 2924 Dnscache - ok
20:16:29.0164 2924 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:16:29.0195 2924 dot3svc - ok
20:16:29.0226 2924 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:16:29.0257 2924 DPS - ok
20:16:29.0289 2924 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:16:29.0304 2924 drmkaud - ok
20:16:29.0335 2924 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:16:29.0351 2924 DXGKrnl - ok
20:16:29.0398 2924 [ 0535BFBEDB9378DDD15BDF9957D57D71 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
20:16:29.0398 2924 e1express - ok
20:16:29.0429 2924 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:16:29.0429 2924 EapHost - ok
20:16:29.0491 2924 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:16:29.0554 2924 ebdrv - ok
20:16:29.0585 2924 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:16:29.0632 2924 EFS - ok
20:16:29.0694 2924 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:16:29.0694 2924 ehRecvr - ok
20:16:29.0741 2924 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:16:29.0741 2924 ehSched - ok
20:16:29.0757 2924 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:16:29.0757 2924 elxstor - ok
20:16:29.0788 2924 [ CE9BB4EABCD82293662C54713EDCAD1E ] emupia C:\Windows\system32\drivers\emupia2k.sys
20:16:29.0819 2924 emupia - ok
20:16:29.0850 2924 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:16:29.0866 2924 ErrDev - ok
20:16:29.0881 2924 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:16:29.0881 2924 EventSystem - ok
20:16:29.0897 2924 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:16:29.0897 2924 exfat - ok
20:16:29.0913 2924 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:16:29.0928 2924 fastfat - ok
20:16:29.0959 2924 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:16:29.0975 2924 Fax - ok
20:16:29.0991 2924 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:16:29.0991 2924 fdc - ok
20:16:30.0022 2924 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:16:30.0022 2924 fdPHost - ok
20:16:30.0037 2924 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:16:30.0037 2924 FDResPub - ok
20:16:30.0053 2924 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:16:30.0053 2924 FileInfo - ok
20:16:30.0053 2924 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:16:30.0053 2924 Filetrace - ok
20:16:30.0115 2924 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:16:30.0131 2924 FLEXnet Licensing Service - ok
20:16:30.0147 2924 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:16:30.0147 2924 flpydisk - ok
20:16:30.0162 2924 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:16:30.0162 2924 FltMgr - ok
20:16:30.0209 2924 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:16:30.0256 2924 FontCache - ok
20:16:30.0334 2924 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:16:30.0334 2924 FontCache3.0.0.0 - ok
20:16:30.0334 2924 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:16:30.0349 2924 FsDepends - ok
20:16:30.0365 2924 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:16:30.0443 2924 fssfltr - ok
20:16:30.0521 2924 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:16:30.0568 2924 fsssvc - ok
20:16:30.0599 2924 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:16:30.0599 2924 Fs_Rec - ok
20:16:30.0646 2924 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:16:30.0646 2924 fvevol - ok
20:16:30.0646 2924 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:16:30.0646 2924 gagp30kx - ok
20:16:30.0693 2924 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:16:30.0724 2924 GEARAspiWDM - ok
20:16:30.0771 2924 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:16:30.0802 2924 gpsvc - ok
20:16:30.0864 2924 [ DC7047D12446D0059EA8A4D8B645FA5A ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
20:16:30.0895 2924 ha20x22k - ok
20:16:30.0927 2924 [ F70DDCCC0B45CF9E08CA91B187526F43 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
20:16:30.0973 2924 ha20x2k - ok
20:16:30.0989 2924 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:16:30.0989 2924 hcw85cir - ok
20:16:31.0036 2924 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:16:31.0254 2924 HdAudAddService - ok
20:16:31.0254 2924 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:16:31.0254 2924 HDAudBus - ok
20:16:31.0285 2924 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:16:31.0285 2924 HidBatt - ok
20:16:31.0301 2924 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:16:31.0301 2924 HidBth - ok
20:16:31.0317 2924 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:16:31.0317 2924 HidIr - ok
20:16:31.0363 2924 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
20:16:31.0363 2924 hidserv - ok
20:16:31.0395 2924 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:16:31.0473 2924 HidUsb - ok
20:16:31.0504 2924 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:16:31.0504 2924 hkmsvc - ok
20:16:31.0551 2924 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:16:31.0551 2924 HomeGroupListener - ok
20:16:31.0582 2924 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:16:31.0597 2924 HomeGroupProvider - ok
20:16:31.0629 2924 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:16:31.0629 2924 HpSAMD - ok
20:16:31.0675 2924 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:16:31.0722 2924 HTTP - ok
20:16:31.0753 2924 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:16:31.0753 2924 hwpolicy - ok
20:16:31.0785 2924 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:16:31.0785 2924 i8042prt - ok
20:16:31.0831 2924 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
20:16:31.0847 2924 IAANTMON - ok
20:16:31.0878 2924 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:16:31.0894 2924 iaStor - ok
20:16:31.0925 2924 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:16:32.0003 2924 iaStorV - ok
20:16:32.0081 2924 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:16:32.0081 2924 IDriverT - ok
20:16:32.0143 2924 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:16:32.0190 2924 idsvc - ok
20:16:32.0206 2924 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:16:32.0206 2924 iirsp - ok
20:16:32.0237 2924 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:16:32.0268 2924 IKEEXT - ok
20:16:32.0284 2924 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:16:32.0284 2924 intelide - ok
20:16:32.0299 2924 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:16:32.0299 2924 intelppm - ok
20:16:32.0346 2924 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:16:32.0346 2924 IPBusEnum - ok
20:16:32.0362 2924 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:16:32.0362 2924 IpFilterDriver - ok
20:16:32.0409 2924 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:16:32.0424 2924 iphlpsvc - ok
20:16:32.0440 2924 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:16:32.0487 2924 IPMIDRV - ok
20:16:32.0502 2924 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:16:32.0502 2924 IPNAT - ok
20:16:32.0549 2924 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:16:32.0611 2924 iPod Service - ok
20:16:32.0611 2924 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:16:32.0611 2924 IRENUM - ok
20:16:32.0658 2924 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:16:32.0658 2924 isapnp - ok
20:16:32.0689 2924 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:16:32.0689 2924 iScsiPrt - ok
20:16:32.0705 2924 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:16:32.0705 2924 kbdclass - ok
20:16:32.0736 2924 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:16:32.0736 2924 kbdhid - ok
20:16:32.0752 2924 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:16:32.0799 2924 KeyIso - ok
20:16:32.0830 2924 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:16:32.0830 2924 KSecDD - ok
20:16:32.0861 2924 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:16:32.0877 2924 KSecPkg - ok
20:16:32.0908 2924 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:16:32.0923 2924 KtmRm - ok
20:16:32.0939 2924 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
20:16:32.0970 2924 LanmanServer - ok
20:16:33.0001 2924 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:16:33.0017 2924 LanmanWorkstation - ok
20:16:33.0095 2924 [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:16:33.0111 2924 LBTServ - ok
20:16:33.0142 2924 [ ED8F9311CAE12C41A58DAE2EA6D6C849 ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
20:16:33.0142 2924 LEqdUsb - ok
20:16:33.0189 2924 [ 9943F10C60EAF714C7010B37025A5AC5 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
20:16:33.0220 2924 LHidEqd - ok
20:16:33.0251 2924 [ B68309F25C5787385DA842EB5B496958 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:16:33.0298 2924 LHidFilt - ok
20:16:33.0298 2924 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:16:33.0345 2924 lirsgt - ok
20:16:33.0376 2924 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:16:33.0376 2924 lltdio - ok
20:16:33.0423 2924 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:16:33.0423 2924 lltdsvc - ok
20:16:33.0438 2924 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:16:33.0438 2924 lmhosts - ok
20:16:33.0438 2924 [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:16:33.0438 2924 LMouFilt - ok
20:16:33.0454 2924 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:16:33.0454 2924 LSI_FC - ok
20:16:33.0469 2924 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:16:33.0469 2924 LSI_SAS - ok
20:16:33.0485 2924 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:16:33.0485 2924 LSI_SAS2 - ok
20:16:33.0501 2924 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:16:33.0501 2924 LSI_SCSI - ok
20:16:33.0516 2924 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:16:33.0516 2924 luafv - ok
20:16:33.0547 2924 [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
20:16:33.0547 2924 LUsbFilt - ok
20:16:33.0641 2924 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:16:33.0641 2924 McAfee SiteAdvisor Service - ok
20:16:33.0657 2924 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:16:33.0657 2924 McMPFSvc - ok
20:16:33.0657 2924 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:16:33.0657 2924 mcmscsvc - ok
20:16:33.0657 2924 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:16:33.0657 2924 McNaiAnn - ok
20:16:33.0672 2924 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:16:33.0672 2924 McNASvc - ok
20:16:33.0735 2924 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
20:16:33.0735 2924 McODS - ok
20:16:33.0750 2924 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:16:33.0750 2924 McProxy - ok
20:16:33.0797 2924 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:16:33.0797 2924 McShield - ok
20:16:33.0828 2924 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:16:33.0859 2924 Mcx2Svc - ok
20:16:33.0875 2924 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:16:33.0875 2924 megasas - ok
20:16:33.0891 2924 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:16:33.0906 2924 MegaSR - ok
20:16:33.0937 2924 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
20:16:33.0937 2924 mfeapfk - ok
20:16:33.0969 2924 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
20:16:34.0015 2924 mfeavfk - ok
20:16:34.0015 2924 mfeavfk01 - ok
20:16:34.0047 2924 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
20:16:34.0093 2924 mfebopk - ok
20:16:34.0125 2924 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:16:34.0125 2924 mfefire - ok
20:16:34.0156 2924 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
20:16:34.0203 2924 mfefirek - ok
20:16:34.0218 2924 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
20:16:34.0218 2924 mfehidk - ok
20:16:34.0249 2924 [ AC04A618AEF3DE0FCE91C766F9E069DA ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
20:16:34.0249 2924 mfenlfk - ok
20:16:34.0296 2924 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
20:16:34.0343 2924 mferkdet - ok
20:16:34.0390 2924 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
20:16:34.0437 2924 mfevtp - ok
20:16:34.0452 2924 [ F284337AEDB7483DF8A5FA840647E2B0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
20:16:34.0452 2924 mfewfpk - ok
20:16:34.0499 2924 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:16:34.0499 2924 MMCSS - ok
20:16:34.0515 2924 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:16:34.0515 2924 Modem - ok
20:16:34.0546 2924 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:16:34.0546 2924 monitor - ok
20:16:34.0593 2924 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:16:34.0593 2924 mouclass - ok
20:16:34.0593 2924 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:16:34.0593 2924 mouhid - ok
20:16:34.0639 2924 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:16:34.0639 2924 mountmgr - ok
20:16:34.0655 2924 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:16:34.0655 2924 mpio - ok
20:16:34.0671 2924 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:16:34.0671 2924 mpsdrv - ok
20:16:34.0717 2924 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:16:34.0764 2924 MpsSvc - ok
20:16:34.0795 2924 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:16:34.0889 2924 MRxDAV - ok
20:16:34.0920 2924 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:16:34.0920 2924 mrxsmb - ok
20:16:34.0951 2924 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:16:34.0967 2924 mrxsmb10 - ok
20:16:34.0967 2924 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:16:34.0967 2924 mrxsmb20 - ok
20:16:34.0983 2924 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:16:34.0983 2924 msahci - ok
20:16:35.0014 2924 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:16:35.0107 2924 msdsm - ok
20:16:35.0123 2924 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:16:35.0123 2924 MSDTC - ok
20:16:35.0139 2924 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:16:35.0139 2924 Msfs - ok
20:16:35.0154 2924 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:16:35.0154 2924 mshidkmdf - ok
20:16:35.0185 2924 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:16:35.0185 2924 msisadrv - ok
20:16:35.0232 2924 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:16:35.0232 2924 MSiSCSI - ok
20:16:35.0232 2924 msiserver - ok
20:16:35.0248 2924 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:16:35.0248 2924 MSK80Service - ok
20:16:35.0263 2924 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:16:35.0279 2924 MSKSSRV - ok
20:16:35.0310 2924 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:16:35.0310 2924 MSPCLOCK - ok
20:16:35.0326 2924 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:16:35.0326 2924 MSPQM - ok
20:16:35.0341 2924 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:16:35.0341 2924 MsRPC - ok
20:16:35.0357 2924 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:16:35.0357 2924 mssmbios - ok
20:16:35.0357 2924 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:16:35.0373 2924 MSTEE - ok
20:16:35.0388 2924 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
20:16:35.0419 2924 msvad_simple - ok
20:16:35.0435 2924 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:16:35.0451 2924 MTConfig - ok
20:16:35.0466 2924 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:16:35.0466 2924 Mup - ok
20:16:35.0497 2924 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:16:35.0513 2924 napagent - ok
20:16:35.0544 2924 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:16:35.0544 2924 NativeWifiP - ok
20:16:35.0591 2924 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:16:35.0607 2924 NDIS - ok
20:16:35.0622 2924 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:16:35.0622 2924 NdisCap - ok
20:16:35.0638 2924 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:16:35.0638 2924 NdisTapi - ok
20:16:35.0669 2924 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:16:35.0700 2924 Ndisuio - ok
20:16:35.0747 2924 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:16:35.0747 2924 NdisWan - ok
20:16:35.0778 2924 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:16:35.0825 2924 NDProxy - ok
20:16:35.0825 2924 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:16:35.0825 2924 NetBIOS - ok
20:16:35.0872 2924 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:16:35.0950 2924 NetBT - ok
20:16:35.0965 2924 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:16:36.0012 2924 Netlogon - ok
20:16:36.0059 2924 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:16:36.0059 2924 Netman - ok
20:16:36.0075 2924 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:16:36.0075 2924 netprofm - ok
20:16:36.0121 2924 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:16:36.0121 2924 NetTcpPortSharing - ok
20:16:36.0121 2924 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:16:36.0121 2924 nfrd960 - ok
20:16:36.0168 2924 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:16:36.0168 2924 NlaSvc - ok
20:16:36.0168 2924 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:16:36.0168 2924 Npfs - ok
20:16:36.0184 2924 npggsvc - ok
20:16:36.0215 2924 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:16:36.0215 2924 nsi - ok
20:16:36.0231 2924 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:16:36.0231 2924 nsiproxy - ok
20:16:36.0293 2924 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:16:36.0340 2924 Ntfs - ok
20:16:36.0371 2924 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:16:36.0371 2924 Null - ok
20:16:36.0402 2924 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:16:36.0449 2924 NVHDA - ok
20:16:36.0636 2924 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:16:36.0870 2924 nvlddmkm - ok
20:16:36.0901 2924 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:16:36.0901 2924 nvraid - ok
20:16:36.0917 2924 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:16:36.0917 2924 nvstor - ok
20:16:36.0948 2924 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:16:37.0011 2924 nvsvc - ok
20:16:37.0089 2924 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:16:37.0120 2924 nvUpdatusService - ok
20:16:37.0151 2924 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:16:37.0151 2924 nv_agp - ok
20:16:37.0245 2924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:16:37.0245 2924 odserv - ok
20:16:37.0276 2924 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:16:37.0291 2924 ohci1394 - ok
20:16:37.0323 2924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:16:37.0323 2924 ose - ok
20:16:37.0338 2924 [ 09A0F62722BABA3B402B6604795EF976 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
20:16:37.0385 2924 ossrv - ok
20:16:37.0432 2924 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:16:37.0432 2924 p2pimsvc - ok
20:16:37.0463 2924 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:16:37.0479 2924 p2psvc - ok
20:16:37.0510 2924 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:16:37.0510 2924 Parport - ok
20:16:37.0557 2924 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:16:37.0635 2924 partmgr - ok
20:16:37.0650 2924 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:16:37.0650 2924 Parvdm - ok
20:16:37.0666 2924 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:16:37.0666 2924 PcaSvc - ok
20:16:37.0697 2924 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:16:37.0697 2924 pci - ok
20:16:37.0713 2924 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:16:37.0713 2924 pciide - ok
20:16:37.0728 2924 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:16:37.0744 2924 pcmcia - ok
20:16:37.0744 2924 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:16:37.0744 2924 pcw - ok
20:16:37.0775 2924 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:16:37.0775 2924 PEAUTH - ok
20:16:37.0853 2924 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:16:37.0884 2924 pla - ok
20:16:37.0931 2924 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:16:37.0947 2924 PlugPlay - ok
20:16:37.0978 2924 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:16:37.0978 2924 PNRPAutoReg - ok
20:16:37.0993 2924 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:16:37.0993 2924 PNRPsvc - ok
20:16:38.0009 2924 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:16:38.0025 2924 PolicyAgent - ok
20:16:38.0071 2924 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:16:38.0071 2924 Power - ok
20:16:38.0071 2924 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:16:38.0087 2924 PptpMiniport - ok
20:16:38.0087 2924 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:16:38.0087 2924 Processor - ok
20:16:38.0118 2924 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:16:38.0134 2924 ProfSvc - ok
20:16:38.0134 2924 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:16:38.0181 2924 ProtectedStorage - ok
20:16:38.0212 2924 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:16:38.0227 2924 Psched - ok
20:16:38.0259 2924 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:16:38.0259 2924 PxHelp20 - ok
20:16:38.0290 2924 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:16:38.0321 2924 ql2300 - ok
20:16:38.0352 2924 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:16:38.0352 2924 ql40xx - ok
20:16:38.0399 2924 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:16:38.0399 2924 QWAVE - ok
20:16:38.0399 2924 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:16:38.0399 2924 QWAVEdrv - ok
20:16:38.0415 2924 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:16:38.0415 2924 RasAcd - ok
20:16:38.0461 2924 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:16:38.0461 2924 RasAgileVpn - ok
20:16:38.0477 2924 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:16:38.0477 2924 RasAuto - ok
20:16:38.0493 2924 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:16:38.0493 2924 Rasl2tp - ok
20:16:38.0539 2924 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:16:38.0571 2924 RasMan - ok
20:16:38.0586 2924 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:16:38.0602 2924 RasPppoe - ok
20:16:38.0617 2924 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:16:38.0617 2924 RasSstp - ok
20:16:38.0649 2924 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:16:38.0649 2924 rdbss - ok
20:16:38.0664 2924 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:16:38.0664 2924 rdpbus - ok
20:16:38.0711 2924 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:16:38.0742 2924 RDPCDD - ok
20:16:38.0758 2924 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:16:38.0758 2924 RDPENCDD - ok
20:16:38.0789 2924 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:16:38.0789 2924 RDPREFMP - ok
20:16:38.0805 2924 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:16:38.0883 2924 RDPWD - ok
20:16:38.0914 2924 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:16:38.0914 2924 rdyboost - ok
20:16:38.0976 2924 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:16:38.0976 2924 RemoteAccess - ok
20:16:38.0992 2924 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:16:38.0992 2924 RemoteRegistry - ok
20:16:39.0085 2924 [ EB9717ACDB9B70CCF61684EBCF9DA6A3 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
20:16:39.0101 2924 RoxLiveShare10 - ok
20:16:39.0148 2924 [ 64A8759E9B7E5467F60CB729B1EC352E ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:16:39.0179 2924 RoxMediaDB10 - ok
20:16:39.0210 2924 [ 2884DDA6ED8E8FD88568D924A79A9B30 ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
20:16:39.0210 2924 RoxWatch10 - ok
20:16:39.0257 2924 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:16:39.0257 2924 RpcEptMapper - ok
20:16:39.0288 2924 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:16:39.0288 2924 RpcLocator - ok
20:16:39.0304 2924 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
20:16:39.0319 2924 RpcSs - ok
20:16:39.0319 2924 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:16:39.0319 2924 rspndr - ok
20:16:39.0335 2924 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:16:39.0382 2924 SamSs - ok
20:16:39.0429 2924 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:16:39.0507 2924 sbp2port - ok
20:16:39.0522 2924 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:16:39.0522 2924 SCardSvr - ok
20:16:39.0538 2924 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:16:39.0538 2924 scfilter - ok
20:16:39.0585 2924 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:16:39.0600 2924 Schedule - ok
20:16:39.0647 2924 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:16:39.0647 2924 SCPolicySvc - ok
20:16:39.0678 2924 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:16:39.0709 2924 SDRSVC - ok
20:16:39.0725 2924 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:16:39.0725 2924 secdrv - ok
20:16:39.0756 2924 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:16:39.0756 2924 seclogon - ok
20:16:39.0772 2924 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
20:16:39.0787 2924 SENS - ok
20:16:39.0819 2924 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:16:39.0819 2924 SensrSvc - ok
20:16:39.0865 2924 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:16:39.0865 2924 Serenum - ok
20:16:39.0881 2924 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:16:39.0881 2924 Serial - ok
20:16:39.0897 2924 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:16:39.0897 2924 sermouse - ok
20:16:39.0943 2924 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:16:39.0975 2924 SessionEnv - ok
20:16:40.0021 2924 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:16:40.0021 2924 sffdisk - ok
20:16:40.0021 2924 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:16:40.0037 2924 sffp_mmc - ok
20:16:40.0037 2924 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:16:40.0037 2924 sffp_sd - ok
20:16:40.0053 2924 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:16:40.0053 2924 sfloppy - ok
20:16:40.0115 2924 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:16:40.0115 2924 SharedAccess - ok
20:16:40.0146 2924 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:16:40.0146 2924 ShellHWDetection - ok
20:16:40.0177 2924 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:16:40.0177 2924 sisagp - ok
20:16:40.0193 2924 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:16:40.0209 2924 SiSRaid2 - ok
20:16:40.0209 2924 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:16:40.0209 2924 SiSRaid4 - ok
20:16:40.0271 2924 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:16:40.0271 2924 SkypeUpdate - ok
20:16:40.0287 2924 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:16:40.0287 2924 Smb - ok
20:16:40.0349 2924 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:16:40.0349 2924 SNMPTRAP - ok
20:16:40.0365 2924 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:16:40.0365 2924 spldr - ok
20:16:40.0411 2924 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:16:40.0411 2924 Spooler - ok
20:16:40.0505 2924 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:16:40.0567 2924 sppsvc - ok
20:16:40.0599 2924 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:16:40.0630 2924 sppuinotify - ok
20:16:40.0677 2924 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:16:40.0692 2924 srv - ok
20:16:40.0723 2924 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:16:40.0723 2924 srv2 - ok
20:16:40.0755 2924 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:16:40.0770 2924 srvnet - ok
20:16:40.0801 2924 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:16:40.0801 2924 SSDPSRV - ok
20:16:40.0817 2924 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:16:40.0817 2924 SstpSvc - ok
20:16:40.0848 2924 Steam Client Service - ok
20:16:40.0895 2924 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:16:40.0895 2924 Stereo Service - ok
20:16:40.0911 2924 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:16:40.0911 2924 stexstor - ok
20:16:40.0973 2924 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:16:41.0004 2924 StiSvc - ok
20:16:41.0082 2924 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:16:41.0082 2924 stllssvr - ok
20:16:41.0113 2924 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:16:41.0113 2924 swenum - ok
20:16:41.0129 2924 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:16:41.0129 2924 swprv - ok
20:16:41.0191 2924 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:16:41.0223 2924 SysMain - ok
20:16:41.0254 2924 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:16:41.0301 2924 TabletInputService - ok
20:16:41.0332 2924 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:16:41.0363 2924 TapiSrv - ok
20:16:41.0425 2924 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:16:41.0425 2924 TBS - ok
20:16:41.0488 2924 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:16:41.0519 2924 Tcpip - ok
20:16:41.0550 2924 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:16:41.0550 2924 TCPIP6 - ok
20:16:41.0597 2924 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:16:41.0675 2924 tcpipreg - ok
20:16:41.0722 2924 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:16:41.0800 2924 TDPIPE - ok
20:16:41.0831 2924 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:16:41.0909 2924 TDTCP - ok
20:16:41.0940 2924 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:16:42.0018 2924 tdx - ok
20:16:42.0034 2924 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:16:42.0096 2924 TermDD - ok
20:16:42.0143 2924 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:16:42.0174 2924 TermService - ok
20:16:42.0190 2924 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:16:42.0190 2924 Themes - ok
20:16:42.0205 2924 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:16:42.0205 2924 THREADORDER - ok
20:16:42.0237 2924 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:16:42.0237 2924 TrkWks - ok
20:16:42.0315 2924 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:16:42.0315 2924 TrustedInstaller - ok
20:16:42.0377 2924 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:16:42.0455 2924 tssecsrv - ok
20:16:42.0486 2924 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:16:42.0533 2924 TsUsbFlt - ok
20:16:42.0564 2924 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:16:42.0611 2924 tunnel - ok
20:16:42.0642 2924 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:16:42.0658 2924 uagp35 - ok
20:16:42.0673 2924 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:16:42.0720 2924 udfs - ok
20:16:42.0751 2924 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:16:42.0751 2924 UI0Detect - ok
20:16:42.0767 2924 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:16:42.0767 2924 uliagpkx - ok
20:16:42.0798 2924 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:16:42.0798 2924 umbus - ok
20:16:42.0814 2924 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:16:42.0814 2924 UmPass - ok
20:16:42.0861 2924 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:16:42.0861 2924 upnphost - ok
20:16:42.0892 2924 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:16:42.0970 2924 USBAAPL - ok
20:16:43.0001 2924 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:16:43.0017 2924 usbaudio - ok
20:16:43.0048 2924 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:16:43.0095 2924 usbccgp - ok
20:16:43.0126 2924 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:16:43.0126 2924 usbcir - ok
20:16:43.0173 2924 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:16:43.0173 2924 usbehci - ok
20:16:43.0188 2924 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:16:43.0266 2924 usbhub - ok
20:16:43.0297 2924 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:16:43.0375 2924 usbohci - ok
20:16:43.0391 2924 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:16:43.0391 2924 usbprint - ok
20:16:43.0422 2924 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:16:43.0422 2924 usbscan - ok
20:16:43.0453 2924 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:16:43.0453 2924 USBSTOR - ok
20:16:43.0500 2924 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:16:43.0500 2924 usbuhci - ok
20:16:43.0516 2924 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:16:43.0516 2924 UxSms - ok
20:16:43.0531 2924 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:16:43.0578 2924 VaultSvc - ok
20:16:43.0609 2924 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:16:43.0609 2924 vdrvroot - ok
20:16:43.0656 2924 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:16:43.0672 2924 vds - ok
20:16:43.0687 2924 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:16:43.0687 2924 vga - ok
20:16:43.0703 2924 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:16:43.0703 2924 VgaSave - ok
20:16:43.0719 2924 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:16:43.0765 2924 vhdmp - ok
20:16:43.0781 2924 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:16:43.0781 2924 viaagp - ok
20:16:43.0812 2924 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:16:43.0812 2924 ViaC7 - ok
20:16:43.0843 2924 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:16:43.0843 2924 viaide - ok
20:16:43.0875 2924 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:16:43.0875 2924 volmgr - ok
20:16:43.0890 2924 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:16:43.0890 2924 volmgrx - ok
20:16:43.0937 2924 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:16:43.0937 2924 volsnap - ok
20:16:43.0984 2924 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:16:43.0984 2924 vsmraid - ok
20:16:44.0046 2924 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:16:44.0062 2924 VSS - ok
20:16:44.0077 2924 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:16:44.0077 2924 vwifibus - ok
20:16:44.0124 2924 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:16:44.0124 2924 W32Time - ok
20:16:44.0140 2924 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:16:44.0155 2924 WacomPen - ok
20:16:44.0187 2924 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:16:44.0265 2924 WANARP - ok
20:16:44.0265 2924 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:16:44.0343 2924 Wanarpv6 - ok
20:16:44.0389 2924 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:16:44.0436 2924 wbengine - ok
20:16:44.0452 2924 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:16:44.0452 2924 WbioSrvc - ok
20:16:44.0499 2924 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:16:44.0499 2924 wcncsvc - ok
20:16:44.0514 2924 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:16:44.0514 2924 WcsPlugInService - ok
20:16:44.0530 2924 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:16:44.0530 2924 Wd - ok
20:16:44.0561 2924 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:16:44.0561 2924 Wdf01000 - ok
20:16:44.0577 2924 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:16:44.0577 2924 WdiServiceHost - ok
20:16:44.0577 2924 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:16:44.0592 2924 WdiSystemHost - ok
20:16:44.0623 2924 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:16:44.0623 2924 WebClient - ok
20:16:44.0639 2924 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:16:44.0655 2924 Wecsvc - ok
20:16:44.0655 2924 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:16:44.0670 2924 wercplsupport - ok
20:16:44.0670 2924 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:16:44.0686 2924 WerSvc - ok
20:16:44.0701 2924 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:16:44.0701 2924 WfpLwf - ok
20:16:44.0717 2924 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:16:44.0717 2924 WIMMount - ok
20:16:44.0779 2924 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:16:44.0779 2924 WinDefend - ok
20:16:44.0795 2924 WinHttpAutoProxySvc - ok
20:16:44.0873 2924 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:16:44.0873 2924 Winmgmt - ok
20:16:44.0935 2924 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:16:44.0967 2924 WinRM - ok
20:16:45.0029 2924 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:16:45.0029 2924 WinUsb - ok
20:16:45.0076 2924 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:16:45.0091 2924 Wlansvc - ok
20:16:45.0169 2924 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:16:45.0169 2924 wlcrasvc - ok
20:16:45.0216 2924 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:16:45.0263 2924 wlidsvc - ok
20:16:45.0294 2924 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:16:45.0294 2924 WmiAcpi - ok
20:16:45.0341 2924 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:16:45.0341 2924 wmiApSrv - ok
20:16:45.0403 2924 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:16:45.0403 2924 WMPNetworkSvc - ok
20:16:45.0419 2924 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:16:45.0419 2924 WPCSvc - ok
20:16:45.0466 2924 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:16:45.0497 2924 WPDBusEnum - ok
20:16:45.0513 2924 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:16:45.0513 2924 ws2ifsl - ok
20:16:45.0513 2924 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
20:16:45.0528 2924 wscsvc - ok
20:16:45.0528 2924 WSearch - ok
20:16:45.0591 2924 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:16:45.0622 2924 wuauserv - ok
20:16:45.0669 2924 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:16:45.0747 2924 WudfPf - ok
20:16:45.0793 2924 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:16:45.0871 2924 WUDFRd - ok
20:16:45.0918 2924 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:16:45.0949 2924 wudfsvc - ok
20:16:45.0981 2924 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:16:45.0996 2924 WwanSvc - ok
20:16:46.0043 2924 [ 8903C6979EA677A9AF3D36E0D3709203 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files\CyberLink\PowerDVD DX\000.fcl
20:16:46.0043 2924 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
20:16:46.0059 2924 ================ Scan global ===============================
20:16:46.0105 2924 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:16:46.0168 2924 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:16:46.0183 2924 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:16:46.0215 2924 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:16:46.0261 2924 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:16:46.0277 2924 [Global] - ok
20:16:46.0277 2924 ================ Scan MBR ==================================
20:16:46.0277 2924 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:16:46.0480 2924 \Device\Harddisk0\DR0 - ok
20:16:46.0480 2924 ================ Scan VBR ==================================
20:16:46.0495 2924 [ 8B98CE8D400A01AB6D51F6FF0589EE85 ] \Device\Harddisk0\DR0\Partition1
20:16:46.0511 2924 \Device\Harddisk0\DR0\Partition1 - ok
20:16:46.0511 2924 [ D33FCA6406B950993EF27860AB5B8BAF ] \Device\Harddisk0\DR0\Partition2
20:16:46.0511 2924 \Device\Harddisk0\DR0\Partition2 - ok
20:16:46.0511 2924 ============================================================
20:16:46.0511 2924 Scan finished
20:16:46.0511 2924 ============================================================
20:16:46.0511 1808 Detected object count: 0
20:16:46.0511 1808 Actual detected object count: 0
20:17:01.0284 2228 ============================================================
20:17:01.0284 2228 Scan started
20:17:01.0284 2228 Mode: Manual; SigCheck; TDLFS;
20:17:01.0284 2228 ============================================================
20:17:01.0487 2228 ================ Scan system memory ========================
20:17:01.0487 2228 System memory - ok
20:17:01.0487 2228 ================ Scan services =============================
20:17:01.0674 2228 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:17:01.0737 2228 1394ohci - ok
20:17:01.0783 2228 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:17:01.0799 2228 ACPI - ok
20:17:01.0830 2228 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:17:01.0861 2228 AcpiPmi - ok
20:17:02.0002 2228 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:17:02.0017 2228 AdobeARMservice - ok
20:17:02.0080 2228 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:17:02.0095 2228 AdobeFlashPlayerUpdateSvc - ok
20:17:02.0142 2228 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:17:02.0158 2228 adp94xx - ok
20:17:02.0173 2228 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:17:02.0189 2228 adpahci - ok
20:17:02.0205 2228 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:17:02.0236 2228 adpu320 - ok
20:17:02.0267 2228 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:17:02.0314 2228 AeLookupSvc - ok
20:17:02.0345 2228 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:17:02.0361 2228 AFD - ok
20:17:02.0407 2228 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:17:02.0423 2228 agp440 - ok
20:17:02.0454 2228 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:17:02.0470 2228 aic78xx - ok
20:17:02.0485 2228 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:17:02.0517 2228 ALG - ok
20:17:02.0532 2228 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:17:02.0548 2228 aliide - ok
20:17:02.0563 2228 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:17:02.0579 2228 amdagp - ok
20:17:02.0595 2228 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:17:02.0610 2228 amdide - ok
20:17:02.0626 2228 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:17:02.0641 2228 AmdK8 - ok
20:17:02.0673 2228 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:17:02.0688 2228 AmdPPM - ok
20:17:02.0704 2228 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:17:02.0719 2228 amdsata - ok
20:17:02.0735 2228 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:17:02.0751 2228 amdsbs - ok
20:17:02.0766 2228 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:17:02.0860 2228 amdxata - ok
20:17:02.0891 2228 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:17:02.0907 2228 AppID - ok
20:17:02.0938 2228 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:17:02.0985 2228 AppIDSvc - ok
20:17:03.0016 2228 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:17:03.0047 2228 Appinfo - ok
20:17:03.0109 2228 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:17:03.0109 2228 Apple Mobile Device - ok
20:17:03.0141 2228 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:17:03.0141 2228 arc - ok
20:17:03.0156 2228 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:17:03.0172 2228 arcsas - ok
20:17:03.0250 2228 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:17:03.0265 2228 aspnet_state - ok
20:17:03.0281 2228 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:17:03.0312 2228 AsyncMac - ok
20:17:03.0328 2228 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:17:03.0343 2228 atapi - ok
20:17:03.0390 2228 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
20:17:03.0437 2228 atksgt - ok
20:17:03.0484 2228 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:17:03.0531 2228 AudioEndpointBuilder - ok
20:17:03.0562 2228 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:17:03.0577 2228 Audiosrv - ok
20:17:03.0624 2228 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:17:03.0655 2228 AxInstSV - ok
20:17:03.0671 2228 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:17:03.0718 2228 b06bdrv - ok
20:17:03.0733 2228 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:17:03.0765 2228 b57nd60x - ok
20:17:03.0796 2228 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:17:03.0827 2228 BDESVC - ok
20:17:03.0843 2228 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:17:03.0874 2228 Beep - ok
20:17:03.0936 2228 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:17:03.0967 2228 BFE - ok
20:17:04.0014 2228 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
20:17:04.0045 2228 BITS - ok
20:17:04.0045 2228 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:17:04.0077 2228 blbdrive - ok
20:17:04.0108 2228 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:17:04.0123 2228 Bonjour Service - ok
20:17:04.0155 2228 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:17:04.0170 2228 bowser - ok
20:17:04.0186 2228 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:17:04.0201 2228 BrFiltLo - ok
20:17:04.0217 2228 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:17:04.0248 2228 BrFiltUp - ok
20:17:04.0279 2228 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:17:04.0326 2228 BridgeMP - ok
20:17:04.0373 2228 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:17:04.0404 2228 Browser - ok
20:17:04.0420 2228 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:17:04.0451 2228 Brserid - ok
20:17:04.0467 2228 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:17:04.0498 2228 BrSerWdm - ok
20:17:04.0513 2228 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:17:04.0545 2228 BrUsbMdm - ok
20:17:04.0560 2228 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:17:04.0591 2228 BrUsbSer - ok
20:17:04.0607 2228 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:17:04.0623 2228 BTHMODEM - ok
20:17:04.0654 2228 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:17:04.0716 2228 bthserv - ok
20:17:04.0732 2228 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
20:17:04.0794 2228 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
20:17:04.0794 2228 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
20:17:04.0919 2228 catchme - ok
20:17:04.0919 2228 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:17:04.0966 2228 cdfs - ok
20:17:04.0997 2228 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:17:05.0059 2228 cdrom - ok
20:17:05.0091 2228 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:17:05.0122 2228 CertPropSvc - ok
20:17:05.0137 2228 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\Windows\system32\drivers\cfwids.sys
20:17:05.0153 2228 cfwids - ok
20:17:05.0169 2228 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:17:05.0200 2228 circlass - ok
20:17:05.0231 2228 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:17:05.0247 2228 CLFS - ok
20:17:05.0278 2228 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:05.0293 2228 clr_optimization_v2.0.50727_32 - ok
20:17:05.0325 2228 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:05.0340 2228 clr_optimization_v4.0.30319_32 - ok
20:17:05.0356 2228 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:17:05.0371 2228 CmBatt - ok
20:17:05.0403 2228 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:17:05.0418 2228 cmdide - ok
20:17:05.0465 2228 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:17:05.0481 2228 CNG - ok
20:17:05.0496 2228 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:17:05.0496 2228 Compbatt - ok
20:17:05.0527 2228 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:17:05.0559 2228 CompositeBus - ok
20:17:05.0559 2228 COMSysApp - ok
20:17:05.0574 2228 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:17:05.0590 2228 crcdisk - ok
20:17:05.0621 2228 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:17:05.0637 2228 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:17:05.0637 2228 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:17:05.0668 2228 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:17:05.0715 2228 CryptSvc - ok
20:17:05.0746 2228 [ 92EF3400636BD8E9CA6144B089A943F0 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
20:17:05.0824 2228 CT20XUT - ok
20:17:05.0839 2228 [ 92EF3400636BD8E9CA6144B089A943F0 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
20:17:05.0902 2228 CT20XUT.SYS - ok
20:17:05.0917 2228 [ 20F2E80701FDD71EDD8EAE474DB72BCC ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
20:17:05.0980 2228 ctac32k - ok
20:17:05.0995 2228 [ 6DBE16DDF1EE79691443A0491308DD17 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
20:17:06.0089 2228 ctaud2k - ok
20:17:06.0120 2228 [ 68ADFC2BF18CBDD7ACEE0EEEEB242D1E ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
20:17:06.0151 2228 CTEXFIFX - ok
20:17:06.0183 2228 [ 68ADFC2BF18CBDD7ACEE0EEEEB242D1E ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
20:17:06.0214 2228 CTEXFIFX.SYS - ok
20:17:06.0214 2228 [ 522F2A3DC88C8CA0C19A7D4BFDA38512 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
20:17:06.0292 2228 CTHWIUT - ok
20:17:06.0292 2228 [ 522F2A3DC88C8CA0C19A7D4BFDA38512 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
20:17:06.0354 2228 CTHWIUT.SYS - ok
20:17:06.0370 2228 [ 8895F03FF0F72D46F34212D0C545F17B ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
20:17:06.0385 2228 ctprxy2k - ok
20:17:06.0385 2228 [ 17F772D7D1803956CA4C978634ACB977 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
20:17:06.0448 2228 ctsfm2k - ok
20:17:06.0479 2228 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] datunidr C:\Windows\system32\DRIVERS\datunidr.sys
20:17:06.0510 2228 datunidr - ok
20:17:06.0588 2228 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:17:06.0588 2228 DAUpdaterSvc - ok
20:17:06.0635 2228 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:17:06.0666 2228 DcomLaunch - ok
20:17:06.0697 2228 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:17:06.0760 2228 defragsvc - ok
20:17:06.0791 2228 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:17:06.0822 2228 DfsC - ok
20:17:06.0869 2228 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:17:06.0885 2228 Dhcp - ok
20:17:06.0916 2228 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:17:06.0963 2228 discache - ok
20:17:06.0994 2228 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:17:07.0009 2228 Disk - ok
20:17:07.0009 2228 dlcc_device - ok
20:17:07.0056 2228 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:17:07.0087 2228 Dnscache - ok
20:17:07.0119 2228 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:17:07.0197 2228 dot3svc - ok
20:17:07.0228 2228 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:17:07.0290 2228 DPS - ok
20:17:07.0321 2228 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:17:07.0337 2228 drmkaud - ok
20:17:07.0384 2228 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:17:07.0399 2228 DXGKrnl - ok
20:17:07.0431 2228 [ 0535BFBEDB9378DDD15BDF9957D57D71 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
20:17:07.0446 2228 e1express - ok
20:17:07.0477 2228 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:17:07.0524 2228 EapHost - ok
20:17:07.0571 2228 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:17:07.0618 2228 ebdrv - ok
20:17:07.0665 2228 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:17:07.0727 2228 EFS - ok
20:17:07.0789 2228 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:17:07.0821 2228 ehRecvr - ok
20:17:07.0852 2228 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:17:07.0867 2228 ehSched - ok
20:17:07.0883 2228 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:17:07.0914 2228 elxstor - ok
20:17:07.0930 2228 [ CE9BB4EABCD82293662C54713EDCAD1E ] emupia C:\Windows\system32\drivers\emupia2k.sys
20:17:07.0977 2228 emupia - ok
20:17:08.0008 2228 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:17:08.0023 2228 ErrDev - ok
20:17:08.0039 2228 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:17:08.0086 2228 EventSystem - ok
20:17:08.0101 2228 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:17:08.0133 2228 exfat - ok
20:17:08.0148 2228 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:17:08.0195 2228 fastfat - ok
20:17:08.0226 2228 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:17:08.0257 2228 Fax - ok
20:17:08.0273 2228 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:17:08.0304 2228 fdc - ok
20:17:08.0335 2228 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:17:08.0367 2228 fdPHost - ok
20:17:08.0382 2228 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:17:08.0413 2228 FDResPub - ok
20:17:08.0413 2228 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:17:08.0429 2228 FileInfo - ok
20:17:08.0445 2228 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:17:08.0476 2228 Filetrace - ok
20:17:08.0538 2228 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:17:08.0554 2228 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:17:08.0554 2228 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:17:08.0569 2228 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:17:08.0601 2228 flpydisk - ok
20:17:08.0632 2228 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:17:08.0647 2228 FltMgr - ok
20:17:08.0694 2228 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:17:08.0725 2228 FontCache - ok
20:17:08.0788 2228 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:17:08.0803 2228 FontCache3.0.0.0 - ok
20:17:08.0819 2228 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:17:08.0835 2228 FsDepends - ok
20:17:08.0866 2228 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:17:08.0944 2228 fssfltr - ok
20:17:09.0022 2228 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:17:09.0053 2228 fsssvc - ok
20:17:09.0084 2228 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:17:09.0100 2228 Fs_Rec - ok
20:17:09.0147 2228 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:17:09.0162 2228 fvevol - ok
20:17:09.0178 2228 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:17:09.0193 2228 gagp30kx - ok
20:17:09.0225 2228 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:17:09.0271 2228 GEARAspiWDM - ok
20:17:09.0318 2228 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:17:09.0396 2228 gpsvc - ok
20:17:09.0443 2228 [ DC7047D12446D0059EA8A4D8B645FA5A ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
20:17:09.0474 2228 ha20x22k - ok
20:17:09.0505 2228 [ F70DDCCC0B45CF9E08CA91B187526F43 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
20:17:09.0568 2228 ha20x2k - ok
20:17:09.0583 2228 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:17:09.0615 2228 hcw85cir - ok
20:17:09.0646 2228 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:09.0724 2228 HdAudAddService - ok
20:17:09.0739 2228 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:17:09.0771 2228 HDAudBus - ok
20:17:09.0786 2228 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:17:09.0817 2228 HidBatt - ok
20:17:09.0849 2228 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:17:09.0864 2228 HidBth - ok
20:17:09.0880 2228 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:17:09.0911 2228 HidIr - ok
20:17:09.0942 2228 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
20:17:09.0989 2228 hidserv - ok
20:17:10.0020 2228 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:17:10.0114 2228 HidUsb - ok
20:17:10.0161 2228 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:17:10.0176 2228 hkmsvc - ok
20:17:10.0223 2228 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:10.0239 2228 HomeGroupListener - ok
20:17:10.0270 2228 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:10.0301 2228 HomeGroupProvider - ok
20:17:10.0332 2228 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:17:10.0348 2228 HpSAMD - ok
20:17:10.0395 2228 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:17:10.0457 2228 HTTP - ok
20:17:10.0504 2228 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:17:10.0504 2228 hwpolicy - ok
20:17:10.0551 2228 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:17:10.0566 2228 i8042prt - ok
20:17:10.0613 2228 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
20:17:10.0629 2228 IAANTMON - ok
20:17:10.0675 2228 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:17:10.0691 2228 iaStor - ok
20:17:10.0707 2228 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:17:10.0816 2228 iaStorV - ok
20:17:10.0894 2228 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:17:10.0909 2228 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:17:10.0909 2228 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:17:10.0972 2228 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:17:11.0050 2228 idsvc - ok
20:17:11.0065 2228 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:17:11.0081 2228 iirsp - ok
20:17:11.0112 2228 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:17:11.0143 2228 IKEEXT - ok
20:17:11.0143 2228 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:17:11.0159 2228 intelide - ok
20:17:11.0175 2228 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:17:11.0206 2228 intelppm - ok
20:17:11.0237 2228 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:17:11.0284 2228 IPBusEnum - ok
20:17:11.0299 2228 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:11.0346 2228 IpFilterDriver - ok
20:17:11.0393 2228 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:17:11.0409 2228 iphlpsvc - ok
20:17:11.0455 2228 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:17:11.0518 2228 IPMIDRV - ok
20:17:11.0533 2228 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:17:11.0580 2228 IPNAT - ok
20:17:11.0627 2228 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:17:11.0689 2228 iPod Service - ok
20:17:11.0705 2228 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:17:11.0736 2228 IRENUM - ok
20:17:11.0767 2228 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:17:11.0783 2228 isapnp - ok
20:17:11.0830 2228 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:17:11.0830 2228 iScsiPrt - ok
20:17:11.0845 2228 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:17:11.0861 2228 kbdclass - ok
20:17:11.0908 2228 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:17:11.0939 2228 kbdhid - ok
20:17:11.0955 2228 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:17:12.0017 2228 KeyIso - ok
20:17:12.0048 2228 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:17:12.0064 2228 KSecDD - ok
20:17:12.0111 2228 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:17:12.0126 2228 KSecPkg - ok
20:17:12.0173 2228 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:17:12.0235 2228 KtmRm - ok
20:17:12.0251 2228 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
20:17:12.0313 2228 LanmanServer - ok
20:17:12.0360 2228 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:12.0376 2228 LanmanWorkstation - ok
20:17:12.0469 2228 [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:17:12.0485 2228 LBTServ - ok
20:17:12.0516 2228 [ ED8F9311CAE12C41A58DAE2EA6D6C849 ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
20:17:12.0532 2228 LEqdUsb - ok
20:17:12.0563 2228 [ 9943F10C60EAF714C7010B37025A5AC5 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
20:17:12.0610 2228 LHidEqd - ok
20:17:12.0641 2228 [ B68309F25C5787385DA842EB5B496958 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:17:12.0688 2228 LHidFilt - ok
20:17:12.0703 2228 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
20:17:12.0750 2228 lirsgt - ok
20:17:12.0781 2228 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:17:12.0844 2228 lltdio - ok
20:17:12.0875 2228 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:17:12.0922 2228 lltdsvc - ok
20:17:12.0937 2228 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:17:12.0969 2228 lmhosts - ok
20:17:12.0969 2228 [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:17:12.0984 2228 LMouFilt - ok
20:17:13.0000 2228 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:17:13.0015 2228 LSI_FC - ok
20:17:13.0031 2228 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:17:13.0047 2228 LSI_SAS - ok
20:17:13.0062 2228 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:17:13.0078 2228 LSI_SAS2 - ok
20:17:13.0093 2228 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:17:13.0109 2228 LSI_SCSI - ok
20:17:13.0109 2228 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:17:13.0156 2228 luafv - ok
20:17:13.0187 2228 [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
20:17:13.0203 2228 LUsbFilt - ok
20:17:13.0281 2228 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:17:13.0296 2228 McAfee SiteAdvisor Service - ok
20:17:13.0312 2228 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:17:13.0327 2228 McMPFSvc - ok
20:17:13.0327 2228 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:17:13.0343 2228 mcmscsvc - ok
20:17:13.0343 2228 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:17:13.0359 2228 McNaiAnn - ok
20:17:13.0359 2228 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:17:13.0374 2228 McNASvc - ok
20:17:13.0437 2228 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
20:17:13.0452 2228 McODS - ok
20:17:13.0452 2228 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:17:13.0468 2228 McProxy - ok
20:17:13.0515 2228 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:17:13.0515 2228 McShield - ok
20:17:13.0561 2228 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:17:13.0608 2228 Mcx2Svc - ok
20:17:13.0624 2228 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:17:13.0624 2228 megasas - ok
20:17:13.0639 2228 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:17:13.0655 2228 MegaSR - ok
20:17:13.0686 2228 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
20:17:13.0686 2228 mfeapfk - ok
20:17:13.0717 2228 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
20:17:13.0764 2228 mfeavfk - ok
20:17:13.0764 2228 mfeavfk01 - ok
20:17:13.0795 2228 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
20:17:13.0842 2228 mfebopk - ok
20:17:13.0889 2228 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:17:13.0889 2228 mfefire - ok
20:17:13.0920 2228 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
20:17:13.0983 2228 mfefirek - ok
20:17:13.0998 2228 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
20:17:14.0014 2228 mfehidk - ok
20:17:14.0061 2228 [ AC04A618AEF3DE0FCE91C766F9E069DA ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
20:17:14.0076 2228 mfenlfk - ok
20:17:14.0076 2228 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
20:17:14.0139 2228 mferkdet - ok
20:17:14.0170 2228 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
20:17:14.0232 2228 mfevtp - ok
20:17:14.0248 2228 [ F284337AEDB7483DF8A5FA840647E2B0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
20:17:14.0263 2228 mfewfpk - ok
20:17:14.0310 2228 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:17:14.0357 2228 MMCSS - ok
20:17:14.0357 2228 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:17:14.0404 2228 Modem - ok
20:17:14.0451 2228 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:17:14.0482 2228 monitor - ok
20:17:14.0513 2228 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:17:14.0529 2228 mouclass - ok
20:17:14.0529 2228 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:17:14.0560 2228 mouhid - ok
20:17:14.0591 2228 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:17:14.0607 2228 mountmgr - ok
20:17:14.0622 2228 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:17:14.0638 2228 mpio - ok
20:17:14.0653 2228 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:17:14.0669 2228 mpsdrv - ok
20:17:14.0716 2228 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:17:14.0794 2228 MpsSvc - ok
20:17:14.0825 2228 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:17:14.0950 2228 MRxDAV - ok
20:17:14.0981 2228 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:15.0012 2228 mrxsmb - ok
20:17:15.0043 2228 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:15.0059 2228 mrxsmb10 - ok
20:17:15.0075 2228 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:15.0106 2228 mrxsmb20 - ok
20:17:15.0121 2228 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:17:15.0137 2228 msahci - ok
20:17:15.0184 2228 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:17:15.0262 2228 msdsm - ok
20:17:15.0277 2228 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:17:15.0309 2228 MSDTC - ok
20:17:15.0340 2228 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:17:15.0371 2228 Msfs - ok
20:17:15.0387 2228 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:17:15.0418 2228 mshidkmdf - ok
20:17:15.0449 2228 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:17:15.0465 2228 msisadrv - ok
20:17:15.0496 2228 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:17:15.0527 2228 MSiSCSI - ok
20:17:15.0527 2228 msiserver - ok
20:17:15.0543 2228 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:17:15.0558 2228 MSK80Service - ok
20:17:15.0574 2228 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:17:15.0621 2228 MSKSSRV - ok
20:17:15.0652 2228 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:15.0699 2228 MSPCLOCK - ok
20:17:15.0699 2228 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:17:15.0730 2228 MSPQM - ok
20:17:15.0745 2228 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:17:15.0761 2228 MsRPC - ok
20:17:15.0777 2228 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:17:15.0792 2228 mssmbios - ok
20:17:15.0792 2228 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:17:15.0839 2228 MSTEE - ok
20:17:15.0855 2228 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
20:17:15.0901 2228 msvad_simple - ok
20:17:15.0917 2228 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:17:15.0948 2228 MTConfig - ok
20:17:15.0964 2228 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:17:15.0979 2228 Mup - ok
20:17:16.0026 2228 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:17:16.0042 2228 napagent - ok
20:17:16.0089 2228 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:17:16.0104 2228 NativeWifiP - ok
20:17:16.0151 2228 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:17:16.0167 2228 NDIS - ok
20:17:16.0182 2228 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:16.0229 2228 NdisCap - ok
20:17:16.0245 2228 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:16.0276 2228 NdisTapi - ok
20:17:16.0307 2228 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:16.0385 2228 Ndisuio - ok
20:17:16.0416 2228 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:16.0447 2228 NdisWan - ok
20:17:16.0479 2228 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:17:16.0541 2228 NDProxy - ok
20:17:16.0557 2228 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:17:16.0603 2228 NetBIOS - ok
20:17:16.0650 2228 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:17:16.0744 2228 NetBT - ok
20:17:16.0759 2228 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:17:16.0822 2228 Netlogon - ok
20:17:16.0869 2228 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:17:16.0900 2228 Netman - ok
20:17:16.0931 2228 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:17:16.0978 2228 netprofm - ok
20:17:17.0009 2228 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:17:17.0009 2228 NetTcpPortSharing - ok
20:17:17.0040 2228 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:17:17.0040 2228 nfrd960 - ok
20:17:17.0087 2228 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:17:17.0118 2228 NlaSvc - ok
20:17:17.0134 2228 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:17:17.0181 2228 Npfs - ok
20:17:17.0181 2228 npggsvc - ok
20:17:17.0212 2228 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:17:17.0243 2228 nsi - ok
20:17:17.0274 2228 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:17:17.0321 2228 nsiproxy - ok
20:17:17.0383 2228 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:17:17.0446 2228 Ntfs - ok
20:17:17.0461 2228 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:17:17.0493 2228 Null - ok
20:17:17.0524 2228 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:17:17.0571 2228 NVHDA - ok
20:17:17.0773 2228 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:17:17.0976 2228 nvlddmkm - ok
20:17:18.0007 2228 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:17:18.0007 2228 nvraid - ok
20:17:18.0039 2228 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:17:18.0054 2228 nvstor - ok
20:17:18.0085 2228 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:17:18.0148 2228 nvsvc - ok
20:17:18.0210 2228 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:17:18.0241 2228 nvUpdatusService - ok
20:17:18.0288 2228 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:17:18.0304 2228 nv_agp - ok
20:17:18.0382 2228 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:17:18.0397 2228 odserv - ok
20:17:18.0444 2228 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:17:18.0475 2228 ohci1394 - ok
20:17:18.0507 2228 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:17:18.0522 2228 ose - ok
20:17:18.0538 2228 [ 09A0F62722BABA3B402B6604795EF976 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
20:17:18.0585 2228 ossrv - ok
20:17:18.0631 2228 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:17:18.0663 2228 p2pimsvc - ok
20:17:18.0709 2228 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:17:18.0725 2228 p2psvc - ok
20:17:18.0772 2228 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:17:18.0803 2228 Parport - ok
20:17:18.0850 2228 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:17:18.0943 2228 partmgr - ok
20:17:18.0959 2228 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:17:18.0990 2228 Parvdm - ok
20:17:19.0006 2228 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:17:19.0037 2228 PcaSvc - ok
20:17:19.0084 2228 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:17:19.0099 2228 pci - ok
20:17:19.0115 2228 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:17:19.0131 2228 pciide - ok
20:17:19.0131 2228 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:17:19.0162 2228 pcmcia - ok
20:17:19.0177 2228 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:17:19.0177 2228 pcw - ok
20:17:19.0209 2228 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:17:19.0240 2228 PEAUTH - ok
20:17:19.0318 2228 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:17:19.0365 2228 pla - ok
20:17:19.0396 2228 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:17:19.0427 2228 PlugPlay - ok
20:17:19.0458 2228 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:17:19.0474 2228 PNRPAutoReg - ok
20:17:19.0489 2228 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:17:19.0505 2228 PNRPsvc - ok
20:17:19.0521 2228 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:17:19.0552 2228 PolicyAgent - ok
20:17:19.0599 2228 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:17:19.0614 2228 Power - ok
20:17:19.0630 2228 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:17:19.0677 2228 PptpMiniport - ok
20:17:19.0692 2228 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:17:19.0723 2228 Processor - ok
20:17:19.0770 2228 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:17:19.0786 2228 ProfSvc - ok
20:17:19.0786 2228 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:17:19.0848 2228 ProtectedStorage - ok
20:17:19.0895 2228 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:17:19.0942 2228 Psched - ok
20:17:19.0973 2228 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:17:19.0989 2228 PxHelp20 - ok
20:17:20.0020 2228 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:17:20.0051 2228 ql2300 - ok
20:17:20.0067 2228 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:17:20.0082 2228 ql40xx - ok
20:17:20.0129 2228 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:17:20.0160 2228 QWAVE - ok
20:17:20.0191 2228 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:17:20.0207 2228 QWAVEdrv - ok
20:17:20.0223 2228 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:17:20.0254 2228 RasAcd - ok
20:17:20.0301 2228 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:17:20.0332 2228 RasAgileVpn - ok
20:17:20.0363 2228 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:17:20.0394 2228 RasAuto - ok
20:17:20.0410 2228 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:20.0441 2228 Rasl2tp - ok
20:17:20.0488 2228 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:17:20.0535 2228 RasMan - ok
20:17:20.0550 2228 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:20.0613 2228 RasPppoe - ok
20:17:20.0628 2228 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:17:20.0659 2228 RasSstp - ok
20:17:20.0691 2228 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:17:20.0737 2228 rdbss - ok
20:17:20.0753 2228 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:17:20.0769 2228 rdpbus - ok
20:17:20.0800 2228 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:20.0878 2228 RDPCDD - ok
20:17:20.0893 2228 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:17:20.0940 2228 RDPENCDD - ok
20:17:20.0956 2228 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:17:20.0971 2228 RDPREFMP - ok
20:17:21.0003 2228 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:17:21.0112 2228 RDPWD - ok
20:17:21.0143 2228 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:17:21.0159 2228 rdyboost - ok
20:17:21.0205 2228 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:17:21.0237 2228 RemoteAccess - ok
20:17:21.0268 2228 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:17:21.0299 2228 RemoteRegistry - ok
20:17:21.0393 2228 [ EB9717ACDB9B70CCF61684EBCF9DA6A3 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
20:17:21.0408 2228 RoxLiveShare10 - ok
20:17:21.0471 2228 [ 64A8759E9B7E5467F60CB729B1EC352E ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:17:21.0486 2228 RoxMediaDB10 - ok
20:17:21.0533 2228 [ 2884DDA6ED8E8FD88568D924A79A9B30 ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
20:17:21.0533 2228 RoxWatch10 - ok
20:17:21.0580 2228 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:17:21.0611 2228 RpcEptMapper - ok
20:17:21.0642 2228 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:17:21.0658 2228 RpcLocator - ok
20:17:21.0673 2228 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
20:17:21.0705 2228 RpcSs - ok
20:17:21.0705 2228 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:17:21.0751 2228 rspndr - ok
20:17:21.0751 2228 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:17:21.0814 2228 SamSs - ok
20:17:21.0861 2228 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:17:21.0954 2228 sbp2port - ok
20:17:21.0970 2228 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:17:22.0017 2228 SCardSvr - ok
20:17:22.0032 2228 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:17:22.0063 2228 scfilter - ok
20:17:22.0110 2228 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:17:22.0141 2228 Schedule - ok
20:17:22.0173 2228 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:17:22.0204 2228 SCPolicySvc - ok
20:17:22.0235 2228 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:17:22.0282 2228 SDRSVC - ok
20:17:22.0297 2228 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:17:22.0344 2228 secdrv - ok
20:17:22.0391 2228 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:17:22.0453 2228 seclogon - ok
20:17:22.0469 2228 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
20:17:22.0500 2228 SENS - ok
20:17:22.0547 2228 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:17:22.0578 2228 SensrSvc - ok
20:17:22.0594 2228 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:17:22.0609 2228 Serenum - ok
20:17:22.0625 2228 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:17:22.0656 2228 Serial - ok
20:17:22.0672 2228 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:17:22.0687 2228 sermouse - ok
20:17:22.0734 2228 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:17:22.0781 2228 SessionEnv - ok
20:17:22.0828 2228 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:17:22.0843 2228 sffdisk - ok
20:17:22.0859 2228 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:17:22.0890 2228 sffp_mmc - ok
20:17:22.0906 2228 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:17:22.0937 2228 sffp_sd - ok
20:17:22.0968 2228 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:17:22.0999 2228 sfloppy - ok
20:17:23.0046 2228 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:17:23.0093 2228 SharedAccess - ok
20:17:23.0124 2228 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:23.0155 2228 ShellHWDetection - ok
20:17:23.0187 2228 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:17:23.0202 2228 sisagp - ok
20:17:23.0218 2228 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:17:23.0233 2228 SiSRaid2 - ok
20:17:23.0249 2228 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:17:23.0265 2228 SiSRaid4 - ok
20:17:23.0311 2228 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:17:23.0311 2228 SkypeUpdate - ok
20:17:23.0343 2228 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:17:23.0374 2228 Smb - ok
20:17:23.0421 2228 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:17:23.0436 2228 SNMPTRAP - ok
20:17:23.0452 2228 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:17:23.0467 2228 spldr - ok
20:17:23.0499 2228 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:17:23.0530 2228 Spooler - ok
20:17:23.0608 2228 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:17:23.0670 2228 sppsvc - ok
20:17:23.0717 2228 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:17:23.0779 2228 sppuinotify - ok
20:17:23.0811 2228 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:17:23.0842 2228 srv - ok
20:17:23.0889 2228 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:17:23.0904 2228 srv2 - ok
20:17:23.0935 2228 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:17:23.0982 2228 srvnet - ok
20:17:24.0029 2228 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:17:24.0076 2228 SSDPSRV - ok
20:17:24.0091 2228 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:17:24.0123 2228 SstpSvc - ok
20:17:24.0138 2228 Steam Client Service - ok
20:17:24.0185 2228 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:17:24.0201 2228 Stereo Service - ok
20:17:24.0216 2228 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:17:24.0232 2228 stexstor - ok
20:17:24.0263 2228 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:17:24.0310 2228 StiSvc - ok
20:17:24.0388 2228 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:17:24.0388 2228 stllssvr - ok
20:17:24.0435 2228 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:17:24.0435 2228 swenum - ok
20:17:24.0450 2228 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:17:24.0513 2228 swprv - ok
20:17:24.0559 2228 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:17:24.0606 2228 SysMain - ok
20:17:24.0622 2228 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:24.0669 2228 TabletInputService - ok
20:17:24.0715 2228 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:17:24.0762 2228 TapiSrv - ok
20:17:24.0809 2228 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:17:24.0856 2228 TBS - ok
20:17:24.0903 2228 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:17:24.0934 2228 Tcpip - ok
20:17:24.0965 2228 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:17:24.0996 2228 TCPIP6 - ok
20:17:25.0043 2228 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:17:25.0152 2228 tcpipreg - ok
20:17:25.0199 2228 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:17:25.0308 2228 TDPIPE - ok
20:17:25.0339 2228 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:17:25.0433 2228 TDTCP - ok
20:17:25.0464 2228 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:17:25.0558 2228 tdx - ok
20:17:25.0573 2228 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:17:25.0651 2228 TermDD - ok
20:17:25.0698 2228 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:17:25.0745 2228 TermService - ok
20:17:25.0761 2228 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:17:25.0792 2228 Themes - ok
20:17:25.0823 2228 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:17:25.0854 2228 THREADORDER - ok
20:17:25.0870 2228 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:17:25.0917 2228 TrkWks - ok
20:17:25.0979 2228 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:26.0026 2228 TrustedInstaller - ok
20:17:26.0073 2228 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:26.0182 2228 tssecsrv - ok
20:17:26.0213 2228 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:17:26.0291 2228 TsUsbFlt - ok
20:17:26.0322 2228 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:17:26.0400 2228 tunnel - ok
20:17:26.0447 2228 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:17:26.0463 2228 uagp35 - ok
20:17:26.0478 2228 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:17:26.0541 2228 udfs - ok
20:17:26.0572 2228 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:17:26.0603 2228 UI0Detect - ok
20:17:26.0634 2228 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:17:26.0650 2228 uliagpkx - ok
20:17:26.0681 2228 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:17:26.0697 2228 umbus - ok
20:17:26.0712 2228 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:17:26.0728 2228 UmPass - ok
20:17:26.0775 2228 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:17:26.0806 2228 upnphost - ok
20:17:26.0837 2228 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:17:26.0931 2228 USBAAPL - ok
20:17:26.0977 2228 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:17:26.0993 2228 usbaudio - ok
20:17:27.0024 2228 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:27.0087 2228 usbccgp - ok
20:17:27.0133 2228 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:17:27.0133 2228 usbcir - ok
20:17:27.0180 2228 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:17:27.0196 2228 usbehci - ok
20:17:27.0196 2228 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:17:27.0305 2228 usbhub - ok
20:17:27.0336 2228 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:17:27.0367 2228 usbohci - ok
20:17:27.0399 2228 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:17:27.0414 2228 usbprint - ok
20:17:27.0445 2228 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:17:27.0477 2228 usbscan - ok
20:17:27.0508 2228 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:17:27.0539 2228 USBSTOR - ok
20:17:27.0601 2228 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:17:27.0633 2228 usbuhci - ok
20:17:27.0648 2228 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:17:27.0679 2228 UxSms - ok
20:17:27.0695 2228 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:17:27.0757 2228 VaultSvc - ok
20:17:27.0789 2228 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:17:27.0804 2228 vdrvroot - ok
20:17:27.0851 2228 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:17:27.0882 2228 vds - ok
20:17:27.0898 2228 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:27.0913 2228 vga - ok
20:17:27.0913 2228 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:17:27.0960 2228 VgaSave - ok
20:17:27.0976 2228 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:17:28.0023 2228 vhdmp - ok
20:17:28.0054 2228 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:17:28.0069 2228 viaagp - ok
20:17:28.0085 2228 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:17:28.0116 2228 ViaC7 - ok
20:17:28.0147 2228 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:17:28.0163 2228 viaide - ok
20:17:28.0194 2228 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:17:28.0210 2228 volmgr - ok
20:17:28.0257 2228 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:17:28.0272 2228 volmgrx - ok
20:17:28.0303 2228 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:17:28.0319 2228 volsnap - ok
20:17:28.0335 2228 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:17:28.0350 2228 vsmraid - ok
20:17:28.0413 2228 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:17:28.0444 2228 VSS - ok
20:17:28.0475 2228 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:17:28.0506 2228 vwifibus - ok
20:17:28.0537 2228 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:17:28.0584 2228 W32Time - ok
20:17:28.0600 2228 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:17:28.0631 2228 WacomPen - ok
20:17:28.0678 2228 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:17:28.0771 2228 WANARP - ok
20:17:28.0787 2228 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:17:28.0881 2228 Wanarpv6 - ok
20:17:28.0912 2228 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:17:28.0959 2228 wbengine - ok
20:17:28.0974 2228 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:17:29.0005 2228 WbioSrvc - ok
20:17:29.0052 2228 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:17:29.0068 2228 wcncsvc - ok
20:17:29.0083 2228 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:29.0130 2228 WcsPlugInService - ok
20:17:29.0146 2228 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:17:29.0161 2228 Wd - ok
20:17:29.0177 2228 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:17:29.0193 2228 Wdf01000 - ok
20:17:29.0208 2228 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:17:29.0239 2228 WdiServiceHost - ok
20:17:29.0239 2228 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:17:29.0255 2228 WdiSystemHost - ok
20:17:29.0302 2228 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:17:29.0333 2228 WebClient - ok
20:17:29.0364 2228 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:17:29.0411 2228 Wecsvc - ok
20:17:29.0411 2228 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:17:29.0458 2228 wercplsupport - ok
20:17:29.0489 2228 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:17:29.0520 2228 WerSvc - ok
20:17:29.0536 2228 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:17:29.0567 2228 WfpLwf - ok
20:17:29.0583 2228 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:17:29.0598 2228 WIMMount - ok
20:17:29.0676 2228 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:17:29.0707 2228 WinDefend - ok
20:17:29.0723 2228 WinHttpAutoProxySvc - ok
20:17:29.0801 2228 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:17:29.0817 2228 Winmgmt - ok
20:17:29.0879 2228 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:17:29.0957 2228 WinRM - ok
20:17:30.0004 2228 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:17:30.0035 2228 WinUsb - ok
20:17:30.0082 2228 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:17:30.0113 2228 Wlansvc - ok
20:17:30.0175 2228 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:17:30.0191 2228 wlcrasvc - ok
20:17:30.0238 2228 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:17:30.0269 2228 wlidsvc - ok
20:17:30.0300 2228 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:17:30.0331 2228 WmiAcpi - ok
20:17:30.0378 2228 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:17:30.0409 2228 wmiApSrv - ok
20:17:30.0456 2228 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:17:30.0503 2228 WMPNetworkSvc - ok
20:17:30.0519 2228 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:17:30.0534 2228 WPCSvc - ok
20:17:30.0581 2228 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:17:30.0643 2228 WPDBusEnum - ok
20:17:30.0675 2228 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:17:30.0721 2228 ws2ifsl - ok
20:17:30.0753 2228 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
20:17:30.0784 2228 wscsvc - ok
20:17:30.0799 2228 WSearch - ok
20:17:30.0846 2228 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:17:30.0893 2228 wuauserv - ok
20:17:30.0924 2228 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:17:31.0033 2228 WudfPf - ok
20:17:31.0080 2228 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:17:31.0174 2228 WUDFRd - ok
20:17:31.0205 2228 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:17:31.0283 2228 wudfsvc - ok
20:17:31.0314 2228 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:17:31.0345 2228 WwanSvc - ok
20:17:31.0408 2228 [ 8903C6979EA677A9AF3D36E0D3709203 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files\CyberLink\PowerDVD DX\000.fcl
20:17:31.0408 2228 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
20:17:31.0423 2228 ================ Scan global ===============================
20:17:31.0455 2228 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:17:31.0517 2228 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:17:31.0517 2228 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:17:31.0564 2228 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:17:31.0611 2228 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:17:31.0611 2228 [Global] - ok
20:17:31.0611 2228 ================ Scan MBR ==================================
20:17:31.0626 2228 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:17:31.0907 2228 \Device\Harddisk0\DR0 - ok
20:17:31.0907 2228 ================ Scan VBR ==================================
20:17:31.0938 2228 [ 8B98CE8D400A01AB6D51F6FF0589EE85 ] \Device\Harddisk0\DR0\Partition1
20:17:31.0938 2228 \Device\Harddisk0\DR0\Partition1 - ok
20:17:31.0938 2228 [ D33FCA6406B950993EF27860AB5B8BAF ] \Device\Harddisk0\DR0\Partition2
20:17:31.0938 2228 \Device\Harddisk0\DR0\Partition2 - ok
20:17:31.0938 2228 ============================================================
20:17:31.0938 2228 Scan finished
20:17:31.0938 2228 ============================================================
20:17:31.0938 3180 Detected object count: 4
20:17:31.0938 3180 Actual detected object count: 4
20:18:10.0455 3180 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:10.0455 3180 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:10.0455 3180 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:10.0455 3180 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:10.0455 3180 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:10.0455 3180 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:18:10.0455 3180 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:18:10.0455 3180 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

******************************************************************************

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Dave :: HOME-PC [administrator]

9/20/2012 8:24:30 PM
mbam-log-2012-09-20 (20-24-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245993
Time elapsed: 10 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

******************************************************************************

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/09/2012 11:42:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/09/2012 3:41:45 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 21/09/2012 3:41:45 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 21/09/2012 3:40:16 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:40:16 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:40:15 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:40:15 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:40:15 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 21/09/2012 3:40:15 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 21/09/2012 3:40:04 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:40:04 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:40:04 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 21/09/2012 3:38:46 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:38:46 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/09/2012 3:38:46 AM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/09/2012 3:39:55 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name time.windows.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/09/2012 3:39:31 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA.

******************************************************************************

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/09/2012 11:44:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/09/2012 3:41:17 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/09/2012 3:38:46 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3773537772-299500091-2391472651-1000_Classes:
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000_CLASSES


Log: 'Application' Date/Time: 21/09/2012 3:38:45 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 27 user registry handles leaked from \Registry\User\S-1-5-21-3773537772-299500091-2391472651-1000:
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\SystemCertificates\My
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Internet Explorer\IETld
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\SystemCertificates\CA
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\SystemCertificates\trust
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Internet Explorer\Main
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Policies
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6060 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Microsoft\SystemCertificates\Root
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Policies\Microsoft\SystemCertificates
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Policies\Microsoft\SystemCertificates
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Policies\Microsoft\SystemCertificates
Process 2408 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3773537772-299500091-2391472651-1000\Software\Policies\Microsoft\SystemCertificates


******************************************************************************

OTL logfile created on: 9/20/2012 11:45:44 PM - Run 2
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Dave\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.32% Memory free
5.99 Gb Paging File | 4.58 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 142.69 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.02 Gb Free Space | 33.45% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 01:16:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2012/09/07 17:26:13 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/15 05:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 05:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/25 20:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 15:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/05/05 16:51:00 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010/05/05 16:46:12 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe
PRC - [2007/10/29 16:33:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/23 15:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/04/17 15:22:22 | 000,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlcccoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/18 12:42:23 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL
MOD - [2007/08/23 15:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe


========== Services (SafeList) ==========

SRV - [2012/09/07 17:26:14 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 11:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/19 02:53:45 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/27 01:07:58 | 004,060,752 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/06/13 16:13:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/05/06 05:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/06/11 10:25:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/14 14:25:22 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/12/14 14:25:20 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/12/14 14:25:12 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dave\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/18 13:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/18 12:42:24 | 001,227,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2010/05/05 18:36:12 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/05/05 18:36:04 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/05/05 18:35:56 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/05/05 18:35:48 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/05/05 18:31:40 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/05/05 18:31:24 | 000,528,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/05/05 18:31:14 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/05/05 18:27:08 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2010/05/05 18:27:08 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/05/05 18:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2010/05/05 18:26:58 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/05/05 18:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2010/05/05 18:26:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/03/18 05:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 05:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 05:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 05:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/03/18 05:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2010/03/16 23:00:11 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/16 23:00:11 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2008/11/07 17:15:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/10/29 16:44:12 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2007/08/23 18:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?fr=yfp-t-403
IE - HKCU\..\SearchScopes,DefaultScope = {C13D584E-7EC8-447A-9AE6-30F9E81A2631}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C13D584E-7EC8-447A-9AE6-30F9E81A2631}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dave\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dave\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/25 17:40:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/20 23:43:06 | 000,000,000 | ---D | M]

[2010/06/13 14:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\Application Data\mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Dave\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/20 20:05:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120623111538.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msni in Computer)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msni in Local intranet)
O15 - HKCU\..Trusted Domains: //@[email protected] ([]msn in Computer)
O15 - HKCU\..Trusted Domains: champions-online.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: digitalchocolate.com ([*.zlane] * in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn...k.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/...me/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CED993FB-9B12-43DA-90A7-47D98F04AFC2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C0B6C9EF-4756-705F-3B36-4F23591A554D} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/20 20:22:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/20 20:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/20 20:09:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/20 20:08:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/20 20:08:56 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\temp
[2012/09/20 19:42:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/20 19:42:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/20 19:42:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/20 19:42:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/20 19:42:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/20 18:24:37 | 000,693,265 | ---- | C] (Farbar) -- C:\Users\Dave\Desktop\FSS.exe
[2012/09/20 18:21:48 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/20 18:16:23 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2012/09/20 18:15:43 | 004,754,465 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
[2012/09/20 17:57:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dave\Desktop\aswMBR.exe
[2012/09/20 02:25:01 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/20 02:03:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/20 02:03:04 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Virus Removal Logs
[2012/09/20 01:16:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/09/16 18:58:14 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Dave\Desktop\TheKiller.exe
[2012/09/16 18:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/11 22:07:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/11 22:07:07 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/11 22:06:53 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/11 22:06:52 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/20 23:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773537772-299500091-2391472651-1000UA.job
[2012/09/20 23:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/20 23:46:49 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 23:46:49 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 23:44:14 | 000,647,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/20 23:44:14 | 000,116,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/20 23:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/20 23:39:26 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 23:38:56 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2012/09/20 23:38:56 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2012/09/20 23:38:56 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2012/09/20 20:23:09 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 20:05:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/20 19:39:44 | 000,000,512 | ---- | M] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/09/20 18:24:41 | 000,693,265 | ---- | M] (Farbar) -- C:\Users\Dave\Desktop\FSS.exe
[2012/09/20 18:23:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\Dave\Desktop\VEW.exe
[2012/09/20 18:23:18 | 004,009,167 | ---- | M] () -- C:\Users\Dave\Desktop\ServicesRepair.exe
[2012/09/20 18:22:09 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dave\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/20 18:16:23 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2012/09/20 18:15:46 | 004,754,465 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
[2012/09/20 17:57:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dave\Desktop\aswMBR.exe
[2012/09/20 02:24:57 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/20 02:24:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/20 02:24:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/20 02:24:53 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/20 02:24:53 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/20 02:24:53 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/20 01:16:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2012/09/20 00:58:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773537772-299500091-2391472651-1000Core.job
[2012/09/20 00:45:45 | 000,000,485 | ---- | M] () -- C:\Users\Dave\Desktop\Administrative Tools - Shortcut.lnk
[2012/09/16 18:58:14 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Dave\Desktop\TheKiller.exe
[2012/09/16 18:20:27 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/07 17:26:13 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/07 17:26:13 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/22 13:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/22 13:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 20:23:09 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 19:42:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/20 19:42:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/20 19:42:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/20 19:42:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/20 19:42:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/20 19:39:44 | 000,000,512 | ---- | C] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/09/20 18:23:39 | 000,061,440 | ---- | C] ( ) -- C:\Users\Dave\Desktop\VEW.exe
[2012/09/20 18:23:15 | 004,009,167 | ---- | C] () -- C:\Users\Dave\Desktop\ServicesRepair.exe
[2012/09/20 00:45:45 | 000,000,485 | ---- | C] () -- C:\Users\Dave\Desktop\Administrative Tools - Shortcut.lnk
[2012/09/16 18:20:27 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/07 20:14:07 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/12/10 23:23:09 | 000,002,216 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011/05/21 01:43:48 | 002,928,640 | ---- | C] () -- C:\Windows\System32\CrypticError.exe
[2011/03/07 20:12:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/10 20:47:06 | 000,000,092 | ---- | C] () -- C:\Users\Dave\AppData\Local\fusioncache.dat
[2010/05/12 00:06:51 | 004,629,082 | ---- | C] () -- C:\Users\Dave\ac_desktops.zip

========== ZeroAccess Check ==========

[2011/07/18 00:01:16 | 000,000,576 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\home-pc$@mcafee[1].txt
[2011/04/08 06:36:30 | 000,000,506 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD5000AAKS-75A7B0
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: TEAC USB HS-CF Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: TEAC USB HS-xD/SM USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: TEAC USB HS-MS Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: TEAC USB HS-SD Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 63.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 66060288
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 16172187648
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2006/09/21 12:02:46 | 000,484,632 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2006/09/21 12:02:46 | 000,484,632 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\System32\nlaapi.dll
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/08 18:38:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/08 18:38:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/08 18:38:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/08 18:38:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/08 18:38:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/08 18:38:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

******************************************************************************

OTL Extras logfile created on: 9/20/2012 11:45:44 PM - Run 2
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Dave\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.32% Memory free
5.99 Gb Paging File | 4.58 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 142.69 Gb Free Space | 31.66% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.02 Gb Free Space | 33.45% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD88B6A-9742-44BB-A4E1-5325D20A4E96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0FADDEE0-72F3-450F-A49F-94B39C598266}" = lport=445 | protocol=6 | dir=in | app=system |
"{3981505B-8838-4ACC-B79F-E3C9D24D7B38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42AE22F8-A131-4E89-9818-712D7D069FAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4667FB4C-BE9A-43F8-B5C4-C000AA9FAA9E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{50632076-4FEF-4E46-BE51-5D5C73023AB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50C54C4B-72CA-4BEF-AF3A-DB370819546C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F689167-F155-4BD3-BC0D-C63C35327538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66C6BC07-7BC7-42C1-98CC-F6541ED206D0}" = lport=65125 | protocol=6 | dir=in | name=akamai netsession interface |
"{6C296132-5113-43BB-ACD5-61A1F608E97F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C583E98-B1DB-424C-8987-767DA62955C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{819DABC7-B340-461C-ADC5-3914E4C7E8DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{85164E91-DF04-4A48-B93C-B1ED602BB382}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CC93871-7104-4266-9100-1A3147DD9B36}" = rport=139 | protocol=6 | dir=out | app=system |
"{9280907C-A021-40A4-93CA-B0038D8FFEB6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3D5A68B-F7EE-4D88-B333-E161BA73A205}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4266BAD-89B6-4C0C-85AC-8A0E52F2A770}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4928E6D-B829-4B45-995D-5AAF52A0638B}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB07EA14-F9E2-409E-8F24-A2BE9F6AFB2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF632B3F-6D5B-4835-9A05-4E945A70ED73}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFAB2ACC-BFCB-4894-8FFB-435B82333826}" = rport=138 | protocol=17 | dir=out | app=system |
"{DCADC4A7-83E0-4B03-9C01-5B64A4FDB6B9}" = lport=138 | protocol=17 | dir=in | app=system |
"{E0BFD495-ADDA-4F4F-9517-F84B7BC46A2E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E2A89691-D2A0-4EB1-8319-592B88C1E901}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE634AE0-AFC2-4046-BB7F-EB82957E2E57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3C23713-4AC3-485F-B9B0-BA05787CA956}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD2D1D39-2FDA-4D22-8F4D-675209335133}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DFCB6D-032D-4EFE-AAF8-6A694FA6F594}" = protocol=6 | dir=in | app=c:\program files\funcom\the secret world\clientpatcher.exe |
"{0A0BF1BE-E54A-4F7D-AD37-0B43DB4E8AC6}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{0AA19158-A740-42A2-BD48-3155F7115AEA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.bat |
"{0FFA2F9F-232A-4DEA-895F-8E50ACC7B683}" = protocol=17 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe |
"{11E08267-C8EE-4A64-B524-99FEDBBC8BAD}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{16902AD7-8C55-400D-BA3F-14E989B8A8F4}" = protocol=17 | dir=in | app=c:\program files\funcom\the secret world\clientpatcher.exe |
"{16C9E287-7C61-4575-A6A2-DE960DA68742}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{177C5A96-97F4-4EBC-8AF3-443A78E996B2}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{17B01CEC-E567-4CB8-8919-57D8D7D92838}" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"{1D18CA41-0330-4344-A002-8E344F4F49EB}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{26804B56-6781-4E01-BD77-043D8191242D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{278A5631-FB8D-4B27-9FF5-E04F960BD5F1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{2809821A-4AB2-4653-BFF0-3AD5C605A8EF}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{286C8CB3-33C0-476E-B046-20B746BE94D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{287A303A-3132-49B5-AC1B-4E99D0595E05}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{30105A21-53FC-4AEF-A9AE-81290D9BD0C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3154156B-0BEB-49E1-BC20-D55A96CE2488}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{322ED2DE-B225-4497-9954-A1CD0A1905A6}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{33D3C5B3-1C57-48A3-81CA-EF2B4A4F14EA}" = protocol=17 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{3517441C-69DC-4445-A293-1DB972376257}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{360283ED-CA24-4D4B-89F7-1092E0BFF57E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{3ABDDCA4-27F7-4A2E-8F74-C975975CE1E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C5810DB-F6C4-4596-B7FE-ABFF220E540D}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CF49F5E-6BB9-42C0-85E2-02A740AF3563}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{3D401E13-66DE-4945-910E-22FCE2C2193E}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{4310E855-AA3C-43D8-BDC8-401461593916}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{43576D09-2E63-4595-84FF-1AB6E470EC24}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{4489620D-F46A-4D48-978D-C4D64148D7A1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{488BA701-3B68-4912-8993-AE383F86E09B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{48C37BF2-250C-4F6E-B67F-F4C89547DDA1}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{4ACAA9FF-CEAF-4125-9AE6-502CE9D96CAD}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{4C30ABD7-6EF7-4CFD-A659-083AA0873312}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4E31CDC0-0608-4630-BDEC-F935D9675AF1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4F57DF63-BE8C-445E-A386-22418559B012}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{593BC28A-13F9-4D5C-B099-A6D6684CA0D0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{5B6003C1-D124-40C4-97FA-DA0D260759E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62D2B39D-E200-4EED-818D-16032782209C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{653343A8-21DA-416D-9B9E-02F45AB23432}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{668EFE44-B677-4F41-9C32-15353D0E27DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68572A85-ACE2-49AA-B774-B54517CAC226}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6A38FEEB-E8FE-40B6-9FB4-26B4101D660A}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{6BE82F47-C252-4AB6-B06F-36ED55DFC85B}" = protocol=6 | dir=out | app=system |
"{6E7BA66D-7709-4971-9D23-4533E9EAD714}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{7267A04D-FBE9-4440-B174-1BA41FD73177}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{72E77F96-8256-46EC-9911-8D5094B7265A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{7522C754-CF27-481A-9AA5-F01C8EF6377E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7B6FA4AA-A0EA-46A7-A8D1-F303C90F1627}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{7EB862A4-C09E-47EF-B3A4-F542535DDF7B}" = protocol=17 | dir=in | app=c:\program files\360share pro\jre\bin\javaw.exe |
"{7FB7CB0B-83AA-4BBC-97CF-7F3EC9A51AE4}" = protocol=6 | dir=in | app=c:\program files\360share pro\jre\bin\javaw.exe |
"{80AC110C-7F3E-4FA7-92F9-4A693C90BAA6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8465F80F-CE36-478A-9AD1-41D91D82D5D2}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{86E076A0-7E35-4A13-B927-FA51B0C325A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87AA0326-3451-4EB6-BD2E-1195BFA72C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{884213A1-FC69-4F54-9AAC-BAC77947EA42}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{88E57771-9479-4B9C-AD35-877649A56F12}" = protocol=6 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe |
"{89526AD7-3145-49AD-BB2C-8DBB898972EF}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{8C909A51-B9BE-4BB7-A95A-03D32FA514D2}" = protocol=17 | dir=in | app=c:\program files\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{96169C6C-39CA-4E98-8A53-421DE48A824C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{96A27900-F4E6-4495-9C86-245C6CD78887}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{96FD1C0C-B67E-48B3-B4C5-F61C7C7A9985}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{98BDC49A-D389-4B09-AE81-860A82D18DDB}" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"{992F46B6-612E-42F0-9A3C-2FF2C790920D}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{9DCD8E69-2ACB-4583-B316-F6AF898BF753}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{9DE96EC8-7681-4A4D-BA32-59BFCA7CDB20}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{A0BDED0B-258C-43E6-8EC1-7A85AE31EA7A}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{A1F11EF1-FF08-4529-8B82-E8483EC82485}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A90113E8-8D59-491B-AB57-677C2EBD8DEC}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{AAC3740A-4C45-47B4-81EC-E4171189FE5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB5708A4-879F-46DA-9633-9ADAEAFE0AD3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE9236F7-DD51-4130-8582-C06D48EE0CB5}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B020C7A9-2D5B-49A5-BCFD-0AC542958059}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{B427A92E-837F-4447-948C-BFEC8854F933}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{B65EFB46-7A2C-490B-A899-E093A5263290}" = protocol=17 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{B68706D5-524B-4A2B-ADE6-DDDCCCC7962F}" = protocol=6 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{B6C7BE78-54BF-4B89-80D5-83B69B5FEDC7}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B83C6755-B1A3-417C-9CC6-F8BB645CEF9F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.bat |
"{BC411FE8-C521-4F06-B974-7FD5A822E99D}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{BCDA93D5-F743-42D3-A862-A1049C4C6FBB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C090A438-0324-41DE-971E-7D88EA2B8A5B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4C22A52-4C1F-4E58-889B-9877A62FED10}" = protocol=1 | dir=out | [email protected],-28544 |
"{C4FBB289-11AB-41B9-BE56-48FA1D7E05BD}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{C59CC7C7-2E71-4635-B8F1-7E73A373186C}" = protocol=6 | dir=in | app=c:\program files\dragon age origins character creator\daoriginslauncher.exe |
"{CFD8D6A6-C7F5-4E66-87D5-CCF9796B020B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D4275721-827C-4F24-AAD4-72C78E16793C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7B4AA8D-DF79-4AD6-8474-B1D4034D07E4}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{D90FF956-F1C9-4EC3-87A3-EAE0B976D695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA8BE7CA-6EEA-432E-81D8-8B8FD8BE00DB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DAA6A162-4DCC-4B66-99B2-F4FF3D7E1BDA}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{DAF1E9B5-835D-4B35-BE7F-9D9366CE6713}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DB85004F-943F-4222-9D68-99168A6496D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC465A94-8D84-4853-825B-8FE23400D219}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DCC7694C-B564-4F57-8AC4-5D3CAEDCAB04}" = protocol=58 | dir=out | [email protected],-28546 |
"{DF4B558E-935E-499F-A126-39AF7F134C0E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DF950D19-3B54-4712-B98E-9A35DFC7023C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E01675CB-C6B6-4EF7-AE07-A1C0C109EEE1}" = protocol=6 | dir=in | app=c:\program files\minions of mirth\bin\minionsofmirth.exe |
"{E05002A5-80BE-4085-BC60-B3C0B0D394E0}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{E142C01E-4E33-4144-A766-8393216A2CBD}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{E700DF05-7BE6-49B1-A552-85E5B6788C08}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{ED21E000-A463-49A7-9C5B-19CC1CC26359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEFCF647-CC9A-46A3-9E2C-4B327A8BE172}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F1661FC1-4855-422F-943A-C88AAF1796E5}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F24A7F90-0A40-4B59-9C4C-684D4DDEB00B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F63B1BD5-A327-496A-B7AE-C0C92AB7312B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{F7ADB349-68D4-4F50-BA0D-D1328BB5A124}" = protocol=58 | dir=in | [email protected],-28545 |
"{FA7807D2-100C-4D71-9B20-4F50552FE03A}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65B23C82-51A5-4ED9-ACE3-BB6029D5A733}" = Garmin City Navigator North America NT 2011.20 Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ - Mines of Moria™ - Live
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudibleManager" = AudibleManager
"AudioCS" = Creative Audio Control Panel
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Champions Online" = Champions Online
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Download Manager" = Download Manager 2.3.10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"New Lego Star Wars: The Complete Saga: Prima Official eGuide" = New Lego Star Wars: The Complete Saga: Prima Official eGuide
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"PROSetDX" = Intel® PRO Network Connections 12.1.12.4
"RegClean Pro_is1" = RegClean Pro
"SP6" = Logitech SetPoint 6.15
"Star Trek Online" = Star Trek Online
"Steam App 65800" = Dungeon Defenders
"SystemRequirementsLab" = System Requirements Lab
"The Secret World_is1" = The Secret World
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2012 11:41:17 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/28/2008 5:34:03 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/20/2012 11:40:04 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 9/20/2012 11:40:04 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 9/20/2012 11:40:15 PM | Computer Name = Home-PC | Source = PNRPSvc | ID = 102
Description =

Error - 9/20/2012 11:40:15 PM | Computer Name = Home-PC | Source = PNRPSvc | ID = 102
Description =

Error - 9/20/2012 11:40:15 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 9/20/2012 11:40:15 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 9/20/2012 11:40:16 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 9/20/2012 11:40:16 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 9/20/2012 11:41:45 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 9/20/2012 11:41:45 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >

******************************************************************************

Farbar Service Scanner Version: 19-09-2012
Ran by Dave (administrator) on 21-09-2012 at 00:19:45
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-11 22:07] - [2012-08-22 13:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
I don't see any sign of infections now. Combofix did say that your McAfee Firewall was turned off. Did you turn it off? Will it turn on?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Go into Control Panel, Prorams and Features and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 31
JavaFX 2.1.1

Unless you have a real need for Java we recommend that it be removed from your browser:

http://www.geekstogo...ur-web-browser/

Also until you get the MS update tomorrow we recommend you not use Internet Explorer as there is a big security hole in it.


Your VEW is showing a problem which we might be able to fix.

Copy the next 2 lines:

attrib -r -h -s \Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\idstore.sst
del \Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\idstore.sst


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter.

Close the Command Window.

Right click on Computer and select Manage.
- Go to Local Users and Groups -> Users
- Doubleclick UpdatusUser
- Click Member Of tab
- Click Add
- Type Administrators then Check Names
- Click OK, OK
- Start Services.msc
- Scroll down to "NVIDIA Update Service Daemon"
- Click Start.
- If all went well you will see a popup saying: The NVIDIA Update Service Daemon service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.



Then clear the event logs as before:
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Run VEW again and post the logs.
  • 0

#7
Dalancy

Dalancy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
When I turned off my virus scan to download ComboFix, I also turned off my Firewall, just in case. It is back up and running now.

I cleared the Java cache, removed the old Java versions, and disable Java in both Chrome and IE.

I ran the Command Prompt lines as you listed them.

When I click on Manage, I can't find the Local Users and Groups. I've stopped at this point until I hear from you, but again, as last night, my bed is calling me and I won't get back to this until after work today.

One additional question...on the gtg home page, there is a program download suggested for the IE security hole (EMET, I believe). Would you recommend this, or should I just wait until the patch you mentioned is coming tomorrow? Would the EMET program be useful to keep running even after the patch?

Thank you very much for the time you're taking to help me. I really appreciate it.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
NVIDIA which I suppose makes your video card should have created the UpdatusUser user when it installed its driver. You can look on your PC maker's website and get a new video driver and see if installing it helps (remember to right click and Run As Admin). Alternatively you can go into Services menu and right click on "NVIDIA Update Service Daemon" and select Properties then change the Startup Type: to Disabled and Apply. That should stop the error anyway.

I don't use IE because AdBlock Plus doesn't work with it and I'm too cheap to buy the paid version of Simple Adblock so have never bothered to read up on EMET so can't tell you anything about it. Sorry. They claim EMET and today's patch will work together so if you want to install it feel free.

We are done with the malware removal part of the process so you can start the cleanup process.

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. I used to recommend Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info but I understand it may not work without Java. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently actually makes things worse.

IF you are tired of paying money to McAfee, when your subscription expires, consider switching to the free Avast! It's a better anti-virus than McAfee and has some nice features such as the boot-time scan which I've used several times to clean out viruses that nothing else could.

http://www.avast.com...ivirus-download
Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho it won't be the top option.

The free version does not have its own Firewall but the free Online Armor works well with it. http://www.online-ar...n-software.html

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP