Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan:DOS/Aleuron.L - AV PROGRAMS ACTING ODD [Solved]

Started by SilasA , Oct 09 2012 05:39 PM

This topic is locked

#16
gringo_pr

Posted 13 October 2012 - 10:30 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

At the top of the Firefox window, click the "Firefox" button,
go over to the "Help" sub-menu
- (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
click "Reset Firefox" in the confirmation window that opens.
Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo

#17
SilasA

Posted 15 October 2012 - 02:54 AM

Member

Topic Starter
Member
19 posts

Good Day. Another item for your information. I installed another rudimentary 32 bit browser. K-Meleon 1.6.0 runs like a screaming demon and apparently completely troublefree. Full subscribed bandwidth usage at all times. NO Google redirects at all. This SourceForge "project" browser is doing what IE9, Firefox, and Chrome can not do at the present with their data feeds choked almost completely off.

I wonder if the difference between the 32 and 64 bit architecture has anything to do with this matter. K-Meleon is setup 'direct connection' (no proxy) and has convinced me no faults are with my net adapter or router and internet service. I had begun to wonder. Send a person a good virus to get him started. Then he'll finish destroying the machine on his own. That's what I have hoped to prevent by coming here.

I had been using FF 15.0.1 browser and when notified to get 16.0.1, I did. Firefox 16.0.1 was the worst nightmare imaginable. It was so unusable I had to do a restore back to a pre-Firefox update to get basic usage back. Freezes, lock-ups, even mouse-clicks were activating nearby buttons and not the one directly pointed at. Some really weird stuff going on.

Other programs ACDSee Photo Mgr and MS Word remain working well on a quick check. Thanks.

#18
gringo_pr

Posted 15 October 2012 - 10:34 AM

Trusted Helper

Malware Removal
7,268 posts

did you reset firefox like I asked - when you updated firefox did you uninstall the old one first

gringo

#19
SilasA

Posted 15 October 2012 - 10:45 AM

Member

Topic Starter
Member
19 posts

Sorry. Didn't see your 'Reset Firefox' reply ahead of my last reply. Yes, I did reset Firefox just a few minutes ago and it did not help any. Pages still load at 4~10Kb/s. Strange that K-Meleon works well and IE9/Firefox do not.

#20
gringo_pr

Posted 15 October 2012 - 10:57 AM

Trusted Helper

Malware Removal
7,268 posts

Hello

I want you to uninstall firefox and if asked about user data or settings then remove that also

restart the computer and reinstall firefox from here - https://www.mozilla....US/firefox/new/

if the new version still gives you problems uninstall that and install the old one from here - http://support.mozil...sion-of-firefox

#21
SilasA

Posted 15 October 2012 - 11:08 AM

Member

Topic Starter
Member
19 posts

No. I did not uninstall the older FF first. Should I try that now? Uninstall Firefox and download and reinstall a completely new installation?

#22
gringo_pr

Posted 15 October 2012 - 11:12 AM

Trusted Helper

Malware Removal
7,268 posts

yes I think an add/on messed things up

gringo

#23
SilasA

Posted 15 October 2012 - 02:25 PM

Member

Topic Starter
Member
19 posts

Uninstalled Firefox with Control Panel and reinstalled FF 16.0.1 and checking it out now.

#24
gringo_pr

Posted 15 October 2012 - 03:39 PM

Trusted Helper

Malware Removal
7,268 posts

I will be waiting for it

gringo

#25
SilasA

Posted 15 October 2012 - 10:02 PM

Member

Topic Starter
Member
19 posts

Redirects from Google search results clicks (to livesearchnow, hubpages) still happening with a pure FF 16.0.1 installation running and no add-ons installed. This is odd. The initial search from my entered topic is stable. It's clicking on the search result choices that redirect now.

When trying to download a fresh FF directly from mozilla.org, IE9 first shows a screen saying "no network connectivity" then after a short 3 second delay and no action on my part IE9 did connect and dl the FF install file. Installed OK with no previous data brought forward. It says this and although there are no 'extensions' and 'appearance items', there is a list of other program compatibility 'plug-ins' that always remain as carry-over from previous installs.

And I'm still getting the "Firefox.exe*32" still running beyond a FF exit. Closing FF and then waiting a minute or so to try a restart gets a box saying FF is still running. Task Mgr verifies it is.

Using Google Search "Images" I enter a search topic and hit enter. Google does not respond until I mouse-click the blue Google search button. It historically has been an instant response and nearly instant results loading. After a 30 second delay the Google page instantly shows the first page (16 pictures), From page 2 on the pics load extremely slow, about one pic per second although the gray pic boxes are already onscreen with the pic file info text info already shown for the individual pics on a mouse hover. The pics continue to load with only a 4-10Kb/s intermittent incoming net throughput. Net connectivity is degraded through these browsers, FF and IE9, and yet seems fine on a larger download or some other task not relating to page loading. I wish FF or IE9 worked as well as the featureless K-Meleon seems to work.

I've never seen such system degradation before and I've never had such a damaging virus before either. I've possibly done serious irreversible OS damage with my efforts against this malady. I've hesitated to makes system changes I'm not comfortable with. I do not delete files until I've researched the file's purpose and I'm convinced it should not be. The call of my Win7 install disk is getting louder. Again. Thanks. Just lemme know when you're ready to give it up. No harm, no foul.

#26
gringo_pr

Posted 15 October 2012 - 10:30 PM

Trusted Helper

Malware Removal
7,268 posts

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#27
SilasA

Posted 16 October 2012 - 02:07 AM

Member

Topic Starter
Member
19 posts

Log files as requested:

02:32:10.0585 6640 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
02:32:12.0600 6640 ============================================================
02:32:12.0600 6640 Current date / time: 2012/10/16 02:32:12.0600
02:32:12.0600 6640 SystemInfo:
02:32:12.0600 6640
02:32:12.0600 6640 OS Version: 6.1.7601 ServicePack: 1.0
02:32:12.0600 6640 Product type: Workstation
02:32:12.0600 6640 ComputerName: JADA-PC
02:32:12.0602 6640 UserName: JADA
02:32:12.0602 6640 Windows directory: C:\Windows
02:32:12.0602 6640 System windows directory: C:\Windows
02:32:12.0602 6640 Running under WOW64
02:32:12.0602 6640 Processor architecture: Intel x64
02:32:12.0602 6640 Number of processors: 2
02:32:12.0602 6640 Page size: 0x1000
02:32:12.0602 6640 Boot type: Normal boot
02:32:12.0602 6640 ============================================================
02:32:15.0137 6640 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x21DFEB, SectorsPerTrack: 0x2C, TracksPerCylinder: 0x4, Type 'K0', Flags 0x00000040
02:32:15.0148 6640 ============================================================
02:32:15.0148 6640 \Device\Harddisk0\DR0:
02:32:15.0148 6640 MBR partitions:
02:32:15.0148 6640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xBA4F800
02:32:15.0169 6640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCDD8800, BlocksNum 0xA6BF1B0
02:32:15.0170 6640 ============================================================
02:32:15.0240 6640 C: <-> \Device\Harddisk0\DR0\Partition1
02:32:15.0285 6640 D: <-> \Device\Harddisk0\DR0\Partition2
02:32:15.0285 6640 ============================================================
02:32:15.0285 6640 Initialize success
02:32:15.0285 6640 ============================================================
02:32:20.0889 7916 ============================================================
02:32:20.0889 7916 Scan started
02:32:20.0889 7916 Mode: Manual;
02:32:20.0889 7916 ============================================================
02:32:21.0808 7916 ================ Scan system memory ========================
02:32:21.0808 7916 System memory - ok
02:32:21.0809 7916 ================ Scan services =============================
02:32:21.0981 7916 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:32:21.0987 7916 1394ohci - ok
02:32:22.0052 7916 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:32:22.0058 7916 ACPI - ok
02:32:22.0088 7916 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:32:22.0091 7916 AcpiPmi - ok
02:32:22.0133 7916 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:32:22.0151 7916 adp94xx - ok
02:32:22.0173 7916 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:32:22.0191 7916 adpahci - ok
02:32:22.0216 7916 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:32:22.0221 7916 adpu320 - ok
02:32:22.0256 7916 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:32:22.0258 7916 AeLookupSvc - ok
02:32:22.0323 7916 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:32:22.0334 7916 AFD - ok
02:32:22.0431 7916 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
02:32:22.0476 7916 AgereSoftModem - ok
02:32:22.0573 7916 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:32:22.0603 7916 agp440 - ok
02:32:22.0624 7916 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:32:22.0627 7916 ALG - ok
02:32:22.0663 7916 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:32:22.0666 7916 aliide - ok
02:32:22.0683 7916 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:32:22.0686 7916 amdide - ok
02:32:22.0708 7916 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:32:22.0712 7916 AmdK8 - ok
02:32:22.0732 7916 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:32:22.0734 7916 AmdPPM - ok
02:32:22.0773 7916 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:32:22.0777 7916 amdsata - ok
02:32:22.0821 7916 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:32:22.0827 7916 amdsbs - ok
02:32:22.0851 7916 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:32:22.0853 7916 amdxata - ok
02:32:22.0899 7916 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:32:22.0902 7916 AppID - ok
02:32:22.0924 7916 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:32:22.0933 7916 AppIDSvc - ok
02:32:22.0966 7916 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:32:22.0971 7916 Appinfo - ok
02:32:23.0003 7916 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
02:32:23.0008 7916 AppMgmt - ok
02:32:23.0046 7916 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:32:23.0078 7916 arc - ok
02:32:23.0107 7916 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:32:23.0111 7916 arcsas - ok
02:32:23.0234 7916 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
02:32:23.0237 7916 ASLDRService - ok
02:32:23.0283 7916 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:32:23.0284 7916 AsyncMac - ok
02:32:23.0324 7916 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:32:23.0326 7916 atapi - ok
02:32:23.0443 7916 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
02:32:23.0528 7916 athr - ok
02:32:23.0583 7916 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:32:23.0609 7916 AudioEndpointBuilder - ok
02:32:23.0642 7916 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:32:23.0651 7916 AudioSrv - ok
02:32:23.0694 7916 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:32:23.0698 7916 AxInstSV - ok
02:32:23.0728 7916 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:32:23.0744 7916 b06bdrv - ok
02:32:23.0768 7916 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:32:23.0777 7916 b57nd60a - ok
02:32:23.0812 7916 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:32:23.0816 7916 BDESVC - ok
02:32:23.0854 7916 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:32:23.0857 7916 Beep - ok
02:32:23.0908 7916 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:32:23.0933 7916 BFE - ok
02:32:24.0007 7916 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
02:32:24.0074 7916 BITS - ok
02:32:24.0092 7916 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:32:24.0094 7916 blbdrive - ok
02:32:24.0143 7916 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:32:24.0147 7916 bowser - ok
02:32:24.0168 7916 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:32:24.0169 7916 BrFiltLo - ok
02:32:24.0189 7916 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:32:24.0192 7916 BrFiltUp - ok
02:32:24.0229 7916 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:32:24.0233 7916 BridgeMP - ok
02:32:24.0276 7916 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:32:24.0279 7916 Browser - ok
02:32:24.0304 7916 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:32:24.0322 7916 Brserid - ok
02:32:24.0344 7916 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:32:24.0347 7916 BrSerWdm - ok
02:32:24.0356 7916 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:32:24.0358 7916 BrUsbMdm - ok
02:32:24.0368 7916 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:32:24.0371 7916 BrUsbSer - ok
02:32:24.0442 7916 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
02:32:24.0444 7916 BthEnum - ok
02:32:24.0492 7916 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:32:24.0494 7916 BTHMODEM - ok
02:32:24.0544 7916 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
02:32:24.0549 7916 BthPan - ok
02:32:24.0599 7916 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
02:32:24.0626 7916 BTHPORT - ok
02:32:24.0793 7916 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:32:24.0836 7916 bthserv - ok
02:32:24.0894 7916 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
02:32:24.0898 7916 BTHUSB - ok
02:32:24.0962 7916 [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
02:32:24.0966 7916 btwaudio - ok
02:32:25.0016 7916 [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
02:32:25.0019 7916 btwavdt - ok
02:32:25.0108 7916 [ 47C53BBAB21B9D6A2547CC1BD954F595 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
02:32:25.0126 7916 btwdins - ok
02:32:25.0151 7916 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
02:32:25.0153 7916 btwl2cap - ok
02:32:25.0179 7916 [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
02:32:25.0182 7916 btwrchid - ok
02:32:25.0209 7916 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:32:25.0213 7916 cdfs - ok
02:32:25.0247 7916 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
02:32:25.0251 7916 cdrom - ok
02:32:25.0297 7916 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:32:25.0299 7916 CertPropSvc - ok
02:32:25.0317 7916 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:32:25.0319 7916 circlass - ok
02:32:25.0378 7916 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
02:32:25.0381 7916 CISVC - ok
02:32:25.0458 7916 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:32:25.0476 7916 CLFS - ok
02:32:25.0539 7916 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:32:25.0544 7916 clr_optimization_v2.0.50727_32 - ok
02:32:25.0617 7916 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:32:25.0621 7916 clr_optimization_v2.0.50727_64 - ok
02:32:25.0718 7916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:32:25.0771 7916 clr_optimization_v4.0.30319_32 - ok
02:32:25.0821 7916 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:32:25.0827 7916 clr_optimization_v4.0.30319_64 - ok
02:32:25.0882 7916 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:32:25.0884 7916 CmBatt - ok
02:32:25.0922 7916 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:32:25.0923 7916 cmdide - ok
02:32:25.0977 7916 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:32:25.0993 7916 CNG - ok
02:32:26.0028 7916 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:32:26.0031 7916 Compbatt - ok
02:32:26.0059 7916 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:32:26.0062 7916 CompositeBus - ok
02:32:26.0072 7916 COMSysApp - ok
02:32:26.0116 7916 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:32:26.0118 7916 crcdisk - ok
02:32:26.0162 7916 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:32:26.0168 7916 CryptSvc - ok
02:32:26.0227 7916 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
02:32:26.0244 7916 CSC - ok
02:32:26.0302 7916 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
02:32:26.0328 7916 CscService - ok
02:32:26.0354 7916 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
02:32:26.0357 7916 dc3d - ok
02:32:26.0406 7916 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:32:26.0419 7916 DcomLaunch - ok
02:32:26.0453 7916 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:32:26.0469 7916 defragsvc - ok
02:32:26.0509 7916 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:32:26.0513 7916 DfsC - ok
02:32:26.0537 7916 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:32:26.0546 7916 Dhcp - ok
02:32:26.0572 7916 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:32:26.0573 7916 discache - ok
02:32:26.0589 7916 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:32:26.0592 7916 Disk - ok
02:32:26.0622 7916 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:32:26.0627 7916 Dnscache - ok
02:32:26.0672 7916 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:32:26.0679 7916 dot3svc - ok
02:32:26.0723 7916 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:32:26.0729 7916 DPS - ok
02:32:26.0781 7916 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:32:26.0782 7916 drmkaud - ok
02:32:26.0846 7916 DUMeterSvc - ok
02:32:26.0926 7916 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:32:26.0959 7916 DXGKrnl - ok
02:32:26.0997 7916 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
02:32:27.0002 7916 E1G60 - ok
02:32:27.0034 7916 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:32:27.0039 7916 EapHost - ok
02:32:27.0154 7916 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:32:27.0276 7916 ebdrv - ok
02:32:27.0311 7916 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:32:27.0314 7916 EFS - ok
02:32:27.0384 7916 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:32:27.0411 7916 ehRecvr - ok
02:32:27.0434 7916 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:32:27.0438 7916 ehSched - ok
02:32:27.0481 7916 EIO64 - ok
02:32:27.0522 7916 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:32:27.0539 7916 elxstor - ok
02:32:27.0574 7916 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:32:27.0577 7916 ErrDev - ok
02:32:27.0642 7916 esgiguard - ok
02:32:27.0712 7916 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:32:27.0722 7916 EventSystem - ok
02:32:27.0747 7916 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:32:27.0753 7916 exfat - ok
02:32:27.0796 7916 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:32:27.0801 7916 fastfat - ok
02:32:27.0854 7916 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:32:27.0881 7916 Fax - ok
02:32:27.0899 7916 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:32:27.0902 7916 fdc - ok
02:32:27.0924 7916 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:32:27.0927 7916 fdPHost - ok
02:32:27.0946 7916 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:32:27.0949 7916 FDResPub - ok
02:32:27.0989 7916 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:32:27.0993 7916 FileInfo - ok
02:32:28.0013 7916 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:32:28.0016 7916 Filetrace - ok
02:32:28.0034 7916 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:32:28.0037 7916 flpydisk - ok
02:32:28.0086 7916 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:32:28.0094 7916 FltMgr - ok
02:32:28.0177 7916 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
02:32:28.0211 7916 FontCache - ok
02:32:28.0269 7916 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:32:28.0273 7916 FontCache3.0.0.0 - ok
02:32:28.0293 7916 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:32:28.0296 7916 FsDepends - ok
02:32:28.0352 7916 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:32:28.0354 7916 Fs_Rec - ok
02:32:28.0401 7916 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:32:28.0404 7916 fvevol - ok
02:32:28.0426 7916 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:32:28.0428 7916 gagp30kx - ok
02:32:28.0493 7916 [ 7D66EBDE8B7F9B4E00BEEFEEE82670D4 ] ghaio C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys
02:32:28.0494 7916 ghaio - ok
02:32:28.0554 7916 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:32:28.0581 7916 gpsvc - ok
02:32:28.0679 7916 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:32:28.0684 7916 gupdate - ok
02:32:28.0729 7916 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:32:28.0732 7916 gupdatem - ok
02:32:28.0751 7916 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:32:28.0753 7916 hcw85cir - ok
02:32:28.0818 7916 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:32:28.0827 7916 HdAudAddService - ok
02:32:28.0862 7916 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:32:28.0864 7916 HDAudBus - ok
02:32:28.0881 7916 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:32:28.0884 7916 HidBatt - ok
02:32:28.0901 7916 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:32:28.0904 7916 HidBth - ok
02:32:28.0924 7916 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:32:28.0929 7916 HidIr - ok
02:32:28.0968 7916 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
02:32:28.0971 7916 hidserv - ok
02:32:28.0993 7916 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:32:28.0996 7916 HidUsb - ok
02:32:29.0042 7916 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:32:29.0047 7916 hkmsvc - ok
02:32:29.0097 7916 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:32:29.0114 7916 HomeGroupListener - ok
02:32:29.0159 7916 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:32:29.0167 7916 HomeGroupProvider - ok
02:32:29.0201 7916 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:32:29.0204 7916 HpSAMD - ok
02:32:29.0274 7916 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:32:29.0301 7916 HTTP - ok
02:32:29.0341 7916 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:32:29.0342 7916 hwpolicy - ok
02:32:29.0388 7916 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
02:32:29.0392 7916 i8042prt - ok
02:32:29.0439 7916 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:32:29.0456 7916 iaStorV - ok
02:32:29.0523 7916 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:32:29.0528 7916 IDriverT - ok
02:32:29.0599 7916 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:32:29.0626 7916 idsvc - ok
02:32:29.0756 7916 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:32:29.0823 7916 iirsp - ok
02:32:29.0917 7916 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:32:29.0938 7916 IKEEXT - ok
02:32:30.0044 7916 [ 58A60DF2B6D0D6B09E44CAC7F1D2AB6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:32:30.0106 7916 IntcAzAudAddService - ok
02:32:30.0146 7916 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:32:30.0148 7916 intelide - ok
02:32:30.0172 7916 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:32:30.0174 7916 intelppm - ok
02:32:30.0224 7916 [ 7BDB4E00E1CB174B56E5B2C31DDE68A7 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
02:32:30.0227 7916 IntuitUpdateService - ok
02:32:30.0249 7916 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:32:30.0254 7916 IPBusEnum - ok
02:32:30.0277 7916 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:32:30.0281 7916 IpFilterDriver - ok
02:32:30.0333 7916 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:32:30.0347 7916 iphlpsvc - ok
02:32:30.0377 7916 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:32:30.0379 7916 IPMIDRV - ok
02:32:30.0428 7916 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:32:30.0431 7916 IPNAT - ok
02:32:30.0447 7916 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:32:30.0449 7916 IRENUM - ok
02:32:30.0499 7916 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:32:30.0502 7916 isapnp - ok
02:32:30.0537 7916 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:32:30.0553 7916 iScsiPrt - ok
02:32:30.0586 7916 [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
02:32:30.0588 7916 itecir - ok
02:32:30.0628 7916 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:32:30.0631 7916 kbdclass - ok
02:32:30.0661 7916 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:32:30.0663 7916 kbdhid - ok
02:32:30.0676 7916 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:32:30.0679 7916 KeyIso - ok
02:32:30.0718 7916 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:32:30.0722 7916 KSecDD - ok
02:32:30.0772 7916 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:32:30.0777 7916 KSecPkg - ok
02:32:30.0816 7916 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:32:30.0817 7916 ksthunk - ok
02:32:30.0849 7916 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:32:30.0861 7916 KtmRm - ok
02:32:30.0917 7916 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
02:32:30.0934 7916 LanmanServer - ok
02:32:30.0979 7916 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:32:30.0996 7916 LanmanWorkstation - ok
02:32:31.0094 7916 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
02:32:31.0103 7916 LBTServ - ok
02:32:31.0162 7916 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
02:32:31.0166 7916 LEqdUsb - ok
02:32:31.0189 7916 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
02:32:31.0191 7916 LHidEqd - ok
02:32:31.0249 7916 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
02:32:31.0253 7916 LHidFilt - ok
02:32:31.0288 7916 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:32:31.0292 7916 lltdio - ok
02:32:31.0351 7916 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:32:31.0359 7916 lltdsvc - ok
02:32:31.0377 7916 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:32:31.0381 7916 lmhosts - ok
02:32:31.0393 7916 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
02:32:31.0397 7916 LMouFilt - ok
02:32:31.0437 7916 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:32:31.0442 7916 LSI_FC - ok
02:32:31.0461 7916 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:32:31.0466 7916 LSI_SAS - ok
02:32:31.0482 7916 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:32:31.0484 7916 LSI_SAS2 - ok
02:32:31.0501 7916 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:32:31.0504 7916 LSI_SCSI - ok
02:32:31.0544 7916 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:32:31.0548 7916 luafv - ok
02:32:31.0644 7916 [ FBD57A7C443C85CC6C6169493A020FDF ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
02:32:31.0652 7916 McciCMService64 - ok
02:32:31.0696 7916 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:32:31.0702 7916 Mcx2Svc - ok
02:32:31.0724 7916 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:32:31.0727 7916 megasas - ok
02:32:31.0747 7916 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:32:31.0754 7916 MegaSR - ok
02:32:31.0787 7916 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:32:31.0792 7916 MMCSS - ok
02:32:31.0808 7916 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:32:31.0809 7916 Modem - ok
02:32:31.0844 7916 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:32:31.0846 7916 monitor - ok
02:32:31.0887 7916 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:32:31.0889 7916 mouclass - ok
02:32:31.0928 7916 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:32:31.0931 7916 mouhid - ok
02:32:31.0974 7916 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:32:31.0976 7916 mountmgr - ok
02:32:32.0047 7916 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:32:32.0048 7916 MozillaMaintenance - ok
02:32:32.0127 7916 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
02:32:32.0133 7916 MpFilter - ok
02:32:32.0162 7916 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:32:32.0167 7916 mpio - ok
02:32:32.0183 7916 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:32:32.0189 7916 mpsdrv - ok
02:32:32.0254 7916 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:32:32.0281 7916 MpsSvc - ok
02:32:32.0287 7916 MREMP50 - ok
02:32:32.0313 7916 MREMP50a64 - ok
02:32:32.0324 7916 MREMPR5 - ok
02:32:32.0336 7916 MRENDIS5 - ok
02:32:32.0346 7916 MRESP50 - ok
02:32:32.0356 7916 MRESP50a64 - ok
02:32:32.0388 7916 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:32:32.0393 7916 MRxDAV - ok
02:32:32.0417 7916 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:32:32.0422 7916 mrxsmb - ok
02:32:32.0473 7916 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:32:32.0489 7916 mrxsmb10 - ok
02:32:32.0534 7916 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:32:32.0538 7916 mrxsmb20 - ok
02:32:32.0578 7916 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:32:32.0579 7916 msahci - ok
02:32:32.0612 7916 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:32:32.0617 7916 msdsm - ok
02:32:32.0642 7916 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:32:32.0649 7916 MSDTC - ok
02:32:32.0718 7916 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:32:32.0722 7916 Msfs - ok
02:32:32.0743 7916 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:32:32.0746 7916 mshidkmdf - ok
02:32:32.0782 7916 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:32:32.0784 7916 msisadrv - ok
02:32:32.0826 7916 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:32:32.0833 7916 MSiSCSI - ok
02:32:32.0843 7916 msiserver - ok
02:32:32.0891 7916 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:32:32.0893 7916 MSKSSRV - ok
02:32:32.0961 7916 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
02:32:32.0961 7916 MsMpSvc - ok
02:32:32.0993 7916 MSMQSVC - ok
02:32:33.0021 7916 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:32:33.0022 7916 MSPCLOCK - ok
02:32:33.0031 7916 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:32:33.0032 7916 MSPQM - ok
02:32:33.0082 7916 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:32:33.0092 7916 MsRPC - ok
02:32:33.0142 7916 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:32:33.0143 7916 mssmbios - ok
02:32:33.0153 7916 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:32:33.0158 7916 MSTEE - ok
02:32:33.0168 7916 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:32:33.0172 7916 MTConfig - ok
02:32:33.0221 7916 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
02:32:33.0222 7916 MTsensor - ok
02:32:33.0241 7916 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:32:33.0244 7916 Mup - ok
02:32:33.0307 7916 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:32:33.0321 7916 napagent - ok
02:32:33.0379 7916 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:32:33.0387 7916 NativeWifiP - ok
02:32:33.0438 7916 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:32:33.0473 7916 NDIS - ok
02:32:33.0492 7916 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:32:33.0494 7916 NdisCap - ok
02:32:33.0538 7916 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:32:33.0541 7916 NdisTapi - ok
02:32:33.0584 7916 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:32:33.0587 7916 Ndisuio - ok
02:32:33.0628 7916 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:32:33.0633 7916 NdisWan - ok
02:32:33.0672 7916 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:32:33.0674 7916 NDProxy - ok
02:32:33.0693 7916 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:32:33.0696 7916 NetBIOS - ok
02:32:33.0754 7916 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:32:33.0761 7916 NetBT - ok
02:32:33.0774 7916 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:32:33.0777 7916 Netlogon - ok
02:32:33.0811 7916 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:32:33.0828 7916 Netman - ok
02:32:33.0853 7916 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:32:33.0866 7916 netprofm - ok
02:32:33.0891 7916 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:32:33.0896 7916 NetTcpPortSharing - ok
02:32:33.0916 7916 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:32:33.0918 7916 nfrd960 - ok
02:32:33.0988 7916 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:32:33.0992 7916 NisDrv - ok
02:32:34.0034 7916 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
02:32:34.0042 7916 NisSrv - ok
02:32:34.0088 7916 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:32:34.0098 7916 NlaSvc - ok
02:32:34.0112 7916 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:32:34.0116 7916 Npfs - ok
02:32:34.0146 7916 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:32:34.0149 7916 nsi - ok
02:32:34.0164 7916 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:32:34.0166 7916 nsiproxy - ok
02:32:34.0266 7916 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:32:34.0318 7916 Ntfs - ok
02:32:34.0400 7916 nTuneService - ok
02:32:34.0438 7916 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
02:32:34.0441 7916 NuidFltr - ok
02:32:34.0463 7916 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:32:34.0466 7916 Null - ok
02:32:34.0502 7916 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
02:32:34.0507 7916 NVHDA - ok
02:32:35.0158 7916 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:32:35.0540 7916 nvlddmkm - ok
02:32:35.0635 7916 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
02:32:35.0637 7916 nvoclk64 - ok
02:32:35.0677 7916 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:32:35.0682 7916 nvraid - ok
02:32:35.0701 7916 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:32:35.0706 7916 nvstor - ok
02:32:35.0760 7916 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
02:32:35.0782 7916 nvsvc - ok
02:32:35.0890 7916 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:32:35.0958 7916 nvUpdatusService - ok
02:32:35.0998 7916 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:32:36.0002 7916 nv_agp - ok
02:32:36.0121 7916 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:32:36.0138 7916 odserv - ok
02:32:36.0165 7916 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:32:36.0167 7916 ohci1394 - ok
02:32:36.0201 7916 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:32:36.0206 7916 ose - ok
02:32:36.0242 7916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:32:36.0260 7916 p2pimsvc - ok
02:32:36.0285 7916 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:32:36.0302 7916 p2psvc - ok
02:32:36.0331 7916 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:32:36.0335 7916 Parport - ok
02:32:36.0382 7916 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:32:36.0386 7916 partmgr - ok
02:32:36.0401 7916 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:32:36.0408 7916 PcaSvc - ok
02:32:36.0453 7916 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:32:36.0458 7916 pci - ok
02:32:36.0498 7916 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:32:36.0501 7916 pciide - ok
02:32:36.0530 7916 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:32:36.0536 7916 pcmcia - ok
02:32:36.0578 7916 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:32:36.0581 7916 pcw - ok
02:32:36.0611 7916 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:32:36.0626 7916 PEAUTH - ok
02:32:36.0687 7916 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
02:32:36.0731 7916 PeerDistSvc - ok
02:32:36.0813 7916 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:32:36.0817 7916 PerfHost - ok
02:32:36.0905 7916 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:32:36.0948 7916 pla - ok
02:32:37.0033 7916 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:32:37.0050 7916 PlugPlay - ok
02:32:37.0072 7916 PnkBstrA - ok
02:32:37.0085 7916 PnkBstrB - ok
02:32:37.0113 7916 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:32:37.0118 7916 PNRPAutoReg - ok
02:32:37.0141 7916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:32:37.0148 7916 PNRPsvc - ok
02:32:37.0186 7916 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
02:32:37.0188 7916 Point64 - ok
02:32:37.0238 7916 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:32:37.0251 7916 PolicyAgent - ok
02:32:37.0287 7916 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:32:37.0295 7916 Power - ok
02:32:37.0331 7916 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:32:37.0335 7916 PptpMiniport - ok
02:32:37.0355 7916 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:32:37.0358 7916 Processor - ok
02:32:37.0388 7916 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:32:37.0397 7916 ProfSvc - ok
02:32:37.0415 7916 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:32:37.0417 7916 ProtectedStorage - ok
02:32:37.0457 7916 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:32:37.0460 7916 Psched - ok
02:32:37.0522 7916 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:32:37.0575 7916 ql2300 - ok
02:32:37.0598 7916 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:32:37.0602 7916 ql40xx - ok
02:32:37.0637 7916 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:32:37.0655 7916 QWAVE - ok
02:32:37.0676 7916 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:32:37.0680 7916 QWAVEdrv - ok
02:32:37.0698 7916 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:32:37.0700 7916 RasAcd - ok
02:32:37.0727 7916 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:32:37.0730 7916 RasAgileVpn - ok
02:32:37.0750 7916 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:32:37.0757 7916 RasAuto - ok
02:32:37.0808 7916 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:32:37.0812 7916 Rasl2tp - ok
02:32:37.0840 7916 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:32:37.0851 7916 RasMan - ok
02:32:37.0872 7916 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:32:37.0876 7916 RasPppoe - ok
02:32:37.0893 7916 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:32:37.0897 7916 RasSstp - ok
02:32:37.0948 7916 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:32:37.0965 7916 rdbss - ok
02:32:38.0013 7916 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:32:38.0016 7916 rdpbus - ok
02:32:38.0028 7916 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:32:38.0028 7916 RDPCDD - ok
02:32:38.0083 7916 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
02:32:38.0090 7916 RDPDR - ok
02:32:38.0103 7916 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:32:38.0105 7916 RDPENCDD - ok
02:32:38.0123 7916 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:32:38.0125 7916 RDPREFMP - ok
02:32:38.0170 7916 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
02:32:38.0173 7916 RdpVideoMiniport - ok
02:32:38.0227 7916 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:32:38.0235 7916 RDPWD - ok
02:32:38.0281 7916 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:32:38.0287 7916 rdyboost - ok
02:32:38.0312 7916 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:32:38.0318 7916 RemoteAccess - ok
02:32:38.0350 7916 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:32:38.0358 7916 RemoteRegistry - ok
02:32:38.0415 7916 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
02:32:38.0421 7916 RFCOMM - ok
02:32:38.0455 7916 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
02:32:38.0457 7916 rimmptsk - ok
02:32:38.0501 7916 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
02:32:38.0505 7916 rimsptsk - ok
02:32:38.0523 7916 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
02:32:38.0527 7916 rismxdp - ok
02:32:38.0545 7916 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:32:38.0550 7916 RpcEptMapper - ok
02:32:38.0573 7916 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:32:38.0577 7916 RpcLocator - ok
02:32:38.0632 7916 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
02:32:38.0642 7916 RpcSs - ok
02:32:38.0672 7916 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:32:38.0676 7916 rspndr - ok
02:32:38.0716 7916 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:32:38.0725 7916 RTL8167 - ok
02:32:38.0753 7916 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
02:32:38.0756 7916 s3cap - ok
02:32:38.0772 7916 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:32:38.0775 7916 SamSs - ok
02:32:38.0803 7916 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:32:38.0808 7916 sbp2port - ok
02:32:38.0840 7916 SBRE - ok
02:32:38.0878 7916 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:32:38.0887 7916 SCardSvr - ok
02:32:38.0922 7916 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:32:38.0925 7916 scfilter - ok
02:32:38.0998 7916 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:32:39.0060 7916 Schedule - ok
02:32:39.0098 7916 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:32:39.0100 7916 SCPolicySvc - ok
02:32:39.0156 7916 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
02:32:39.0160 7916 sdbus - ok
02:32:39.0207 7916 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:32:39.0216 7916 SDRSVC - ok
02:32:39.0267 7916 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:32:39.0268 7916 secdrv - ok
02:32:39.0286 7916 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:32:39.0292 7916 seclogon - ok
02:32:39.0310 7916 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
02:32:39.0316 7916 SENS - ok
02:32:39.0336 7916 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:32:39.0342 7916 SensrSvc - ok
02:32:39.0360 7916 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:32:39.0362 7916 Serenum - ok
02:32:39.0390 7916 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:32:39.0395 7916 Serial - ok
02:32:39.0430 7916 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:32:39.0432 7916 sermouse - ok
02:32:39.0487 7916 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:32:39.0495 7916 SessionEnv - ok
02:32:39.0542 7916 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:32:39.0545 7916 sffdisk - ok
02:32:39.0565 7916 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:32:39.0567 7916 sffp_mmc - ok
02:32:39.0577 7916 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:32:39.0580 7916 sffp_sd - ok
02:32:39.0621 7916 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:32:39.0623 7916 sfloppy - ok
02:32:39.0896 7916 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:32:39.0913 7916 SharedAccess - ok
02:32:39.0976 7916 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:32:39.0988 7916 ShellHWDetection - ok
02:32:40.0038 7916 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:32:40.0042 7916 SiSRaid2 - ok
02:32:40.0065 7916 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:32:40.0068 7916 SiSRaid4 - ok
02:32:40.0085 7916 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:32:40.0088 7916 Smb - ok
02:32:40.0148 7916 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:32:40.0153 7916 SNMPTRAP - ok
02:32:40.0186 7916 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:32:40.0188 7916 spldr - ok
02:32:40.0282 7916 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
02:32:40.0286 7916 spmgr - ok
02:32:40.0330 7916 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:32:40.0355 7916 Spooler - ok
02:32:40.0507 7916 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:32:40.0612 7916 sppsvc - ok
02:32:40.0655 7916 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:32:40.0662 7916 sppuinotify - ok
02:32:40.0740 7916 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
02:32:40.0766 7916 sptd - ok
02:32:40.0823 7916 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:32:40.0850 7916 srv - ok
02:32:40.0901 7916 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:32:40.0918 7916 srv2 - ok
02:32:40.0942 7916 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:32:40.0947 7916 srvnet - ok
02:32:40.0985 7916 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:32:41.0001 7916 SSDPSRV - ok
02:32:41.0020 7916 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:32:41.0026 7916 SstpSvc - ok
02:32:41.0118 7916 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:32:41.0127 7916 Stereo Service - ok
02:32:41.0157 7916 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:32:41.0160 7916 stexstor - ok
02:32:41.0212 7916 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:32:41.0238 7916 stisvc - ok
02:32:41.0266 7916 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
02:32:41.0270 7916 storflt - ok
02:32:41.0307 7916 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
02:32:41.0311 7916 storvsc - ok
02:32:41.0352 7916 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:32:41.0355 7916 swenum - ok
02:32:41.0403 7916 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:32:41.0430 7916 swprv - ok
02:32:41.0456 7916 Synth3dVsc - ok
02:32:41.0496 7916 [ 0FAA1933FBCF916C301FF94ACC623031 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:32:41.0512 7916 SynTP - ok
02:32:41.0606 7916 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:32:41.0666 7916 SysMain - ok
02:32:41.0712 7916 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:32:41.0720 7916 TabletInputService - ok
02:32:41.0770 7916 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:32:41.0782 7916 TapiSrv - ok
02:32:41.0803 7916 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:32:41.0810 7916 TBS - ok
02:32:41.0983 7916 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:32:42.0042 7916 Tcpip - ok
02:32:42.0132 7916 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:32:42.0155 7916 TCPIP6 - ok
02:32:42.0211 7916 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:32:42.0213 7916 tcpipreg - ok
02:32:42.0246 7916 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:32:42.0248 7916 TDPIPE - ok
02:32:42.0286 7916 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:32:42.0288 7916 TDTCP - ok
02:32:42.0331 7916 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:32:42.0335 7916 tdx - ok
02:32:42.0376 7916 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:32:42.0378 7916 TermDD - ok
02:32:42.0441 7916 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:32:42.0467 7916 TermService - ok
02:32:42.0496 7916 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:32:42.0501 7916 Themes - ok
02:32:42.0532 7916 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:32:42.0536 7916 THREADORDER - ok
02:32:42.0552 7916 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:32:42.0560 7916 TrkWks - ok
02:32:42.0597 7916 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:32:42.0602 7916 TrustedInstaller - ok
02:32:42.0647 7916 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:32:42.0648 7916 tssecsrv - ok
02:32:42.0691 7916 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:32:42.0695 7916 TsUsbFlt - ok
02:32:42.0727 7916 tsusbhub - ok
02:32:42.0757 7916 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:32:42.0761 7916 tunnel - ok
02:32:42.0793 7916 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:32:42.0797 7916 uagp35 - ok
02:32:42.0828 7916 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:32:42.0837 7916 udfs - ok
02:32:42.0880 7916 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:32:42.0886 7916 UI0Detect - ok
02:32:42.0933 7916 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:32:42.0947 7916 uliagpkx - ok
02:32:42.0976 7916 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:32:42.0978 7916 umbus - ok
02:32:42.0996 7916 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:32:42.0998 7916 UmPass - ok
02:32:43.0043 7916 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
02:32:43.0052 7916 UmRdpService - ok
02:32:43.0117 7916 UpdateCenterService - ok
02:32:43.0157 7916 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:32:43.0168 7916 upnphost - ok
02:32:43.0217 7916 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:32:43.0221 7916 usbccgp - ok
02:32:43.0261 7916 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:32:43.0266 7916 usbcir - ok
02:32:43.0302 7916 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:32:43.0306 7916 usbehci - ok
02:32:43.0345 7916 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:32:43.0353 7916 usbhub - ok
02:32:43.0376 7916 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:32:43.0380 7916 usbohci - ok
02:32:43.0406 7916 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:32:43.0408 7916 usbprint - ok
02:32:43.0435 7916 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
02:32:43.0437 7916 usbser - ok
02:32:43.0481 7916 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:32:43.0485 7916 USBSTOR - ok
02:32:43.0505 7916 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:32:43.0507 7916 usbuhci - ok
02:32:43.0567 7916 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
02:32:43.0573 7916 usbvideo - ok
02:32:43.0610 7916 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:32:43.0616 7916 UxSms - ok
02:32:43.0627 7916 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:32:43.0631 7916 VaultSvc - ok
02:32:43.0675 7916 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:32:43.0677 7916 vdrvroot - ok
02:32:43.0722 7916 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:32:43.0747 7916 vds - ok
02:32:43.0783 7916 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:32:43.0787 7916 vga - ok
02:32:43.0795 7916 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:32:43.0801 7916 VgaSave - ok
02:32:43.0823 7916 VGPU - ok
02:32:43.0861 7916 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:32:43.0867 7916 vhdmp - ok
02:32:43.0902 7916 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:32:43.0905 7916 viaide - ok
02:32:43.0937 7916 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
02:32:43.0943 7916 vmbus - ok
02:32:43.0972 7916 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
02:32:43.0976 7916 VMBusHID - ok
02:32:44.0012 7916 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:32:44.0016 7916 volmgr - ok
02:32:44.0042 7916 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:32:44.0051 7916 volmgrx - ok
02:32:44.0085 7916 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:32:44.0102 7916 volsnap - ok
02:32:44.0123 7916 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:32:44.0128 7916 vsmraid - ok
02:32:44.0208 7916 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:32:44.0261 7916 VSS - ok
02:32:44.0276 7916 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:32:44.0278 7916 vwifibus - ok
02:32:44.0328 7916 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:32:44.0331 7916 vwififlt - ok
02:32:44.0350 7916 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
02:32:44.0352 7916 vwifimp - ok
02:32:44.0390 7916 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:32:44.0407 7916 W32Time - ok
02:32:44.0430 7916 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:32:44.0432 7916 WacomPen - ok
02:32:44.0476 7916 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:32:44.0480 7916 WANARP - ok
02:32:44.0487 7916 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:32:44.0490 7916 Wanarpv6 - ok
02:32:44.0577 7916 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:32:44.0622 7916 WatAdminSvc - ok
02:32:44.0798 7916 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:32:44.0925 7916 wbengine - ok
02:32:44.0963 7916 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:32:44.0973 7916 WbioSrvc - ok
02:32:45.0023 7916 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:32:45.0036 7916 wcncsvc - ok
02:32:45.0052 7916 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:32:45.0060 7916 WcsPlugInService - ok
02:32:45.0078 7916 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:32:45.0081 7916 Wd - ok
02:32:45.0118 7916 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:32:45.0133 7916 Wdf01000 - ok
02:32:45.0165 7916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:32:45.0172 7916 WdiServiceHost - ok
02:32:45.0190 7916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:32:45.0196 7916 WdiSystemHost - ok
02:32:45.0225 7916 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:32:45.0235 7916 WebClient - ok
02:32:45.0266 7916 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:32:45.0276 7916 Wecsvc - ok
02:32:45.0298 7916 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:32:45.0316 7916 wercplsupport - ok
02:32:45.0328 7916 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:32:45.0335 7916 WerSvc - ok
02:32:45.0351 7916 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:32:45.0353 7916 WfpLwf - ok
02:32:45.0373 7916 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:32:45.0376 7916 WIMMount - ok
02:32:45.0435 7916 WinDefend - ok
02:32:45.0446 7916 WinHttpAutoProxySvc - ok
02:32:45.0531 7916 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:32:45.0537 7916 Winmgmt - ok
02:32:45.0631 7916 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:32:45.0701 7916 WinRM - ok
02:32:45.0750 7916 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:32:45.0752 7916 WinUsb - ok
02:32:45.0808 7916 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:32:45.0842 7916 Wlansvc - ok
02:32:46.0022 7916 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:32:46.0091 7916 wlidsvc - ok
02:32:46.0138 7916 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:32:46.0141 7916 WmiAcpi - ok
02:32:46.0178 7916 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:32:46.0185 7916 wmiApSrv - ok
02:32:46.0232 7916 WMPNetworkSvc - ok
02:32:46.0258 7916 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:32:46.0265 7916 WPCSvc - ok
02:32:46.0306 7916 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:32:46.0315 7916 WPDBusEnum - ok
02:32:46.0345 7916 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:32:46.0347 7916 ws2ifsl - ok
02:32:46.0385 7916 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
02:32:46.0391 7916 wscsvc - ok
02:32:46.0401 7916 WSearch - ok
02:32:46.0518 7916 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
02:32:46.0588 7916 wuauserv - ok
02:32:46.0627 7916 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:32:46.0631 7916 WudfPf - ok
02:32:46.0657 7916 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:32:46.0662 7916 WUDFRd - ok
02:32:46.0701 7916 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:32:46.0717 7916 wudfsvc - ok
02:32:46.0745 7916 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:32:46.0755 7916 WwanSvc - ok
02:32:46.0782 7916 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
02:32:46.0785 7916 xusb21 - ok
02:32:46.0823 7916 ================ Scan global ===============================
02:32:46.0875 7916 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:32:46.0920 7916 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
02:32:46.0953 7916 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
02:32:47.0158 7916 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:32:47.0231 7916 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:32:47.0242 7916 [Global] - ok
02:32:47.0243 7916 ================ Scan MBR ==================================
02:32:47.0263 7916 [ B47E6D7DB809BDD6127078C2DDDB6D60 ] \Device\Harddisk0\DR0
02:32:47.0265 7916 Suspicious mbr (Forged): \Device\Harddisk0\DR0
02:32:47.0293 7916 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
02:32:47.0293 7916 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
02:32:47.0296 7916 ================ Scan VBR ==================================
02:32:47.0325 7916 [ DD2941BCF3292F689E9E2635EEA08DE4 ] \Device\Harddisk0\DR0\Partition1
02:32:47.0327 7916 \Device\Harddisk0\DR0\Partition1 - ok
02:32:47.0348 7916 [ BD38DD6970E5F9C1A17CA047C718FDB7 ] \Device\Harddisk0\DR0\Partition2
02:32:47.0351 7916 \Device\Harddisk0\DR0\Partition2 - ok
02:32:47.0352 7916 ============================================================
02:32:47.0352 7916 Scan finished
02:32:47.0352 7916 ============================================================
02:32:47.0381 6708 Detected object count: 1
02:32:47.0381 6708 Actual detected object count: 1
02:33:45.0173 6708 \Device\Harddisk0\DR0\# - copied to quarantine
02:33:45.0311 6708 \Device\Harddisk0\DR0 - copied to quarantine
02:33:49.0248 6708 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
02:33:49.0269 6708 \Device\Harddisk0\DR0 - ok
02:33:49.0292 6708 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
02:34:10.0940 8048 Deinitialize success

(Note: I did a reboot and there is a remarkable return to quick no-delay functionality. Fast searches and pics pouring into Google search results like throwing paint on the PC. Good deal. I'll send this reply and continue checking functionality. Thanks.)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-16 02:53:47
-----------------------------
02:53:47.274 OS Version: Windows x64 6.1.7601 Service Pack 1
02:53:47.274 Number of processors: 2 586 0xF0D
02:53:47.276 ComputerName: JADA-PC UserName: JADA
02:53:48.064 Initialize success
03:00:21.759 AVAST engine defs: 12101600
03:00:48.864 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:00:48.869 Disk 0 Vendor: ST9200420AS 3.AAA Size: 190782MB BusType: 11
03:00:48.917 Disk 0 MBR read successfully
03:00:48.922 Disk 0 MBR scan
03:00:48.934 Disk 0 Windows 7 default MBR code
03:00:48.940 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10000 MB offset 2048
03:00:48.962 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 95391 MB offset 20482048
03:00:49.026 Disk 0 Partition - 00 0F Extended LBA 85390 MB offset 215842816
03:00:49.052 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 85374 MB offset 215844864
03:00:49.186 Disk 0 scanning C:\Windows\system32\drivers
03:01:13.351 Service scanning
03:02:09.314 Modules scanning
03:02:09.331 Disk 0 trace - called modules:
03:02:09.727 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
03:02:09.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049ba5c0]
03:02:09.747 3 CLASSPNP.SYS[fffff880013bb43f] -> nt!IofCallDriver -> [0xfffffa80047361e0]
03:02:09.765 5 ACPI.sys[fffff88000f557a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800473f060]
03:02:10.655 AVAST engine scan C:\Windows
03:02:17.354 AVAST engine scan C:\Windows\system32
03:10:13.360 AVAST engine scan C:\Windows\system32\drivers
03:10:39.881 AVAST engine scan C:\Users\JADA
03:42:35.470 AVAST engine scan C:\ProgramData
03:44:38.108 Scan finished successfully
03:47:43.451 Disk 0 MBR has been saved successfully to "C:\Users\JADA\Desktop\MBR.dat"
03:47:43.463 The log file has been saved successfully to "C:\Users\JADA\Desktop\aswMBR.txt"

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Amazing!! I'm IMPRESSED!! This is the first time TDSSKiller has been able to load and run. And it seemed to work.

#28
SilasA

Posted 16 October 2012 - 03:21 AM

Member

Topic Starter
Member
19 posts

THAT did it! Or, so it seems. It's all back well and as fast as ever. No delays on mouse-clicks. No sign of search redirects. Full net throughput on page loads. Programs still start and work fine. I even still have all the clutter I started with minus a few games. If there were a "Hoarders" show for PCs, I'd win. Apologies to you for that. I suppose it makes reading logs a nightmare. I do wish I knew where it came from and how it got through my AV programs to do so much system degradation unnoticed until too late. Just beware those MBR tsk0000.dta and tsk0001.dta files.

I extend my sincere Thanks to you, Mr. Gringo. Thank you.

#29
gringo_pr

Posted 16 October 2012 - 04:59 AM

Trusted Helper

Malware Removal
7,268 posts

Hello

I am happy that it worked but lets make sure everything was removed and then we will start the cleaning up part

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#30
SilasA

Posted 16 October 2012 - 11:55 AM

Member

Topic Starter
Member
19 posts

I haven't seen any problems at all after running TDSSKiller.

I ran CF as requested with the flush java script and here is the Log:

ComboFix 12-10-13.01 - JADA 10/16/2012 12:24:47.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2604 [GMT -4:00]
Running from: c:\users\JADA\Desktop\ComboFix.exe
Command switches used :: c:\users\JADA\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 17:26 . 2012-10-16 17:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-16 17:26 . 2012-10-16 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 06:33 . 2012-10-16 06:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-16 01:48 . 2012-10-16 01:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-15 15:09 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F974E1E0-2075-46CE-B4A2-3037C4666F5C}\mpengine.dll
2012-10-15 04:04 . 2012-10-15 04:04 -------- d-----w- c:\users\JADA\AppData\Local\K-Meleon
2012-10-15 04:04 . 2012-10-15 04:08 -------- d-----w- c:\users\JADA\AppData\Roaming\K-Meleon
2012-10-15 04:03 . 2012-10-15 17:21 -------- d-----w- c:\program files (x86)\K-Meleon
2012-10-14 02:31 . 2012-10-14 02:32 -------- d-----w- c:\program files\CCleaner
2012-10-13 22:22 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-12 23:17 . 2012-10-12 23:17 -------- d-----w- C:\_OTL
2012-10-10 06:01 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-10 06:01 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-10 01:26 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 01:26 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 01:26 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 01:26 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 01:24 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 01:24 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 01:24 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 01:24 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 01:24 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 01:24 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 01:24 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 01:24 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-06 21:59 . 2012-10-12 01:02 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-10-06 17:45 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-10-06 17:34 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-10-06 17:34 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-10-06 17:33 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-10-06 15:52 . 2012-10-06 15:52 -------- d-----w- c:\program files\Windows Journal
2012-10-05 23:57 . 2012-09-27 06:34 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FC18C49-E5C2-407A-8BDF-A36DB1330076}\gapaengine.dll
2012-10-04 14:34 . 2012-10-04 14:34 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-03 21:57 . 2012-10-03 22:07 -------- d-----w- c:\program files (x86)\WhatsRunning
2012-10-03 19:29 . 2012-10-06 08:53 -------- d-----w- c:\programdata\SecTaskMan
2012-10-01 03:00 . 2007-08-01 18:05 77824 ----a-w- c:\windows\SysWow64\xvid.ax
2012-10-01 03:00 . 2007-08-01 18:05 765952 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-10-01 03:00 . 2007-08-01 18:05 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-09-30 08:34 . 2012-09-30 09:34 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 08:34 . 2012-09-30 09:34 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 10:41 . 2012-10-01 03:10 -------- d-----w- C:\CCE_Quarantine
2012-09-28 09:07 . 2012-09-28 09:07 -------- d-----w- c:\users\JADA\AppData\Roaming\Apple Computer
2012-09-28 09:05 . 2012-09-28 09:05 -------- d-----w- c:\users\JADA\AppData\Roaming\LavasoftStatistics
2012-09-28 08:47 . 2012-09-28 09:30 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-09-28 08:19 . 2012-09-28 08:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-28 07:48 . 2012-09-28 07:48 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-27 15:54 . 2012-09-27 17:06 -------- d-----w- C:\sh4ldr
2012-09-27 15:54 . 2012-09-27 15:54 -------- d-----w- c:\program files\Enigma Software Group
2012-09-27 15:52 . 2012-09-27 17:06 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-26 13:05 . 2012-09-26 13:05 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-09-26 12:42 . 2012-10-02 22:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-26 12:42 . 2012-10-02 22:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-26 11:37 . 2012-09-26 11:38 -------- d-----w- c:\programdata\HitmanPro
2012-09-25 08:55 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-25 08:55 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-25 08:55 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-23 11:49 . 2012-09-23 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
2012-09-23 11:49 . 2012-09-23 11:49 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-09-23 11:39 . 2012-09-23 11:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-23 11:38 . 2012-09-23 11:38 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 20:02 . 2012-09-20 20:02 1832760 ----a-w- c:\windows\system32\LogiLDA.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 06:36 . 2011-05-25 05:06 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-10-10 05:36 . 2009-10-14 12:51 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-27 06:34 . 2012-07-03 20:20 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-23 11:38 . 2010-09-03 02:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-01 23:41 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-09-01 23:41 . 2009-08-18 15:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-20 17:38 . 2012-10-10 01:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 18:15 . 2012-08-16 23:23 3148800 ----a-w- c:\windows\system32\win32k.sys
2010-09-14 01:46 . 2010-09-14 01:44 329728 ----a-w- c:\program files (x86)\FLV PlayerFCSetup.exe
2010-09-14 01:44 . 2010-09-14 01:44 11268 ----a-w- c:\program files (x86)\FLV PlayerRCATSetup.exe
2010-09-14 01:44 . 2010-09-14 01:44 12326 ----a-w- c:\program files (x86)\FLV PlayerRCSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2009-03-13 1058816]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\JADA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HControl.exe - Shortcut.lnk - c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe [2009-9-25 174720]
RealTemp.exe - Shortcut.lnk - c:\realtemp\RealTemp_370\RealTemp.exe [2012-2-14 216064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 1025576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-19 136176]
R2 MSMQSVC;Message Queuing Service;c:\windows\system32\mqsv32.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 36392]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 esgiguard;esgiguard;c:\program files\ENIGMA SOFTWARE GROUP\SPYHUNTER\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-19 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-22 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2009-03-13 504832]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-06-13 441344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 33358204
*NewlyCreated* - 70304962
*NewlyCreated* - ASWMBR
*Deregistered* - 33358204
*Deregistered* - 70304962
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-19 20:06]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-19 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-31 323072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 8114720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\JADA\AppData\Roaming\Mozilla\Firefox\Profiles\vu7bcib3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-70304962.sys
AddRemove-Gray Matter - d:\program files (x86)\Viva Media\Gray Matter\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DUMeterSvc]
"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.abr"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.apd"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jbr"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.jpg"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.kdc"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbr"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.png"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspbrush"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-642983647-4017048948-2325861660-1001)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-642983647-4017048948-2325861660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-16 13:32:03
ComboFix-quarantined-files.txt 2012-10-16 17:32
ComboFix2.txt 2012-10-13 19:52
ComboFix3.txt 2012-10-12 07:53
ComboFix4.txt 2012-09-22 08:36
.
Pre-Run: 13,387,694,080 bytes free
Post-Run: 13,945,876,480 bytes free
.
- - End Of File - - CA96DAD3168DE6FC6494CE6DC3F43018