Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus, Spyware, Security Center BLOCKED, Some webpages don't w

Started by castravete , Jan 24 2013 12:34 PM

  • This topic is locked This topic is locked

#1
castravete
Posted 24 January 2013 - 12:34 PM

castravete

    Member

  • Member
  • PipPip
  • 10 posts
I really hope that someone could help me as soon as possible because I have a project to finish by tomorrow afternoon and the computer is almost dead. Even though it was not extremely agile before, it was perfect for doing my work.

Story:
I have received a Allow/Not message from the security center regarding registry modification. After 10 NOT answers, I got frustrated and pressed Yes. Afterwards, Nod32 detected a trojan which couldn't be deleted or anything. After a restart, my security center was disabled, together with the antivirus(which couldn't start), the spyware(which was useless- Spyware doctor), and the firewall(dead). Anti-virus and Anti-spyware related webpages were not accessible(including microsoft pages and some forums). Chrome can't be started. I have scanned the pc with all types of anti-malware and spyware programs: Spybot, Malwarebytes, i also tryed to used Avast ( but antiviruses were disabled). On a more recent report of Rogue Killer the following was presented. ( couldn't delete the threat, it kept appearing for each and every scan).

I have downloaded MGtools, TDSSkiller and HitmanPro.

Report:

RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : teo [Admin rights]
Mode : Scan -- Date : 01/24/2013 17:58:17
| ARK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : RssGqiad (C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2549153393-2252973610-2979537789-1000[...]\Run : RssGqiad (C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) -> FOUND
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[70] : NtCreateKey @ 0x836599FF -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B76AC)
SSDT[72] : NtCreateKeyTransacted @ 0x8361E719 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7708)
SSDT[182] : NtOpenKey @ 0x8368D704 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7562)
SSDT[183] : NtOpenKeyEx @ 0x836846DF -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B75B2)
SSDT[185] : NtOpenKeyTransacted @ 0x836224D4 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7604)
SSDT[186] : NtOpenKeyTransactedEx @ 0x83622464 -> HOOKED (\??\C:\Users\teo\AppData\Local\Temp\yetntfsp.sys @ 0xB04B7656)
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\DRIVERS\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x85F201F8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 608c619b9814adaff2f3e08b2ce51faa
[BSP] 925107c1c557ad44b98bf20e8890bc66 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 33000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 67585455 | Size: 272234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_S_01242013_02d1758.txt >>
RKreport[1]_S_01242013_02d1756.txt ; RKreport[2]_D_01242013_02d1757.txt ; RKreport[3]_H_01242013_02d1757.txt ; RKreport[4]_PR_01242013_02d1757.txt ; RKreport[5]_DN_01242013_02d1757.txt ;
RKreport[6]_S_01242013_02d1758.txt

I really hope for someone to be able to help me in time ... :help:

Attached Files


Edited by castravete, 24 January 2013 - 12:40 PM.

  • 0

Advertisements

#2
Essexboy
Posted 24 January 2013 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what I can do

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
castravete
Posted 24 January 2013 - 12:59 PM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Cure was not available. Scan results:

18:54:51.0133 0860 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
18:54:51.0363 0860 ============================================================
18:54:51.0363 0860 Current date / time: 2013/01/24 18:54:51.0363
18:54:51.0363 0860 SystemInfo:
18:54:51.0363 0860
18:54:51.0363 0860 OS Version: 6.1.7600 ServicePack: 0.0
18:54:51.0363 0860 Product type: Workstation
18:54:51.0363 0860 ComputerName: TEO-PC
18:54:51.0363 0860 UserName: teo
18:54:51.0363 0860 Windows directory: C:\Windows
18:54:51.0363 0860 System windows directory: C:\Windows
18:54:51.0363 0860 Processor architecture: Intel x86
18:54:51.0363 0860 Number of processors: 1
18:54:51.0363 0860 Page size: 0x1000
18:54:51.0363 0860 Boot type: Normal boot
18:54:51.0363 0860 ============================================================
18:54:53.0803 0860 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:54:53.0813 0860 ============================================================
18:54:53.0813 0860 \Device\Harddisk0\DR0:
18:54:53.0843 0860 MBR partitions:
18:54:53.0843 0860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4074570
18:54:53.0853 0860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x40745EE, BlocksNum 0x213B5212
18:54:53.0853 0860 ============================================================
18:54:53.0873 0860 C: <-> \Device\Harddisk0\DR0\Partition1
18:54:53.0983 0860 D: <-> \Device\Harddisk0\DR0\Partition2
18:54:53.0983 0860 ============================================================
18:54:53.0983 0860 Initialize success
18:54:53.0983 0860 ============================================================
18:55:11.0093 0996 ============================================================
18:55:11.0093 0996 Scan started
18:55:11.0093 0996 Mode: Manual; SigCheck; TDLFS;
18:55:11.0093 0996 ============================================================
18:55:13.0433 0996 ================ Scan system memory ========================
18:55:13.0433 0996 System memory - ok
18:55:13.0433 0996 ================ Scan services =============================
18:55:13.0613 0996 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:55:13.0753 0996 1394ohci - ok
18:55:13.0813 0996 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
18:55:13.0873 0996 acedrv11 - ok
18:55:13.0903 0996 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:55:13.0923 0996 ACPI - ok
18:55:13.0973 0996 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:55:14.0053 0996 AcpiPmi - ok
18:55:14.0083 0996 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:55:14.0113 0996 adp94xx - ok
18:55:14.0133 0996 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:55:14.0153 0996 adpahci - ok
18:55:14.0203 0996 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:55:14.0223 0996 adpu320 - ok
18:55:14.0253 0996 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:55:14.0413 0996 AeLookupSvc - ok
18:55:14.0433 0996 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
18:55:14.0503 0996 AFD - ok
18:55:14.0543 0996 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:55:14.0553 0996 agp440 - ok
18:55:14.0593 0996 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:55:14.0613 0996 aic78xx - ok
18:55:14.0643 0996 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:55:14.0663 0996 aliide - ok
18:55:14.0693 0996 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
18:55:14.0713 0996 amdagp - ok
18:55:14.0733 0996 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:55:14.0753 0996 amdide - ok
18:55:14.0833 0996 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:55:14.0853 0996 AmdK8 - ok
18:55:14.0873 0996 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:55:14.0943 0996 AmdPPM - ok
18:55:14.0973 0996 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:55:14.0993 0996 amdsata - ok
18:55:15.0013 0996 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:55:15.0033 0996 amdsbs - ok
18:55:15.0053 0996 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:55:15.0073 0996 amdxata - ok
18:55:15.0093 0996 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
18:55:15.0193 0996 AppID - ok
18:55:15.0243 0996 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:55:15.0313 0996 AppIDSvc - ok
18:55:15.0333 0996 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
18:55:15.0413 0996 Appinfo - ok
18:55:15.0453 0996 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:55:15.0493 0996 AppMgmt - ok
18:55:15.0523 0996 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:55:15.0543 0996 arc - ok
18:55:15.0563 0996 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:55:15.0593 0996 arcsas - ok
18:55:15.0703 0996 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:55:15.0733 0996 aspnet_state - ok
18:55:15.0783 0996 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:55:15.0843 0996 AsyncMac - ok
18:55:15.0863 0996 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:55:15.0883 0996 atapi - ok
18:55:15.0943 0996 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:55:15.0963 0996 atksgt - ok
18:55:16.0023 0996 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:55:16.0103 0996 AudioEndpointBuilder - ok
18:55:16.0123 0996 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:55:16.0183 0996 Audiosrv - ok
18:55:16.0313 0996 [ 277E8A2F70366EB959344BB89AC687CB ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
18:55:16.0343 0996 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:55:16.0343 0996 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:55:16.0433 0996 [ 34F335FEC0D7A7A4D329390B7C7B59B8 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
18:55:16.0453 0996 avgtp - ok
18:55:16.0493 0996 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:55:16.0573 0996 AxInstSV - ok
18:55:16.0613 0996 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:55:16.0663 0996 b06bdrv - ok
18:55:16.0693 0996 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:55:16.0733 0996 b57nd60x - ok
18:55:16.0753 0996 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:55:16.0813 0996 BDESVC - ok
18:55:16.0833 0996 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:55:16.0893 0996 Beep - ok
18:55:16.0923 0996 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
18:55:17.0003 0996 BFE - ok
18:55:17.0043 0996 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
18:55:17.0123 0996 BITS - ok
18:55:17.0153 0996 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:55:17.0173 0996 blbdrive - ok
18:55:17.0213 0996 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:55:17.0293 0996 bowser - ok
18:55:17.0313 0996 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:55:17.0353 0996 BrFiltLo - ok
18:55:17.0383 0996 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:55:17.0453 0996 BrFiltUp - ok
18:55:17.0493 0996 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
18:55:17.0553 0996 Browser - ok
18:55:17.0653 0996 [ 21FA3E51618FF8E2F4B29964ABC5884F ] Browser Defender Update Service C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
18:55:17.0673 0996 Browser Defender Update Service - ok
18:55:17.0703 0996 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:55:17.0743 0996 Brserid - ok
18:55:17.0763 0996 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:55:17.0803 0996 BrSerWdm - ok
18:55:17.0833 0996 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:55:17.0853 0996 BrUsbMdm - ok
18:55:17.0873 0996 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:55:17.0913 0996 BrUsbSer - ok
18:55:17.0973 0996 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:55:17.0993 0996 BthEnum - ok
18:55:18.0023 0996 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:55:18.0063 0996 BTHMODEM - ok
18:55:18.0093 0996 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:55:18.0123 0996 BthPan - ok
18:55:18.0183 0996 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:55:18.0213 0996 BTHPORT - ok
18:55:18.0263 0996 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:55:18.0353 0996 bthserv - ok
18:55:18.0393 0996 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:55:18.0453 0996 BTHUSB - ok
18:55:18.0483 0996 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:55:18.0543 0996 cdfs - ok
18:55:18.0603 0996 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:55:18.0643 0996 cdrom - ok
18:55:18.0653 0996 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
18:55:18.0723 0996 CertPropSvc - ok
18:55:18.0743 0996 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:55:18.0783 0996 circlass - ok
18:55:18.0813 0996 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:55:18.0833 0996 CLFS - ok
18:55:18.0913 0996 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:55:18.0923 0996 clr_optimization_v2.0.50727_32 - ok
18:55:19.0003 0996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:55:19.0053 0996 clr_optimization_v4.0.30319_32 - ok
18:55:19.0073 0996 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:55:19.0093 0996 CmBatt - ok
18:55:19.0133 0996 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:55:19.0153 0996 cmdide - ok
18:55:19.0173 0996 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
18:55:19.0213 0996 CNG - ok
18:55:19.0243 0996 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:55:19.0273 0996 Compbatt - ok
18:55:19.0283 0996 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:55:19.0313 0996 CompositeBus - ok
18:55:19.0333 0996 COMSysApp - ok
18:55:19.0383 0996 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:55:19.0403 0996 crcdisk - ok
18:55:19.0473 0996 [ 2177A0F611584BCA1DFDD7EEB35C0224 ] CrypKey License C:\Windows\system32\crypserv.exe
18:55:19.0503 0996 CrypKey License ( UnsignedFile.Multi.Generic ) - warning
18:55:19.0503 0996 CrypKey License - detected UnsignedFile.Multi.Generic (1)
18:55:19.0553 0996 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:55:19.0613 0996 CryptSvc - ok
18:55:19.0633 0996 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
18:55:19.0693 0996 CSC - ok
18:55:19.0723 0996 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
18:55:19.0783 0996 CscService - ok
18:55:19.0843 0996 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
18:55:19.0923 0996 DcomLaunch - ok
18:55:19.0963 0996 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:55:20.0123 0996 defragsvc - ok
18:55:20.0233 0996 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:55:20.0303 0996 DfsC - ok
18:55:20.0343 0996 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:55:20.0433 0996 Dhcp - ok
18:55:20.0453 0996 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:55:20.0533 0996 discache - ok
18:55:20.0553 0996 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:55:20.0583 0996 Disk - ok
18:55:20.0603 0996 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:55:20.0693 0996 Dnscache - ok
18:55:20.0723 0996 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
18:55:20.0803 0996 dot3svc - ok
18:55:20.0833 0996 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
18:55:20.0913 0996 DPS - ok
18:55:20.0963 0996 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:55:21.0013 0996 drmkaud - ok
18:55:21.0063 0996 [ 39806CFEDDCC55E686A49BCCD2972F23 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:55:21.0143 0996 DXGKrnl - ok
18:55:21.0183 0996 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:55:21.0243 0996 EapHost - ok
18:55:21.0503 0996 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:55:21.0633 0996 ebdrv - ok
18:55:21.0683 0996 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
18:55:21.0943 0996 EFS - ok
18:55:22.0013 0996 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:55:22.0083 0996 ehRecvr - ok
18:55:22.0113 0996 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:55:22.0143 0996 ehSched - ok
18:55:22.0213 0996 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:55:22.0243 0996 elxstor - ok
18:55:22.0263 0996 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:55:22.0303 0996 ErrDev - ok
18:55:22.0373 0996 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:55:22.0453 0996 EventSystem - ok
18:55:22.0493 0996 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:55:22.0583 0996 exfat - ok
18:55:22.0613 0996 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:55:22.0673 0996 fastfat - ok
18:55:22.0713 0996 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
18:55:22.0763 0996 Fax - ok
18:55:22.0803 0996 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:55:22.0843 0996 fdc - ok
18:55:22.0863 0996 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:55:22.0943 0996 fdPHost - ok
18:55:22.0963 0996 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:55:23.0023 0996 FDResPub - ok
18:55:23.0043 0996 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:55:23.0063 0996 FileInfo - ok
18:55:23.0093 0996 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:55:23.0143 0996 Filetrace - ok
18:55:23.0153 0996 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:55:23.0193 0996 flpydisk - ok
18:55:23.0233 0996 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:55:23.0253 0996 FltMgr - ok
18:55:23.0303 0996 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
18:55:23.0393 0996 FontCache - ok
18:55:23.0453 0996 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:55:23.0473 0996 FontCache3.0.0.0 - ok
18:55:23.0513 0996 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:55:23.0533 0996 FsDepends - ok
18:55:23.0563 0996 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:55:23.0573 0996 Fs_Rec - ok
18:55:23.0623 0996 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:55:23.0653 0996 fvevol - ok
18:55:23.0673 0996 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:55:23.0703 0996 gagp30kx - ok
18:55:23.0923 0996 GarenaPEngine - ok
18:55:24.0083 0996 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
18:55:24.0133 0996 gpsvc - ok
18:55:24.0193 0996 [ D30B31375C40309425C21EFE75DB90BB ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:55:24.0213 0996 hamachi - ok
18:55:24.0243 0996 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:55:24.0293 0996 hcw85cir - ok
18:55:24.0333 0996 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:55:24.0383 0996 HdAudAddService - ok
18:55:24.0413 0996 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:55:24.0463 0996 HDAudBus - ok
18:55:24.0493 0996 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:55:24.0523 0996 HidBatt - ok
18:55:24.0563 0996 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:55:24.0633 0996 HidBth - ok
18:55:24.0653 0996 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:55:24.0703 0996 HidIr - ok
18:55:24.0733 0996 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:55:24.0793 0996 hidserv - ok
18:55:24.0823 0996 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:55:24.0863 0996 HidUsb - ok
18:55:24.0893 0996 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:55:24.0963 0996 hkmsvc - ok
18:55:25.0043 0996 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:55:25.0133 0996 HomeGroupListener - ok
18:55:25.0173 0996 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:55:25.0233 0996 HomeGroupProvider - ok
18:55:25.0263 0996 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:55:25.0283 0996 HpSAMD - ok
18:55:25.0323 0996 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:55:25.0383 0996 HTTP - ok
18:55:25.0403 0996 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:55:25.0423 0996 hwpolicy - ok
18:55:25.0473 0996 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:55:25.0513 0996 i8042prt - ok
18:55:25.0553 0996 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
18:55:25.0613 0996 iaStorV - ok
18:55:25.0773 0996 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:55:25.0793 0996 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:55:25.0793 0996 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:55:25.0873 0996 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:55:25.0933 0996 idsvc - ok
18:55:26.0123 0996 [ C7FEE838FD0216EE0AD3D765AB4F40F4 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:55:26.0343 0996 igfx - ok
18:55:26.0363 0996 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:55:26.0383 0996 iirsp - ok
18:55:26.0443 0996 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
18:55:26.0543 0996 IKEEXT - ok
18:55:26.0723 0996 [ B29E79C67F3779E70BA187E31B639EBC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:55:26.0863 0996 IntcAzAudAddService - ok
18:55:26.0913 0996 [ E63CD0D9AA8D406CABDE5AA718936F40 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:55:26.0953 0996 IntcHdmiAddService - ok
18:55:26.0983 0996 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:55:27.0003 0996 intelide - ok
18:55:27.0023 0996 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:55:27.0053 0996 intelppm - ok
18:55:27.0093 0996 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:55:27.0143 0996 IPBusEnum - ok
18:55:27.0173 0996 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:27.0233 0996 IpFilterDriver - ok
18:55:27.0263 0996 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:55:27.0353 0996 iphlpsvc - ok
18:55:27.0383 0996 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:55:27.0403 0996 IPMIDRV - ok
18:55:27.0433 0996 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:55:27.0493 0996 IPNAT - ok
18:55:27.0523 0996 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:55:27.0553 0996 IRENUM - ok
18:55:27.0593 0996 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:55:27.0643 0996 isapnp - ok
18:55:27.0673 0996 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:55:27.0703 0996 iScsiPrt - ok
18:55:27.0753 0996 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:55:27.0783 0996 kbdclass - ok
18:55:27.0813 0996 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:55:27.0853 0996 kbdhid - ok
18:55:27.0883 0996 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
18:55:27.0913 0996 KeyIso - ok
18:55:27.0943 0996 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:55:27.0963 0996 KSecDD - ok
18:55:27.0983 0996 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:55:28.0013 0996 KSecPkg - ok
18:55:28.0053 0996 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:55:28.0133 0996 KtmRm - ok
18:55:28.0173 0996 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
18:55:28.0213 0996 L1C - ok
18:55:28.0243 0996 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:55:28.0323 0996 LanmanServer - ok
18:55:28.0363 0996 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:55:28.0423 0996 LanmanWorkstation - ok
18:55:28.0503 0996 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:55:28.0523 0996 lirsgt - ok
18:55:28.0553 0996 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:55:28.0613 0996 lltdio - ok
18:55:28.0683 0996 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:55:28.0743 0996 lltdsvc - ok
18:55:28.0773 0996 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:55:28.0943 0996 lmhosts - ok
18:55:29.0043 0996 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:55:29.0063 0996 LSI_FC - ok
18:55:29.0093 0996 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:55:29.0113 0996 LSI_SAS - ok
18:55:29.0133 0996 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:55:29.0163 0996 LSI_SAS2 - ok
18:55:29.0183 0996 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:55:29.0213 0996 LSI_SCSI - ok
18:55:29.0243 0996 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:55:29.0303 0996 luafv - ok
18:55:29.0373 0996 [ 04D3A71875699098AF856EE5F9F72AC3 ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
18:55:29.0393 0996 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:55:29.0393 0996 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:55:29.0453 0996 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys
18:55:29.0483 0996 massfilter - ok
18:55:29.0543 0996 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
18:55:29.0563 0996 mcdbus ( UnsignedFile.Multi.Generic ) - warning
18:55:29.0563 0996 mcdbus - detected UnsignedFile.Multi.Generic (1)
18:55:29.0593 0996 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:55:29.0633 0996 Mcx2Svc - ok
18:55:29.0663 0996 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:55:29.0723 0996 megasas - ok
18:55:29.0743 0996 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:55:29.0763 0996 MegaSR - ok
18:55:30.0003 0996 Micorsoft Windows Service - ok
18:55:30.0113 0996 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:55:30.0183 0996 MMCSS - ok
18:55:30.0293 0996 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:55:30.0353 0996 Modem - ok
18:55:30.0393 0996 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:55:30.0433 0996 monitor - ok
18:55:30.0463 0996 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:55:30.0483 0996 mouclass - ok
18:55:30.0513 0996 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:55:30.0553 0996 mouhid - ok
18:55:30.0573 0996 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:55:30.0603 0996 mountmgr - ok
18:55:30.0733 0996 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:55:30.0753 0996 MozillaMaintenance - ok
18:55:30.0783 0996 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:55:30.0803 0996 mpio - ok
18:55:30.0843 0996 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:55:30.0913 0996 mpsdrv - ok
18:55:30.0943 0996 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:55:30.0983 0996 MRxDAV - ok
18:55:31.0003 0996 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:31.0073 0996 mrxsmb - ok
18:55:31.0103 0996 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:31.0163 0996 mrxsmb10 - ok
18:55:31.0203 0996 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:31.0253 0996 mrxsmb20 - ok
18:55:31.0273 0996 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:55:31.0293 0996 msahci - ok
18:55:31.0323 0996 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:55:31.0343 0996 msdsm - ok
18:55:31.0383 0996 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:55:31.0433 0996 MSDTC - ok
18:55:31.0493 0996 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:55:31.0543 0996 Msfs - ok
18:55:31.0583 0996 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:55:31.0643 0996 mshidkmdf - ok
18:55:31.0673 0996 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:55:31.0693 0996 msisadrv - ok
18:55:31.0753 0996 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:55:31.0813 0996 MSiSCSI - ok
18:55:31.0823 0996 msiserver - ok
18:55:31.0873 0996 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:55:31.0933 0996 MSKSSRV - ok
18:55:31.0973 0996 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:32.0013 0996 MSPCLOCK - ok
18:55:32.0033 0996 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:55:32.0083 0996 MSPQM - ok
18:55:32.0113 0996 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:55:32.0143 0996 MsRPC - ok
18:55:32.0173 0996 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:32.0203 0996 mssmbios - ok
18:55:32.0233 0996 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:55:32.0283 0996 MSTEE - ok
18:55:32.0303 0996 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:55:32.0343 0996 MTConfig - ok
18:55:32.0363 0996 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:55:32.0383 0996 Mup - ok
18:55:32.0433 0996 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
18:55:32.0503 0996 napagent - ok
18:55:32.0553 0996 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:55:32.0603 0996 NativeWifiP - ok
18:55:32.0653 0996 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:55:32.0703 0996 NDIS - ok
18:55:32.0743 0996 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:55:32.0813 0996 NdisCap - ok
18:55:32.0843 0996 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:32.0933 0996 NdisTapi - ok
18:55:32.0973 0996 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:33.0023 0996 Ndisuio - ok
18:55:33.0053 0996 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:33.0103 0996 NdisWan - ok
18:55:33.0133 0996 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:55:33.0183 0996 NDProxy - ok
18:55:33.0213 0996 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:55:33.0263 0996 NetBIOS - ok
18:55:33.0293 0996 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:55:33.0343 0996 NetBT - ok
18:55:33.0383 0996 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
18:55:33.0413 0996 Netlogon - ok
18:55:33.0453 0996 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:55:33.0533 0996 Netman - ok
18:55:33.0653 0996 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:33.0693 0996 NetMsmqActivator - ok
18:55:33.0723 0996 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:33.0743 0996 NetPipeActivator - ok
18:55:33.0763 0996 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:55:33.0853 0996 netprofm - ok
18:55:33.0903 0996 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:33.0933 0996 NetTcpActivator - ok
18:55:33.0953 0996 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:55:33.0973 0996 NetTcpPortSharing - ok
18:55:34.0113 0996 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
18:55:34.0233 0996 netw5v32 - ok
18:55:34.0293 0996 [ 9446D03271BAF3496BBD2957D2732FD2 ] NetworkX C:\Windows\System32\ckldrv.sys
18:55:34.0303 0996 NetworkX - ok
18:55:34.0343 0996 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:55:34.0363 0996 nfrd960 - ok
18:55:34.0403 0996 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
18:55:34.0473 0996 NlaSvc - ok
18:55:34.0503 0996 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:55:34.0553 0996 Npfs - ok
18:55:34.0583 0996 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:55:34.0663 0996 nsi - ok
18:55:34.0693 0996 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:55:34.0763 0996 nsiproxy - ok
18:55:34.0853 0996 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:55:34.0963 0996 Ntfs - ok
18:55:34.0993 0996 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:55:35.0043 0996 Null - ok
18:55:35.0083 0996 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
18:55:35.0103 0996 nvraid - ok
18:55:35.0123 0996 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
18:55:35.0153 0996 nvstor - ok
18:55:35.0183 0996 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:55:35.0203 0996 nv_agp - ok
18:55:35.0343 0996 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:55:35.0363 0996 odserv - ok
18:55:35.0393 0996 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:55:35.0413 0996 ohci1394 - ok
18:55:35.0543 0996 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:55:35.0583 0996 ose - ok
18:55:35.0823 0996 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:55:35.0903 0996 p2pimsvc - ok
18:55:35.0963 0996 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:55:36.0023 0996 p2psvc - ok
18:55:36.0063 0996 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:55:36.0083 0996 Parport - ok
18:55:36.0103 0996 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:55:36.0123 0996 partmgr - ok
18:55:36.0153 0996 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:55:36.0183 0996 Parvdm - ok
18:55:36.0213 0996 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:55:36.0263 0996 PcaSvc - ok
18:55:36.0313 0996 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:55:36.0363 0996 pccsmcfd - ok
18:55:36.0393 0996 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
18:55:36.0413 0996 pci - ok
18:55:36.0443 0996 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:55:36.0463 0996 pciide - ok
18:55:36.0513 0996 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:55:36.0533 0996 pcmcia - ok
18:55:36.0593 0996 [ 807FF1DD6E1BDF8E7D2062FCA0DAECAF ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
18:55:36.0613 0996 PCTCore - ok
18:55:36.0643 0996 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:55:36.0663 0996 pcw - ok
18:55:36.0703 0996 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:55:36.0773 0996 PEAUTH - ok
18:55:36.0843 0996 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:55:36.0963 0996 PeerDistSvc - ok
18:55:37.0093 0996 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
18:55:37.0203 0996 pla - ok
18:55:37.0253 0996 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:55:37.0343 0996 PlugPlay - ok
18:55:37.0373 0996 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:55:37.0403 0996 PNRPAutoReg - ok
18:55:37.0433 0996 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:55:37.0473 0996 PNRPsvc - ok
18:55:37.0523 0996 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:55:37.0603 0996 PolicyAgent - ok
18:55:37.0653 0996 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
18:55:37.0713 0996 Power - ok
18:55:37.0743 0996 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:55:37.0793 0996 PptpMiniport - ok
18:55:37.0823 0996 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:55:37.0873 0996 Processor - ok
18:55:37.0953 0996 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
18:55:38.0033 0996 ProfSvc - ok
18:55:38.0173 0996 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:55:38.0203 0996 ProtectedStorage - ok
18:55:38.0233 0996 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:55:38.0283 0996 Psched - ok
18:55:38.0343 0996 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:55:38.0393 0996 ql2300 - ok
18:55:38.0413 0996 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:55:38.0443 0996 ql40xx - ok
18:55:38.0473 0996 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:55:38.0543 0996 QWAVE - ok
18:55:38.0573 0996 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:55:38.0603 0996 QWAVEdrv - ok
18:55:38.0673 0996 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:55:38.0693 0996 RapiMgr - ok
18:55:38.0723 0996 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:55:38.0793 0996 RasAcd - ok
18:55:38.0833 0996 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:55:38.0903 0996 RasAgileVpn - ok
18:55:38.0963 0996 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:55:39.0033 0996 RasAuto - ok
18:55:39.0083 0996 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:39.0153 0996 Rasl2tp - ok
18:55:39.0193 0996 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
18:55:39.0273 0996 RasMan - ok
18:55:39.0293 0996 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:39.0353 0996 RasPppoe - ok
18:55:39.0383 0996 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:55:39.0433 0996 RasSstp - ok
18:55:39.0463 0996 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:55:39.0523 0996 rdbss - ok
18:55:39.0553 0996 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:55:39.0583 0996 rdpbus - ok
18:55:39.0613 0996 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:39.0663 0996 RDPCDD - ok
18:55:39.0703 0996 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:55:39.0763 0996 RDPDR - ok
18:55:39.0793 0996 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:55:39.0843 0996 RDPENCDD - ok
18:55:39.0873 0996 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:55:39.0933 0996 RDPREFMP - ok
18:55:39.0993 0996 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:55:40.0053 0996 RDPWD - ok
18:55:40.0083 0996 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:55:40.0133 0996 rdyboost - ok
18:55:40.0173 0996 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:55:40.0233 0996 RemoteAccess - ok
18:55:40.0283 0996 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:55:40.0373 0996 RemoteRegistry - ok
18:55:40.0463 0996 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:55:40.0553 0996 RFCOMM - ok
18:55:40.0643 0996 [ B4090006A82EEB608C358AB5D37DE85A ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
18:55:40.0693 0996 RMCAST - ok
18:55:40.0733 0996 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:55:40.0793 0996 RpcEptMapper - ok
18:55:40.0833 0996 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:55:40.0863 0996 RpcLocator - ok
18:55:40.0903 0996 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
18:55:40.0963 0996 RpcSs - ok
18:55:41.0033 0996 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:55:41.0093 0996 rspndr - ok
18:55:41.0153 0996 [ 434DCF7AE4300C876AA40873E3113983 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:55:41.0193 0996 RSUSBSTOR - ok
18:55:41.0223 0996 RtsUIR - ok
18:55:41.0283 0996 [ 815445F4676CC96BC9AEEC303C727E19 ] s116bus C:\Windows\system32\DRIVERS\s116bus.sys
18:55:41.0303 0996 s116bus - ok
18:55:41.0333 0996 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
18:55:41.0373 0996 s3cap - ok
18:55:41.0393 0996 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
18:55:41.0423 0996 SamSs - ok
18:55:41.0453 0996 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:55:41.0473 0996 sbp2port - ok
18:55:41.0513 0996 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:55:41.0593 0996 SCardSvr - ok
18:55:41.0613 0996 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:55:41.0673 0996 scfilter - ok
18:55:41.0723 0996 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
18:55:41.0873 0996 Schedule - ok
18:55:41.0923 0996 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:55:42.0033 0996 SCPolicySvc - ok
18:55:42.0313 0996 [ A1089AC7683826E6C7C9FAB9723DD80F ] sdAuxService C:\Program Files\Spyware Doctor\pctsAuxs.exe
18:55:42.0343 0996 sdAuxService - ok
18:55:42.0413 0996 [ 06F95756353653C7D505361117186713 ] sdCoreService C:\Program Files\Spyware Doctor\pctsSvc.exe
18:55:42.0453 0996 sdCoreService - ok
18:55:42.0493 0996 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:55:42.0543 0996 SDRSVC - ok
18:55:42.0593 0996 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:55:42.0653 0996 secdrv - ok
18:55:42.0683 0996 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:55:42.0743 0996 seclogon - ok
18:55:42.0773 0996 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:55:42.0843 0996 SENS - ok
18:55:42.0863 0996 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:55:42.0923 0996 SensrSvc - ok
18:55:42.0953 0996 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:55:42.0983 0996 Serenum - ok
18:55:43.0013 0996 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:55:43.0053 0996 Serial - ok
18:55:43.0083 0996 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:55:43.0163 0996 sermouse - ok
18:55:43.0293 0996 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:55:43.0333 0996 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:55:43.0333 0996 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:55:43.0423 0996 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
18:55:43.0493 0996 SessionEnv - ok
18:55:43.0573 0996 [ 4354D1EEA9B4B6E29D53151ACDE7980F ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
18:55:43.0603 0996 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:55:43.0603 0996 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:55:43.0643 0996 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:55:43.0683 0996 sffdisk - ok
18:55:43.0713 0996 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:55:43.0763 0996 sffp_mmc - ok
18:55:43.0793 0996 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:55:43.0833 0996 sffp_sd - ok
18:55:43.0893 0996 [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
18:55:43.0903 0996 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:55:43.0903 0996 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:55:43.0943 0996 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:55:43.0973 0996 sfloppy - ok
18:55:44.0063 0996 [ D14D5C9C11998DA690FA75460F4F1CF3 ] sfsync02 C:\Windows\system32\drivers\sfsync02.sys
18:55:44.0073 0996 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:55:44.0073 0996 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:55:44.0173 0996 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:55:44.0243 0996 ShellHWDetection - ok
18:55:44.0283 0996 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
18:55:44.0303 0996 sisagp - ok
18:55:44.0333 0996 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:55:44.0353 0996 SiSRaid2 - ok
18:55:44.0393 0996 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:55:44.0413 0996 SiSRaid4 - ok
18:55:44.0493 0996 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:55:44.0513 0996 SkypeUpdate - ok
18:55:44.0553 0996 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:55:44.0603 0996 Smb - ok
18:55:44.0683 0996 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:55:44.0713 0996 SNMPTRAP - ok
18:55:44.0753 0996 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:55:44.0783 0996 spldr - ok
18:55:44.0813 0996 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
18:55:44.0863 0996 Spooler - ok
18:55:44.0973 0996 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
18:55:45.0133 0996 sppsvc - ok
18:55:45.0253 0996 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:55:45.0323 0996 sppuinotify - ok
18:55:45.0413 0996 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:55:45.0413 0996 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:55:45.0443 0996 sptd ( LockedFile.Multi.Generic ) - warning
18:55:45.0443 0996 sptd - detected LockedFile.Multi.Generic (1)
18:55:45.0483 0996 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:55:45.0543 0996 srv - ok
18:55:45.0573 0996 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:55:45.0633 0996 srv2 - ok
18:55:45.0683 0996 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:55:45.0733 0996 srvnet - ok
18:55:45.0803 0996 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
18:55:45.0853 0996 sscdbus - ok
18:55:45.0883 0996 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:55:45.0923 0996 sscdmdfl - ok
18:55:45.0983 0996 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
18:55:46.0003 0996 sscdmdm - ok
18:55:46.0073 0996 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:55:46.0143 0996 SSDPSRV - ok
18:55:46.0213 0996 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
18:55:46.0233 0996 SSPORT ( UnsignedFile.Multi.Generic ) - warning
18:55:46.0233 0996 SSPORT - detected UnsignedFile.Multi.Generic (1)
18:55:46.0283 0996 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:55:46.0343 0996 SstpSvc - ok
18:55:46.0413 0996 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
18:55:46.0433 0996 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:55:46.0433 0996 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:55:46.0493 0996 Steam Client Service - ok
18:55:46.0533 0996 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:55:46.0553 0996 stexstor - ok
18:55:46.0613 0996 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
18:55:46.0713 0996 StiSvc - ok
18:55:46.0733 0996 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
18:55:46.0753 0996 storflt - ok
18:55:46.0803 0996 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
18:55:46.0833 0996 storvsc - ok
18:55:46.0873 0996 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:55:46.0893 0996 swenum - ok
18:55:47.0033 0996 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:55:47.0053 0996 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:55:47.0053 0996 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:55:47.0103 0996 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:55:47.0173 0996 swprv - ok
18:55:47.0253 0996 [ 47183E3520C88FADD5B0C87D57040DA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:55:47.0283 0996 SynTP - ok
18:55:47.0363 0996 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
18:55:47.0453 0996 SysMain - ok
18:55:47.0573 0996 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:55:47.0603 0996 TabletInputService - ok
18:55:47.0633 0996 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
18:55:47.0833 0996 TapiSrv - ok
18:55:47.0953 0996 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:55:48.0003 0996 TBS - ok
18:55:48.0063 0996 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:55:48.0163 0996 Tcpip - ok
18:55:48.0243 0996 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:55:48.0523 0996 TCPIP6 - ok
18:55:48.0653 0996 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:55:48.0723 0996 tcpipreg - ok
18:55:48.0773 0996 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:55:48.0833 0996 TDPIPE - ok
18:55:48.0863 0996 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:55:49.0383 0996 TDTCP - ok
18:55:49.0443 0996 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:55:49.0613 0996 tdx - ok
18:55:49.0743 0996 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:55:49.0763 0996 TermDD - ok
18:55:49.0803 0996 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
18:55:49.0903 0996 TermService - ok
18:55:49.0953 0996 [ A66277FB1FACE9EDF23829F791803F4F ] Themes C:\Windows\system32\themeservice.dll
18:55:49.0993 0996 Themes ( UnsignedFile.Multi.Generic ) - warning
18:55:49.0993 0996 Themes - detected UnsignedFile.Multi.Generic (1)
18:55:50.0033 0996 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:55:50.0093 0996 THREADORDER - ok
18:55:50.0123 0996 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:55:50.0213 0996 TrkWks - ok
18:55:50.0283 0996 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:55:50.0323 0996 TrustedInstaller - ok
18:55:50.0633 0996 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:50.0913 0996 tssecsrv - ok
18:55:51.0073 0996 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:55:51.0253 0996 tunnel - ok
18:55:51.0533 0996 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:55:51.0623 0996 uagp35 - ok
18:55:51.0873 0996 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:55:51.0943 0996 udfs - ok
18:55:52.0193 0996 [ 528610A96539CD6AD6B68B199E2F3C73 ] UI Assistant Service C:\Program Files\ZTE Join Air\AssistantServices.exe
18:55:52.0253 0996 UI Assistant Service - ok
18:55:52.0293 0996 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:55:52.0333 0996 UI0Detect - ok
18:55:52.0383 0996 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:55:52.0413 0996 uliagpkx - ok
18:55:52.0443 0996 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:55:52.0583 0996 umbus - ok
18:55:52.0613 0996 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:55:52.0693 0996 UmPass - ok
18:55:52.0733 0996 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
18:55:52.0793 0996 UmRdpService - ok
18:55:52.0823 0996 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:55:52.0943 0996 upnphost - ok
18:55:52.0973 0996 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:55:53.0003 0996 usbccgp - ok
18:55:53.0023 0996 USBCCID - ok
18:55:53.0053 0996 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:55:53.0103 0996 usbcir - ok
18:55:53.0133 0996 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:55:53.0183 0996 usbehci - ok
18:55:53.0213 0996 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:55:53.0253 0996 usbhub - ok
18:55:53.0293 0996 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:55:53.0313 0996 usbohci - ok
18:55:53.0343 0996 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:55:53.0373 0996 usbprint - ok
18:55:53.0403 0996 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:53.0433 0996 USBSTOR - ok
18:55:53.0473 0996 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:55:53.0523 0996 usbuhci - ok
18:55:53.0603 0996 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:55:53.0643 0996 usbvideo - ok
18:55:53.0713 0996 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:55:55.0213 0996 usb_rndisx - ok
18:55:55.0323 0996 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:55:55.0933 0996 UxSms - ok
18:55:55.0993 0996 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
18:55:56.0023 0996 VaultSvc - ok
18:55:56.0063 0996 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:55:56.0083 0996 vdrvroot - ok
18:55:56.0133 0996 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
18:55:56.0233 0996 vds - ok
18:55:56.0263 0996 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:56.0393 0996 vga - ok
18:55:56.0423 0996 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:55:56.0493 0996 VgaSave - ok
18:55:56.0533 0996 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:55:56.0583 0996 vhdmp - ok
18:55:56.0613 0996 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
18:55:57.0203 0996 viaagp - ok
18:55:57.0233 0996 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:55:57.0693 0996 ViaC7 - ok
18:55:57.0723 0996 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:55:57.0883 0996 viaide - ok
18:55:58.0443 0996 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
18:55:58.0563 0996 vmbus - ok
18:55:59.0263 0996 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
18:56:00.0053 0996 VMBusHID - ok
18:56:00.0413 0996 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:56:01.0143 0996 volmgr - ok
18:56:02.0353 0996 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:56:02.0713 0996 volmgrx - ok
18:56:02.0873 0996 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:56:03.0223 0996 volsnap - ok
18:56:03.0253 0996 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:56:04.0093 0996 vsmraid - ok
18:56:04.0153 0996 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
18:56:04.0533 0996 VSS - ok
18:56:05.0243 0996 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:56:05.0423 0996 vwifibus - ok
18:56:05.0513 0996 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:56:05.0613 0996 W32Time - ok
18:56:05.0653 0996 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:56:05.0683 0996 WacomPen - ok
18:56:05.0713 0996 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:56:05.0773 0996 WANARP - ok
18:56:05.0793 0996 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:56:05.0853 0996 Wanarpv6 - ok
18:56:05.0913 0996 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
18:56:05.0973 0996 wbengine - ok
18:56:06.0013 0996 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:56:06.0053 0996 WbioSrvc - ok
18:56:06.0123 0996 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:56:06.0183 0996 WcesComm - ok
18:56:06.0283 0996 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:56:06.0363 0996 wcncsvc - ok
18:56:06.0413 0996 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:56:06.0473 0996 WcsPlugInService - ok
18:56:06.0523 0996 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:56:06.0543 0996 Wd - ok
18:56:06.0573 0996 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:56:06.0633 0996 Wdf01000 - ok
18:56:06.0663 0996 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:56:06.0713 0996 WdiServiceHost - ok
18:56:06.0743 0996 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:56:06.0783 0996 WdiSystemHost - ok
18:56:06.0853 0996 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
18:56:06.0943 0996 WebClient - ok
18:56:06.0993 0996 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:56:07.0063 0996 Wecsvc - ok
18:56:07.0093 0996 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:56:07.0153 0996 wercplsupport - ok
18:56:07.0183 0996 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:56:07.0243 0996 WerSvc - ok
18:56:07.0303 0996 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:07.0353 0996 WfpLwf - ok
18:56:07.0383 0996 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:56:07.0413 0996 WIMMount - ok
18:56:07.0483 0996 WinHttpAutoProxySvc - ok
18:56:07.0553 0996 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:56:07.0603 0996 Winmgmt - ok
18:56:07.0663 0996 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
18:56:07.0773 0996 WinRM - ok
18:56:07.0863 0996 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:56:07.0913 0996 WinUsb - ok
18:56:07.0973 0996 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:56:08.0063 0996 Wlansvc - ok
18:56:08.0123 0996 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:56:08.0163 0996 WmiAcpi - ok
18:56:08.0223 0996 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:56:08.0263 0996 wmiApSrv - ok
18:56:08.0383 0996 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:56:08.0453 0996 WMPNetworkSvc - ok
18:56:08.0503 0996 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:56:08.0583 0996 WPCSvc - ok
18:56:08.0613 0996 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:56:08.0643 0996 WPDBusEnum - ok
18:56:08.0693 0996 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:56:08.0743 0996 ws2ifsl - ok
18:56:08.0803 0996 WSearch - ok
18:56:09.0003 0996 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
18:56:09.0253 0996 wuauserv - ok
18:56:09.0443 0996 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:56:09.0623 0996 WudfPf - ok
18:56:09.0703 0996 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:09.0973 0996 WUDFRd - ok
18:56:10.0053 0996 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:56:10.0183 0996 wudfsvc - ok
18:56:10.0233 0996 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:56:10.0313 0996 WwanSvc - ok
18:56:10.0483 0996 [ F9D62935E48DED9A2421BE9FAA93D6E8 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:56:10.0583 0996 ZTEusbmdm6k - ok
18:56:10.0723 0996 [ F9D62935E48DED9A2421BE9FAA93D6E8 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:56:10.0753 0996 ZTEusbnmea - ok
18:56:10.0793 0996 [ F9D62935E48DED9A2421BE9FAA93D6E8 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:56:10.0823 0996 ZTEusbser6k - ok
18:56:10.0993 0996 ================ Scan global ===============================
18:56:11.0033 0996 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
18:56:11.0113 0996 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
18:56:11.0143 0996 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
18:56:11.0233 0996 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:56:11.0253 0996 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:56:11.0293 0996 [Global] - ok
18:56:11.0323 0996 ================ Scan MBR ==================================
18:56:11.0643 0996 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:56:12.0433 0996 \Device\Harddisk0\DR0 - ok
18:56:12.0443 0996 ================ Scan VBR ==================================
18:56:12.0443 0996 [ CB8B8A07C7F433399AAF5B723199D67D ] \Device\Harddisk0\DR0\Partition1
18:56:12.0443 0996 \Device\Harddisk0\DR0\Partition1 - ok
18:56:12.0453 0996 [ 243B7DC887FC976F6367E29FA81F6F47 ] \Device\Harddisk0\DR0\Partition2
18:56:12.0453 0996 \Device\Harddisk0\DR0\Partition2 - ok
18:56:12.0463 0996 ============================================================
18:56:12.0463 0996 Scan finished
18:56:12.0463 0996 ============================================================
18:56:12.0483 3932 Detected object count: 14
18:56:12.0483 3932 Actual detected object count: 14
18:56:32.0183 3932 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0183 3932 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0183 3932 CrypKey License ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0183 3932 CrypKey License ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0193 3932 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0193 3932 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0193 3932 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0193 3932 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0193 3932 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0193 3932 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0203 3932 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0203 3932 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0203 3932 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0203 3932 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0213 3932 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0213 3932 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0213 3932 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0213 3932 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0213 3932 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:56:32.0213 3932 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:56:32.0223 3932 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0223 3932 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0223 3932 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0223 3932 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0223 3932 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0233 3932 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:56:32.0233 3932 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
18:56:32.0233 3932 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:00.0233 5956 ============================================================
18:57:00.0233 5956 Scan started
18:57:00.0233 5956 Mode: Manual; SigCheck; TDLFS;
18:57:00.0233 5956 ============================================================
18:57:00.0773 5956 ================ Scan system memory ========================
18:57:00.0773 5956 System memory - ok
18:57:00.0773 5956 ================ Scan services =============================
18:57:00.0973 5956 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:57:01.0013 5956 1394ohci - ok
18:57:01.0063 5956 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
18:57:01.0093 5956 acedrv11 - ok
18:57:01.0113 5956 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:57:01.0143 5956 ACPI - ok
18:57:01.0163 5956 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:57:01.0233 5956 AcpiPmi - ok
18:57:01.0283 5956 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:57:01.0303 5956 adp94xx - ok
18:57:01.0323 5956 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:57:01.0353 5956 adpahci - ok
18:57:01.0373 5956 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:57:01.0393 5956 adpu320 - ok
18:57:01.0433 5956 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:57:01.0483 5956 AeLookupSvc - ok
18:57:01.0503 5956 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
18:57:01.0563 5956 AFD - ok
18:57:01.0583 5956 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:57:01.0603 5956 agp440 - ok
18:57:01.0643 5956 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:57:01.0663 5956 aic78xx - ok
18:57:01.0673 5956 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:57:01.0693 5956 aliide - ok
18:57:01.0713 5956 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
18:57:01.0733 5956 amdagp - ok
18:57:01.0753 5956 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:57:01.0763 5956 amdide - ok
18:57:01.0793 5956 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:57:01.0813 5956 AmdK8 - ok
18:57:01.0843 5956 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:57:01.0873 5956 AmdPPM - ok
18:57:01.0913 5956 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:57:01.0933 5956 amdsata - ok
18:57:01.0953 5956 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:57:01.0973 5956 amdsbs - ok
18:57:01.0993 5956 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:57:02.0013 5956 amdxata - ok
18:57:02.0043 5956 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
18:57:02.0093 5956 AppID - ok
18:57:02.0123 5956 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:57:02.0173 5956 AppIDSvc - ok
18:57:02.0193 5956 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
18:57:02.0283 5956 Appinfo - ok
18:57:02.0303 5956 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:57:02.0333 5956 AppMgmt - ok
18:57:02.0363 5956 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:57:02.0383 5956 arc - ok
18:57:02.0403 5956 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:57:02.0423 5956 arcsas - ok
18:57:02.0543 5956 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:57:02.0553 5956 aspnet_state - ok
18:57:02.0603 5956 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:57:02.0653 5956 AsyncMac - ok
18:57:02.0703 5956 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:57:02.0713 5956 atapi - ok
18:57:02.0813 5956 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:57:02.0833 5956 atksgt - ok
18:57:02.0873 5956 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:57:02.0923 5956 AudioEndpointBuilder - ok
18:57:02.0953 5956 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:57:03.0003 5956 Audiosrv - ok
18:57:03.0093 5956 [ 277E8A2F70366EB959344BB89AC687CB ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
18:57:03.0113 5956 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:57:03.0113 5956 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:57:03.0163 5956 [ 34F335FEC0D7A7A4D329390B7C7B59B8 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
18:57:03.0183 5956 avgtp - ok
18:57:03.0203 5956 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:57:03.0293 5956 AxInstSV - ok
18:57:03.0323 5956 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:57:03.0353 5956 b06bdrv - ok
18:57:03.0383 5956 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:57:03.0413 5956 b57nd60x - ok
18:57:03.0433 5956 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:57:03.0463 5956 BDESVC - ok
18:57:03.0483 5956 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:57:03.0533 5956 Beep - ok
18:57:03.0563 5956 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
18:57:03.0623 5956 BFE - ok
18:57:03.0673 5956 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
18:57:03.0733 5956 BITS - ok
18:57:03.0763 5956 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:57:03.0843 5956 blbdrive - ok
18:57:03.0873 5956 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:57:03.0913 5956 bowser - ok
18:57:03.0943 5956 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:57:03.0973 5956 BrFiltLo - ok
18:57:03.0993 5956 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:57:04.0023 5956 BrFiltUp - ok
18:57:04.0043 5956 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
18:57:04.0103 5956 Browser - ok
18:57:04.0153 5956 [ 21FA3E51618FF8E2F4B29964ABC5884F ] Browser Defender Update Service C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
18:57:04.0173 5956 Browser Defender Update Service - ok
18:57:04.0203 5956 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:57:04.0243 5956 Brserid - ok
18:57:04.0253 5956 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:57:04.0333 5956 BrSerWdm - ok
18:57:04.0353 5956 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:57:04.0383 5956 BrUsbMdm - ok
18:57:04.0403 5956 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:57:04.0423 5956 BrUsbSer - ok
18:57:04.0473 5956 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:57:04.0493 5956 BthEnum - ok
18:57:04.0523 5956 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:57:04.0553 5956 BTHMODEM - ok
18:57:04.0583 5956 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:57:04.0613 5956 BthPan - ok
18:57:04.0653 5956 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:57:04.0693 5956 BTHPORT - ok
18:57:04.0733 5956 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:57:04.0783 5956 bthserv - ok
18:57:04.0823 5956 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:57:04.0843 5956 BTHUSB - ok
18:57:04.0873 5956 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:57:04.0923 5956 cdfs - ok
18:57:04.0943 5956 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:57:04.0973 5956 cdrom - ok
18:57:04.0993 5956 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
18:57:05.0053 5956 CertPropSvc - ok
18:57:05.0073 5956 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:57:05.0103 5956 circlass - ok
18:57:05.0123 5956 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:57:05.0153 5956 CLFS - ok
18:57:05.0243 5956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:05.0263 5956 clr_optimization_v2.0.50727_32 - ok
18:57:05.0303 5956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:05.0343 5956 clr_optimization_v4.0.30319_32 - ok
18:57:05.0373 5956 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:57:05.0403 5956 CmBatt - ok
18:57:05.0423 5956 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:57:05.0443 5956 cmdide - ok
18:57:05.0473 5956 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
18:57:05.0513 5956 CNG - ok
18:57:05.0543 5956 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:57:05.0563 5956 Compbatt - ok
18:57:05.0593 5956 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:57:05.0623 5956 CompositeBus - ok
18:57:05.0633 5956 COMSysApp - ok
18:57:05.0663 5956 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:57:05.0683 5956 crcdisk - ok
18:57:05.0723 5956 [ 2177A0F611584BCA1DFDD7EEB35C0224 ] CrypKey License C:\Windows\system32\crypserv.exe
18:57:05.0883 5956 CrypKey License ( UnsignedFile.Multi.Generic ) - warning
18:57:05.0883 5956 CrypKey License - detected UnsignedFile.Multi.Generic (1)
18:57:05.0973 5956 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:57:06.0023 5956 CryptSvc - ok
18:57:06.0043 5956 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
18:57:06.0073 5956 CSC - ok
18:57:06.0113 5956 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
18:57:06.0153 5956 CscService - ok
18:57:06.0203 5956 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
18:57:06.0283 5956 DcomLaunch - ok
18:57:06.0333 5956 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:57:06.0413 5956 defragsvc - ok
18:57:06.0433 5956 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:57:06.0503 5956 DfsC - ok
18:57:06.0553 5956 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:57:06.0583 5956 Dhcp - ok
18:57:06.0603 5956 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:57:06.0653 5956 discache - ok
18:57:06.0673 5956 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:57:06.0693 5956 Disk - ok
18:57:06.0713 5956 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:57:06.0773 5956 Dnscache - ok
18:57:06.0803 5956 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
18:57:06.0853 5956 dot3svc - ok
18:57:06.0883 5956 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
18:57:06.0933 5956 DPS - ok
18:57:06.0973 5956 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:57:07.0003 5956 drmkaud - ok
18:57:07.0053 5956 [ 39806CFEDDCC55E686A49BCCD2972F23 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:57:07.0113 5956 DXGKrnl - ok
18:57:07.0143 5956 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:57:07.0283 5956 EapHost - ok
18:57:07.0503 5956 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:57:07.0593 5956 ebdrv - ok
18:57:07.0623 5956 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
18:57:07.0653 5956 EFS - ok
18:57:07.0733 5956 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:57:07.0773 5956 ehRecvr - ok
18:57:07.0793 5956 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:57:07.0823 5956 ehSched - ok
18:57:07.0893 5956 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:57:07.0933 5956 elxstor - ok
18:57:07.0953 5956 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:57:07.0983 5956 ErrDev - ok
18:57:08.0033 5956 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:57:08.0083 5956 EventSystem - ok
18:57:08.0113 5956 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:57:08.0163 5956 exfat - ok
18:57:08.0193 5956 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:57:08.0253 5956 fastfat - ok
18:57:08.0293 5956 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
18:57:08.0323 5956 Fax - ok
18:57:08.0353 5956 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:57:08.0373 5956 fdc - ok
18:57:08.0443 5956 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:57:08.0483 5956 fdPHost - ok
18:57:08.0513 5956 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:57:08.0563 5956 FDResPub - ok
18:57:08.0583 5956 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:57:08.0603 5956 FileInfo - ok
18:57:08.0643 5956 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:57:08.0683 5956 Filetrace - ok
18:57:08.0713 5956 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:08.0743 5956 flpydisk - ok
18:57:08.0773 5956 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:57:08.0803 5956 FltMgr - ok
18:57:08.0863 5956 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
18:57:08.0923 5956 FontCache - ok
18:57:08.0963 5956 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:57:08.0983 5956 FontCache3.0.0.0 - ok
18:57:09.0003 5956 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:57:09.0033 5956 FsDepends - ok
18:57:09.0053 5956 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:57:09.0073 5956 Fs_Rec - ok
18:57:09.0103 5956 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:57:09.0133 5956 fvevol - ok
18:57:09.0173 5956 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:57:09.0193 5956 gagp30kx - ok
18:57:09.0703 5956 GarenaPEngine - ok
18:57:09.0853 5956 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
18:57:09.0893 5956 gpsvc - ok
18:57:09.0933 5956 [ D30B31375C40309425C21EFE75DB90BB ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:57:09.0943 5956 hamachi - ok
18:57:09.0973 5956 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:57:10.0003 5956 hcw85cir - ok
18:57:10.0053 5956 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:57:10.0083 5956 HdAudAddService - ok
18:57:10.0103 5956 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:57:10.0133 5956 HDAudBus - ok
18:57:10.0163 5956 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:57:10.0193 5956 HidBatt - ok
18:57:10.0213 5956 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:57:10.0243 5956 HidBth - ok
18:57:10.0283 5956 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:57:10.0333 5956 HidIr - ok
18:57:10.0393 5956 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:57:10.0543 5956 hidserv - ok
18:57:10.0663 5956 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:57:10.0693 5956 HidUsb - ok
18:57:10.0713 5956 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:57:10.0773 5956 hkmsvc - ok
18:57:10.0803 5956 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:57:10.0843 5956 HomeGroupListener - ok
18:57:10.0873 5956 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:57:10.0913 5956 HomeGroupProvider - ok
18:57:10.0933 5956 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:57:10.0953 5956 HpSAMD - ok
18:57:10.0993 5956 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:57:11.0063 5956 HTTP - ok
18:57:11.0083 5956 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:57:11.0113 5956 hwpolicy - ok
18:57:11.0133 5956 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:57:11.0163 5956 i8042prt - ok
18:57:11.0183 5956 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
18:57:11.0223 5956 iaStorV - ok
18:57:11.0363 5956 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:57:11.0373 5956 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:57:11.0373 5956 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:57:11.0453 5956 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:57:11.0483 5956 idsvc - ok
18:57:11.0793 5956 [ C7FEE838FD0216EE0AD3D765AB4F40F4 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:57:11.0983 5956 igfx - ok
18:57:12.0043 5956 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:57:12.0063 5956 iirsp - ok
18:57:12.0123 5956 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
18:57:12.0183 5956 IKEEXT - ok
18:57:12.0293 5956 [ B29E79C67F3779E70BA187E31B639EBC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:57:12.0373 5956 IntcAzAudAddService - ok
18:57:12.0403 5956 [ E63CD0D9AA8D406CABDE5AA718936F40 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:57:12.0433 5956 IntcHdmiAddService - ok
18:57:12.0463 5956 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:57:12.0473 5956 intelide - ok
18:57:12.0503 5956 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:57:12.0533 5956 intelppm - ok
18:57:12.0583 5956 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:57:12.0633 5956 IPBusEnum - ok
18:57:12.0663 5956 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:57:12.0733 5956 IpFilterDriver - ok
18:57:12.0773 5956 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:57:12.0843 5956 iphlpsvc - ok
18:57:12.0873 5956 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:57:12.0893 5956 IPMIDRV - ok
18:57:12.0923 5956 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:57:12.0973 5956 IPNAT - ok
18:57:13.0023 5956 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:57:13.0043 5956 IRENUM - ok
18:57:13.0073 5956 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:57:13.0093 5956 isapnp - ok
18:57:13.0133 5956 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:57:13.0153 5956 iScsiPrt - ok
18:57:13.0183 5956 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:57:13.0203 5956 kbdclass - ok
18:57:13.0243 5956 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:57:13.0273 5956 kbdhid - ok
18:57:13.0293 5956 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
18:57:13.0333 5956 KeyIso - ok
18:57:13.0363 5956 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:57:13.0383 5956 KSecDD - ok
18:57:13.0403 5956 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:57:13.0423 5956 KSecPkg - ok
18:57:13.0473 5956 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:57:13.0563 5956 KtmRm - ok
18:57:13.0673 5956 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
18:57:13.0753 5956 L1C - ok
18:57:13.0813 5956 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:57:13.0913 5956 LanmanServer - ok
18:57:13.0943 5956 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:57:13.0993 5956 LanmanWorkstation - ok
18:57:14.0053 5956 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:57:14.0063 5956 lirsgt - ok
18:57:14.0093 5956 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:57:14.0133 5956 lltdio - ok
18:57:14.0193 5956 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:57:14.0243 5956 lltdsvc - ok
18:57:14.0273 5956 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:57:14.0333 5956 lmhosts - ok
18:57:14.0373 5956 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:57:14.0393 5956 LSI_FC - ok
18:57:14.0413 5956 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:57:14.0443 5956 LSI_SAS - ok
18:57:14.0463 5956 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:57:14.0483 5956 LSI_SAS2 - ok
18:57:14.0503 5956 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:57:14.0533 5956 LSI_SCSI - ok
18:57:14.0553 5956 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:57:14.0603 5956 luafv - ok
18:57:14.0713 5956 [ 04D3A71875699098AF856EE5F9F72AC3 ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
18:57:14.0723 5956 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:57:14.0723 5956 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:57:14.0773 5956 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys
18:57:14.0813 5956 massfilter - ok
18:57:14.0933 5956 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
18:57:14.0943 5956 mcdbus ( UnsignedFile.Multi.Generic ) - warning
18:57:14.0943 5956 mcdbus - detected UnsignedFile.Multi.Generic (1)
18:57:14.0993 5956 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:57:15.0043 5956 Mcx2Svc - ok
18:57:15.0093 5956 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:57:15.0113 5956 megasas - ok
18:57:15.0143 5956 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:57:15.0173 5956 MegaSR - ok
18:57:15.0373 5956 Micorsoft Windows Service - ok
18:57:15.0493 5956 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:57:15.0553 5956 MMCSS - ok
18:57:15.0603 5956 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:57:15.0653 5956 Modem - ok
18:57:15.0673 5956 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:57:15.0733 5956 monitor - ok
18:57:15.0753 5956 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:57:15.0783 5956 mouclass - ok
18:57:15.0813 5956 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:57:15.0833 5956 mouhid - ok
18:57:15.0853 5956 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:57:15.0873 5956 mountmgr - ok
18:57:15.0983 5956 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:57:15.0993 5956 MozillaMaintenance - ok
18:57:16.0023 5956 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:57:16.0053 5956 mpio - ok
18:57:16.0073 5956 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:57:16.0123 5956 mpsdrv - ok
18:57:16.0163 5956 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:57:16.0193 5956 MRxDAV - ok
18:57:16.0213 5956 [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:57:16.0273 5956 mrxsmb - ok
18:57:16.0303 5956 [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:57:16.0363 5956 mrxsmb10 - ok
18:57:16.0393 5956 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:57:16.0443 5956 mrxsmb20 - ok
18:57:16.0463 5956 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:57:16.0483 5956 msahci - ok
18:57:16.0503 5956 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:57:16.0533 5956 msdsm - ok
18:57:16.0573 5956 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:57:16.0603 5956 MSDTC - ok
18:57:16.0653 5956 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:57:16.0703 5956 Msfs - ok
18:57:16.0753 5956 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:57:16.0813 5956 mshidkmdf - ok
18:57:16.0843 5956 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:57:16.0863 5956 msisadrv - ok
18:57:16.0913 5956 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:57:16.0973 5956 MSiSCSI - ok
18:57:16.0983 5956 msiserver - ok
18:57:17.0043 5956 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:57:17.0093 5956 MSKSSRV - ok
18:57:17.0113 5956 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:57:17.0163 5956 MSPCLOCK - ok
18:57:17.0193 5956 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:57:17.0243 5956 MSPQM - ok
18:57:17.0273 5956 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:57:17.0313 5956 MsRPC - ok
18:57:17.0353 5956 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:57:17.0373 5956 mssmbios - ok
18:57:17.0403 5956 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:57:17.0453 5956 MSTEE - ok
18:57:17.0473 5956 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:57:17.0503 5956 MTConfig - ok
18:57:17.0523 5956 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:57:17.0543 5956 Mup - ok
18:57:17.0593 5956 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
18:57:17.0643 5956 napagent - ok
18:57:17.0673 5956 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:57:17.0713 5956 NativeWifiP - ok
18:57:17.0773 5956 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:57:17.0813 5956 NDIS - ok
18:57:17.0843 5956 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:57:17.0893 5956 NdisCap - ok
18:57:17.0923 5956 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:57:17.0973 5956 NdisTapi - ok
18:57:17.0993 5956 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:57:18.0073 5956 Ndisuio - ok
18:57:18.0133 5956 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:57:18.0183 5956 NdisWan - ok
18:57:18.0203 5956 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:57:18.0253 5956 NDProxy - ok
18:57:18.0283 5956 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:57:18.0333 5956 NetBIOS - ok
18:57:18.0363 5956 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:57:18.0413 5956 NetBT - ok
18:57:18.0443 5956 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
18:57:18.0473 5956 Netlogon - ok
18:57:18.0513 5956 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:57:18.0573 5956 Netman - ok
18:57:18.0673 5956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:57:18.0693 5956 NetMsmqActivator - ok
18:57:18.0723 5956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:57:18.0743 5956 NetPipeActivator - ok
18:57:18.0793 5956 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:57:18.0853 5956 netprofm - ok
18:57:18.0873 5956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:57:18.0893 5956 NetTcpActivator - ok
18:57:18.0903 5956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:57:18.0923 5956 NetTcpPortSharing - ok
18:57:19.0083 5956 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
18:57:19.0193 5956 netw5v32 - ok
18:57:19.0223 5956 [ 9446D03271BAF3496BBD2957D2732FD2 ] NetworkX C:\Windows\System32\ckldrv.sys
18:57:19.0243 5956 NetworkX - ok
18:57:19.0283 5956 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:57:19.0303 5956 nfrd960 - ok
18:57:19.0333 5956 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
18:57:19.0393 5956 NlaSvc - ok
18:57:19.0413 5956 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:57:19.0463 5956 Npfs - ok
18:57:19.0493 5956 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:57:19.0553 5956 nsi - ok
18:57:19.0583 5956 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:57:19.0623 5956 nsiproxy - ok
18:57:19.0693 5956 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:57:19.0733 5956 Ntfs - ok
18:57:19.0763 5956 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:57:19.0843 5956 Null - ok
18:57:19.0873 5956 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
18:57:20.0003 5956 nvraid - ok
18:57:20.0033 5956 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
18:57:20.0053 5956 nvstor - ok
18:57:20.0103 5956 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:57:20.0123 5956 nv_agp - ok
18:57:20.0223 5956 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:57:20.0243 5956 odserv - ok
18:57:20.0273 5956 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:57:20.0303 5956 ohci1394 - ok
18:57:20.0353 5956 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:20.0363 5956 ose - ok
18:57:20.0423 5956 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:57:20.0463 5956 p2pimsvc - ok
18:57:20.0503 5956 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:57:20.0543 5956 p2psvc - ok
18:57:20.0573 5956 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:57:20.0603 5956 Parport - ok
18:57:20.0633 5956 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:57:20.0653 5956 partmgr - ok
18:57:20.0683 5956 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:57:20.0713 5956 Parvdm - ok
18:57:20.0743 5956 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:57:20.0793 5956 PcaSvc - ok
18:57:20.0843 5956 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:57:20.0893 5956 pccsmcfd - ok
18:57:20.0933 5956 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
18:57:20.0953 5956 pci - ok
18:57:20.0983 5956 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:57:21.0003 5956 pciide - ok
18:57:21.0053 5956 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:57:21.0083 5956 pcmcia - ok
18:57:21.0163 5956 [ 807FF1DD6E1BDF8E7D2062FCA0DAECAF ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
18:57:21.0183 5956 PCTCore - ok
18:57:21.0213 5956 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:57:21.0243 5956 pcw - ok
18:57:21.0293 5956 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:57:21.0353 5956 PEAUTH - ok
18:57:21.0413 5956 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:57:21.0453 5956 PeerDistSvc - ok
18:57:21.0583 5956 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
18:57:21.0683 5956 pla - ok
18:57:21.0873 5956 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:57:22.0003 5956 PlugPlay - ok
18:57:22.0033 5956 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:57:22.0073 5956 PNRPAutoReg - ok
18:57:22.0103 5956 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:57:22.0133 5956 PNRPsvc - ok
18:57:22.0183 5956 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:57:22.0243 5956 PolicyAgent - ok
18:57:22.0293 5956 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
18:57:22.0363 5956 Power - ok
18:57:22.0413 5956 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:57:22.0473 5956 PptpMiniport - ok
18:57:22.0503 5956 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:57:22.0543 5956 Processor - ok
18:57:22.0583 5956 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
18:57:22.0643 5956 ProfSvc - ok
18:57:22.0663 5956 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:57:22.0693 5956 ProtectedStorage - ok
18:57:22.0743 5956 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:57:22.0793 5956 Psched - ok
18:57:22.0853 5956 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:57:22.0923 5956 ql2300 - ok
18:57:22.0953 5956 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:57:22.0983 5956 ql40xx - ok
18:57:23.0023 5956 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:57:23.0053 5956 QWAVE - ok
18:57:23.0093 5956 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:57:23.0123 5956 QWAVEdrv - ok
18:57:23.0213 5956 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:57:23.0233 5956 RapiMgr - ok
18:57:23.0273 5956 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:57:23.0333 5956 RasAcd - ok
18:57:23.0393 5956 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:57:23.0443 5956 RasAgileVpn - ok
18:57:23.0473 5956 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:57:23.0523 5956 RasAuto - ok
18:57:23.0553 5956 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:57:23.0603 5956 Rasl2tp - ok
18:57:23.0643 5956 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
18:57:23.0703 5956 RasMan - ok
18:57:23.0723 5956 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:57:23.0773 5956 RasPppoe - ok
18:57:23.0803 5956 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:57:23.0853 5956 RasSstp - ok
18:57:23.0883 5956 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:57:23.0933 5956 rdbss - ok
18:57:23.0953 5956 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:57:24.0013 5956 rdpbus - ok
18:57:24.0043 5956 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:57:24.0093 5956 RDPCDD - ok
18:57:24.0133 5956 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:57:24.0163 5956 RDPDR - ok
18:57:24.0193 5956 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:57:24.0253 5956 RDPENCDD - ok
18:57:24.0293 5956 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:57:24.0343 5956 RDPREFMP - ok
18:57:24.0373 5956 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:57:24.0433 5956 RDPWD - ok
18:57:24.0463 5956 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:57:24.0483 5956 rdyboost - ok
18:57:24.0523 5956 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:57:24.0583 5956 RemoteAccess - ok
18:57:24.0613 5956 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:57:24.0673 5956 RemoteRegistry - ok
18:57:24.0713 5956 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:57:24.0743 5956 RFCOMM - ok
18:57:24.0773 5956 [ B4090006A82EEB608C358AB5D37DE85A ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
18:57:24.0823 5956 RMCAST - ok
18:57:24.0853 5956 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:57:24.0913 5956 RpcEptMapper - ok
18:57:24.0953 5956 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:57:24.0983 5956 RpcLocator - ok
18:57:25.0023 5956 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
18:57:25.0093 5956 RpcSs - ok
18:57:25.0123 5956 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:57:25.0173 5956 rspndr - ok
18:57:25.0223 5956 [ 434DCF7AE4300C876AA40873E3113983 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:57:25.0263 5956 RSUSBSTOR - ok
18:57:25.0283 5956 RtsUIR - ok
18:57:25.0313 5956 [ 815445F4676CC96BC9AEEC303C727E19 ] s116bus C:\Windows\system32\DRIVERS\s116bus.sys
18:57:25.0333 5956 s116bus - ok
18:57:25.0373 5956 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
18:57:25.0403 5956 s3cap - ok
18:57:25.0423 5956 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
18:57:25.0453 5956 SamSs - ok
18:57:25.0483 5956 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:57:25.0503 5956 sbp2port - ok
18:57:25.0543 5956 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:57:25.0593 5956 SCardSvr - ok
18:57:25.0623 5956 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:57:25.0673 5956 scfilter - ok
18:57:25.0723 5956 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
18:57:25.0793 5956 Schedule - ok
18:57:25.0833 5956 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:57:25.0883 5956 SCPolicySvc - ok
18:57:25.0953 5956 [ A1089AC7683826E6C7C9FAB9723DD80F ] sdAuxService C:\Program Files\Spyware Doctor\pctsAuxs.exe
18:57:25.0973 5956 sdAuxService - ok
18:57:26.0043 5956 [ 06F95756353653C7D505361117186713 ] sdCoreService C:\Program Files\Spyware Doctor\pctsSvc.exe
18:57:26.0103 5956 sdCoreService - ok
18:57:26.0133 5956 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:57:26.0173 5956 SDRSVC - ok
18:57:26.0213 5956 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:57:26.0273 5956 secdrv - ok
18:57:26.0303 5956 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:57:26.0363 5956 seclogon - ok
18:57:26.0383 5956 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:57:26.0453 5956 SENS - ok
18:57:26.0473 5956 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:57:26.0503 5956 SensrSvc - ok
18:57:26.0543 5956 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:57:26.0563 5956 Serenum - ok
18:57:26.0603 5956 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:57:26.0623 5956 Serial - ok
18:57:26.0653 5956 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:57:26.0683 5956 sermouse - ok
18:57:26.0763 5956 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:57:26.0793 5956 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:57:26.0793 5956 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:57:26.0853 5956 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
18:57:26.0913 5956 SessionEnv - ok
18:57:26.0953 5956 [ 4354D1EEA9B4B6E29D53151ACDE7980F ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
18:57:26.0963 5956 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:57:26.0963 5956 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:57:26.0993 5956 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:57:27.0023 5956 sffdisk - ok
18:57:27.0053 5956 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:57:27.0083 5956 sffp_mmc - ok
18:57:27.0113 5956 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:57:27.0153 5956 sffp_sd - ok
18:57:27.0183 5956 [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
18:57:27.0193 5956 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:57:27.0193 5956 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:57:27.0233 5956 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:57:27.0263 5956 sfloppy - ok
18:57:27.0293 5956 [ D14D5C9C11998DA690FA75460F4F1CF3 ] sfsync02 C:\Windows\system32\drivers\sfsync02.sys
18:57:27.0303 5956 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:57:27.0303 5956 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:57:27.0363 5956 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:57:27.0413 5956 ShellHWDetection - ok
18:57:27.0433 5956 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
18:57:27.0453 5956 sisagp - ok
18:57:27.0493 5956 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:57:27.0523 5956 SiSRaid2 - ok
18:57:27.0543 5956 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:57:27.0563 5956 SiSRaid4 - ok
18:57:27.0623 5956 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:57:27.0643 5956 SkypeUpdate - ok
18:57:27.0673 5956 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:57:27.0733 5956 Smb - ok
18:57:27.0783 5956 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:57:27.0823 5956 SNMPTRAP - ok
18:57:27.0843 5956 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:57:27.0873 5956 spldr - ok
18:57:27.0903 5956 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
18:57:27.0943 5956 Spooler - ok
18:57:28.0043 5956 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
18:57:28.0133 5956 sppsvc - ok
18:57:28.0163 5956 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:57:28.0243 5956 sppuinotify - ok
18:57:28.0303 5956 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:57:28.0303 5956 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:57:28.0313 5956 sptd ( LockedFile.Multi.Generic ) - warning
18:57:28.0313 5956 sptd - detected LockedFile.Multi.Generic (1)
18:57:28.0343 5956 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:57:28.0393 5956 srv - ok
18:57:28.0433 5956 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:57:28.0493 5956 srv2 - ok
18:57:28.0523 5956 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:57:28.0563 5956 srvnet - ok
18:57:28.0603 5956 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
18:57:28.0633 5956 sscdbus - ok
18:57:28.0673 5956 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:57:28.0693 5956 sscdmdfl - ok
18:57:28.0743 5956 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
18:57:28.0763 5956 sscdmdm - ok
18:57:28.0813 5956 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:57:28.0863 5956 SSDPSRV - ok
18:57:28.0903 5956 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
18:57:28.0913 5956 SSPORT ( UnsignedFile.Multi.Generic ) - warning
18:57:28.0913 5956 SSPORT - detected UnsignedFile.Multi.Generic (1)
18:57:28.0953 5956 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:57:29.0013 5956 SstpSvc - ok
18:57:29.0063 5956 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
18:57:29.0073 5956 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:57:29.0073 5956 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:57:29.0103 5956 Steam Client Service - ok
18:57:29.0133 5956 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:57:29.0153 5956 stexstor - ok
18:57:29.0203 5956 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
18:57:29.0273 5956 StiSvc - ok
18:57:29.0303 5956 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
18:57:29.0323 5956 storflt - ok
18:57:29.0363 5956 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
18:57:29.0383 5956 storvsc - ok
18:57:29.0413 5956 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:57:29.0433 5956 swenum - ok
18:57:29.0533 5956 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:57:29.0553 5956 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:57:29.0553 5956 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:57:29.0603 5956 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:57:29.0663 5956 swprv - ok
18:57:29.0713 5956 [ 47183E3520C88FADD5B0C87D57040DA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:57:29.0733 5956 SynTP - ok
18:57:29.0783 5956 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
18:57:29.0843 5956 SysMain - ok
18:57:29.0873 5956 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:57:29.0913 5956 TabletInputService - ok
18:57:29.0933 5956 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
18:57:30.0003 5956 TapiSrv - ok
18:57:30.0033 5956 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:57:30.0083 5956 TBS - ok
18:57:30.0143 5956 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:57:30.0193 5956 Tcpip - ok
18:57:30.0243 5956 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:57:30.0313 5956 TCPIP6 - ok
18:57:30.0363 5956 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:57:30.0413 5956 tcpipreg - ok
18:57:30.0453 5956 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:57:30.0503 5956 TDPIPE - ok
18:57:30.0523 5956 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:57:30.0603 5956 TDTCP - ok
18:57:30.0633 5956 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:57:30.0683 5956 tdx - ok
18:57:30.0703 5956 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:57:30.0723 5956 TermDD - ok
18:57:30.0773 5956 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
18:57:30.0843 5956 TermService - ok
18:57:30.0863 5956 [ A66277FB1FACE9EDF23829F791803F4F ] Themes C:\Windows\system32\themeservice.dll
18:57:30.0893 5956 Themes ( UnsignedFile.Multi.Generic ) - warning
18:57:30.0893 5956 Themes - detected UnsignedFile.Multi.Generic (1)
18:57:30.0913 5956 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:57:30.0973 5956 THREADORDER - ok
18:57:31.0003 5956 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:57:31.0063 5956 TrkWks - ok
18:57:31.0133 5956 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:57:31.0153 5956 TrustedInstaller - ok
18:57:31.0203 5956 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:57:31.0253 5956 tssecsrv - ok
18:57:31.0313 5956 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:57:31.0363 5956 tunnel - ok
18:57:31.0393 5956 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:57:31.0413 5956 uagp35 - ok
18:57:31.0453 5956 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:57:31.0503 5956 udfs - ok
18:57:31.0593 5956 [ 528610A96539CD6AD6B68B199E2F3C73 ] UI Assistant Service C:\Program Files\ZTE Join Air\AssistantServices.exe
18:57:31.0613 5956 UI Assistant Service - ok
18:57:31.0653 5956 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:57:31.0683 5956 UI0Detect - ok
18:57:31.0713 5956 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:57:31.0733 5956 uliagpkx - ok
18:57:31.0793 5956 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:57:31.0823 5956 umbus - ok
18:57:31.0843 5956 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:57:31.0873 5956 UmPass - ok
18:57:31.0903 5956 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
18:57:31.0943 5956 UmRdpService - ok
18:57:31.0973 5956 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:57:32.0033 5956 upnphost - ok
18:57:32.0063 5956 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:57:32.0093 5956 usbccgp - ok
18:57:32.0113 5956 USBCCID - ok
18:57:32.0143 5956 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:57:32.0173 5956 usbcir - ok
18:57:32.0213 5956 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:57:32.0243 5956 usbehci - ok
18:57:32.0283 5956 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:57:32.0303 5956 usbhub - ok
18:57:32.0343 5956 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:57:32.0393 5956 usbohci - ok
18:57:32.0413 5956 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:57:32.0453 5956 usbprint - ok
18:57:32.0483 5956 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:57:32.0513 5956 USBSTOR - ok
18:57:32.0533 5956 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:57:32.0563 5956 usbuhci - ok
18:57:32.0603 5956 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:57:32.0663 5956 usbvideo - ok
18:57:32.0703 5956 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:57:32.0733 5956 usb_rndisx - ok
18:57:32.0773 5956 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:57:32.0823 5956 UxSms - ok
18:57:32.0843 5956 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
18:57:32.0873 5956 VaultSvc - ok
18:57:32.0903 5956 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:57:32.0923 5956 vdrvroot - ok
18:57:32.0963 5956 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
18:57:33.0003 5956 vds - ok
18:57:33.0033 5956 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:57:33.0063 5956 vga - ok
18:57:33.0093 5956 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:57:33.0143 5956 VgaSave - ok
18:57:33.0183 5956 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:57:33.0203 5956 vhdmp - ok
18:57:33.0233 5956 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
18:57:33.0253 5956 viaagp - ok
18:57:33.0273 5956 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:57:33.0313 5956 ViaC7 - ok
18:57:33.0343 5956 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:57:33.0363 5956 viaide - ok
18:57:33.0403 5956 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
18:57:33.0443 5956 vmbus - ok
18:57:33.0473 5956 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
18:57:33.0503 5956 VMBusHID - ok
18:57:33.0563 5956 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:57:33.0583 5956 volmgr - ok
18:57:33.0643 5956 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:57:33.0663 5956 volmgrx - ok
18:57:33.0703 5956 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:57:33.0803 5956 volsnap - ok
18:57:33.0833 5956 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:57:33.0863 5956 vsmraid - ok
18:57:33.0923 5956 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
18:57:33.0973 5956 VSS - ok
18:57:34.0013 5956 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:57:34.0033 5956 vwifibus - ok
18:57:34.0103 5956 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:57:34.0163 5956 W32Time - ok
18:57:34.0213 5956 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:57:34.0243 5956 WacomPen - ok
18:57:34.0273 5956 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:57:34.0323 5956 WANARP - ok
18:57:34.0353 5956 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:57:34.0413 5956 Wanarpv6 - ok
18:57:34.0473 5956 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
18:57:34.0533 5956 wbengine - ok
18:57:34.0573 5956 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:57:34.0613 5956 WbioSrvc - ok
18:57:34.0673 5956 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:57:34.0693 5956 WcesComm - ok
18:57:34.0733 5956 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:57:34.0773 5956 wcncsvc - ok
18:57:34.0803 5956 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:57:34.0833 5956 WcsPlugInService - ok
18:57:34.0863 5956 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:57:34.0883 5956 Wd - ok
18:57:34.0923 5956 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:57:34.0953 5956 Wdf01000 - ok
18:57:34.0973 5956 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:57:35.0013 5956 WdiServiceHost - ok
18:57:35.0043 5956 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:57:35.0083 5956 WdiSystemHost - ok
18:57:35.0113 5956 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
18:57:35.0153 5956 WebClient - ok
18:57:35.0193 5956 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:57:35.0253 5956 Wecsvc - ok
18:57:35.0273 5956 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:57:35.0333 5956 wercplsupport - ok
18:57:35.0363 5956 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:57:35.0413 5956 WerSvc - ok
18:57:35.0453 5956 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:57:35.0533 5956 WfpLwf - ok
18:57:35.0553 5956 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:57:35.0583 5956 WIMMount - ok
18:57:35.0633 5956 WinHttpAutoProxySvc - ok
18:57:35.0703 5956 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:57:35.0753 5956 Winmgmt - ok
18:57:35.0813 5956 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
18:57:35.0883 5956 WinRM - ok
18:57:35.0953 5956 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:57:35.0983 5956 WinUsb - ok
18:57:36.0033 5956 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:57:36.0083 5956 Wlansvc - ok
18:57:36.0113 5956 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:57:36.0143 5956 WmiAcpi - ok
18:57:36.0193 5956 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:57:36.0223 5956 wmiApSrv - ok
18:57:36.0303 5956 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:57:36.0343 5956 WMPNetworkSvc - ok
18:57:36.0373 5956 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:57:36.0413 5956 WPCSvc - ok
18:57:36.0443 5956 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:57:36.0483 5956 WPDBusEnum - ok
18:57:36.0513 5956 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:57:36.0573 5956 ws2ifsl - ok
18:57:36.0603 5956 WSearch - ok
18:57:36.0723 5956 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
18:57:36.0813 5956 wuauserv - ok
18:57:36.0843 5956 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:57:36.0893 5956 WudfPf - ok
18:57:36.0933 5956 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:57:36.0983 5956 WUDFRd - ok
18:57:37.0013 5956 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:57:37.0073 5956 wudfsvc - ok
18:57:37.0103 5956 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:57:37.0153 5956 WwanSvc - ok
18:57:37.0213 5956 [ F9D62935E48DED9A2421BE9FAA93D6E8 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:57:37.0243 5956 ZTEusbmdm6k - ok
18:57:37.0273 5956 [ F9D62935E48DED9A2421BE9FAA93D6E8 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:57:37.0293 5956 ZTEusbnmea - ok
18:57:37.0323 5956 [ F9D62935E48DED9A2421BE9FAA93D6E8 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:57:37.0353 5956 ZTEusbser6k - ok
18:57:37.0443 5956 ================ Scan global ===============================
18:57:37.0473 5956 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
18:57:37.0503 5956 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
18:57:37.0533 5956 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
18:57:37.0583 5956 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:57:37.0603 5956 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:57:37.0613 5956 [Global] - ok
18:57:37.0613 5956 ================ Scan MBR ==================================
18:57:37.0633 5956 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:57:38.0303 5956 \Device\Harddisk0\DR0 - ok
18:57:38.0303 5956 ================ Scan VBR ==================================
18:57:38.0313 5956 [ CB8B8A07C7F433399AAF5B723199D67D ] \Device\Harddisk0\DR0\Partition1
18:57:38.0323 5956 \Device\Harddisk0\DR0\Partition1 - ok
18:57:38.0323 5956 [ 243B7DC887FC976F6367E29FA81F6F47 ] \Device\Harddisk0\DR0\Partition2
18:57:38.0333 5956 \Device\Harddisk0\DR0\Partition2 - ok
18:57:38.0333 5956 ============================================================
18:57:38.0333 5956 Scan finished
18:57:38.0333 5956 ============================================================
18:57:38.0353 0632 Detected object count: 14
18:57:38.0353 0632 Actual detected object count: 14
18:57:45.0283 0632 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0283 0632 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0283 0632 CrypKey License ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0283 0632 CrypKey License ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0293 0632 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0293 0632 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0293 0632 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0293 0632 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0293 0632 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0293 0632 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0293 0632 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0293 0632 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0303 0632 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0303 0632 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0303 0632 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0303 0632 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0303 0632 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0303 0632 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0303 0632 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:57:45.0303 0632 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:57:45.0313 0632 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0313 0632 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0313 0632 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0313 0632 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0313 0632 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0313 0632 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:57:45.0323 0632 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:45.0323 0632 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#4
Essexboy
Posted 24 January 2013 - 01:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the OTL log please
  • 0

#5
castravete
Posted 24 January 2013 - 03:25 PM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I will post the OTL report as soon as it is finished. It keeps on running for 3 hours. Incredible. (mobile)
  • 0

#6
castravete
Posted 24 January 2013 - 03:32 PM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It is done, the reports are attached below.

OTL logfile created on: 24.01.2013 19:02:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 66,39% Memory free
5,86 Gb Paging File | 4,73 Gb Available in Paging File | 80,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,23 Gb Total Space | 7,71 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
Drive D: | 265,85 Gb Total Space | 41,48 Gb Free Space | 15,60% Space Free | Partition Type: NTFS

Computer Name: TEO-PC | User Name: teo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.24 18:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teo\Desktop\OTL.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2010.12.17 17:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
PRC - [2010.11.01 13:03:14 | 000,139,088 | ---- | M] () -- C:\Program Files\ZTE Join Air\UIExec.exe
PRC - [2010.11.01 12:58:54 | 000,253,264 | ---- | M] () -- C:\Program Files\ZTE Join Air\AssistantServices.exe
PRC - [2010.06.28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.03.18 20:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2010.03.15 08:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010.03.11 08:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010.03.09 05:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010.01.22 06:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.07.14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.23 17:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2007.09.02 08:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.01.17 12:58:02 | 000,331,776 | ---- | M] () -- C:\Genius\BTCentre\gBTAutoScroll.exe
PRC - [2007.01.12 13:10:18 | 000,483,328 | ---- | M] (TODO: <Company name>) -- C:\Genius\BTCentre\gBTMouseTask.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.03.20 22:01:57 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3534.23515__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.03.20 22:01:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.03.20 22:01:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.03.20 22:01:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.03.20 22:01:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.03.20 22:01:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.03.20 22:01:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.03.20 22:01:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3534.23653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.03.20 22:01:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.03.20 22:01:42 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3534.23638__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.03.20 22:01:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.03.20 22:01:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.03.20 22:01:41 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3534.23535__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.03.20 22:01:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3534.23635__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.03.20 22:01:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3534.23514__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.03.20 22:01:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3534.23512__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.03.20 22:01:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.03.20 22:01:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.03.20 22:01:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3534.23521__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.03.20 22:01:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.03.20 22:01:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3534.23637__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.03.20 22:01:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3534.23511__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.03.20 18:51:50 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2010.12.17 17:13:00 | 000,049,664 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
MOD - [2010.12.17 17:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MOD - [2010.11.01 13:03:14 | 000,139,088 | ---- | M] () -- C:\Program Files\ZTE Join Air\UIExec.exe
MOD - [2009.12.12 13:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.07.14 04:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009.07.14 04:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 04:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 04:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 04:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 04:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 04:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 04:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2007.09.02 08:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 08:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007.01.17 12:58:02 | 000,331,776 | ---- | M] () -- C:\Genius\BTCentre\gBTAutoScroll.exe


========== Services (SafeList) ==========

SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.06 12:47:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.08.08 21:07:38 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.22 15:25:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010.11.01 12:58:54 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.06.25 16:04:53 | 000,068,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.03.18 20:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (CrypKey License)
SRV - [2010.03.15 08:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 08:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.02.19 10:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.22 06:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.07.14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 06:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.31 13:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 13:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | Disabled | Running] -- C:\Users\teo\AppData\Local\Temp\yetntfsp.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\teo\AppData\Local\Temp\TMK72A4.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awpk7ony)
DRV - [2012.12.03 13:02:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011.05.14 14:44:48 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.03.14 06:36:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.04.02 19:40:35 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010.03.29 07:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.03.18 23:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2010.02.24 10:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.06 07:49:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.02.06 07:49:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.08 14:39:12 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.09.27 07:46:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.27 13:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.13 23:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009.07.13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.04 14:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.05.26 02:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.02.24 16:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.08.26 06:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.03 13:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 13:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 13:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007.04.03 11:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus)
DRV - [2004.11.29 18:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004.11.25 16:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004.10.28 10:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{B344D934-D327-4015-AB9E-782627C2B1F5}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.privit...q={searchTerms}
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_EU
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{B344D934-D327-4015-AB9E-782627C2B1F5}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{DF1303B7-AC3E-445C-9BCE-0C0F4A2DDE30}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.privit...ize.com/?aff=7"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.privit....com/?aff=7&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\teo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\teo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 12:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 20:07:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 12:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 20:07:12 | 000,000,000 | ---D | M]

[2010.01.08 12:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teo\AppData\Roaming\Mozilla\Extensions
[2012.10.23 01:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teo\AppData\Roaming\Mozilla\Firefox\Profiles\ybdj3nci.default\extensions
[2011.12.04 19:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.06 12:47:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.10.03 20:08:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.26 00:25:58 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2013.01.24 17:57:52 | 000,000,019 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BTCentre] C:\Genius\BTCentre\gBTMouseTask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [jsafesurf] C:\Windows\Help32\safesurf.exe File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UIExec] C:\Program Files\ZTE Join Air\UIExec.exe ()
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [RssGqiad] C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingE1487] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\VPN.dll" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingE2379] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingE9687] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\uninstall.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\RunOnce: [SpybotDeletingF2321] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\VPN.dll" File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\RunOnce: [SpybotDeletingF6036] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe" File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\RunOnce: [SpybotDeletingF6109] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\uninstall.exe" File not found
O4 - Startup: C:\Users\teo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\teo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{679460D6-8304-4CA2-B7C6-1826307D1971}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97EF9BAF-8912-42D7-AC59-C7F0361C7B07}: DhcpNameServer = 109.246.240.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97EF9BAF-8912-42D7-AC59-C7F0361C7B07}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) - C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{85fd23b3-dae5-11e0-9769-ee57e2403dae}\Shell - "" = AutoRun
O33 - MountPoints2\{85fd23b3-dae5-11e0-9769-ee57e2403dae}\Shell\AutoRun\command - "" = I:\Windows\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.01.24 18:55:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\teo\Desktop\OTL.exe
[2013.01.24 18:54:43 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\teo\Desktop\TDSSKiller.exe
[2013.01.24 17:55:14 | 000,000,000 | ---D | C] -- C:\Users\teo\Desktop\RK_Quarantine
[2013.01.23 23:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013.01.23 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.23 21:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.23 21:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.01.23 21:37:48 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.01.23 21:37:48 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.01.23 21:37:46 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.01.23 21:37:42 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.01.23 21:37:38 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.01.23 21:37:12 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.01.23 21:37:12 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2013.01.23 20:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.23 20:23:30 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Roaming\Malwarebytes
[2013.01.23 20:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.23 20:22:46 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\Programs
[2013.01.23 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.23 19:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.23 19:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2013.01.23 19:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2013.01.23 19:03:55 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\Avg2013
[2013.01.23 19:03:54 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\MFAData
[2013.01.23 18:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.01.23 16:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\teo\Desktop\*.tmp files -> C:\Users\teo\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\teo\*.tmp files -> C:\Users\teo\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.24 18:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000UA.job
[2013.01.24 18:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teo\Desktop\OTL.exe
[2013.01.24 18:19:58 | 005,419,212 | ---- | M] () -- C:\Users\teo\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013.01.24 18:10:26 | 001,897,963 | ---- | M] () -- C:\Users\teo\Desktop\MGtools.exe
[2013.01.24 18:09:38 | 000,635,864 | ---- | M] () -- C:\Users\teo\Desktop\cbsidlm-tr1_10a-HitmanPro_3_32bit-ORG-10895604.exe
[2013.01.24 18:07:18 | 002,193,345 | ---- | M] () -- C:\Users\teo\Desktop\tdsskiller.zip
[2013.01.24 17:57:52 | 000,000,019 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.24 17:53:15 | 000,768,512 | ---- | M] () -- C:\Users\teo\Desktop\RogueKiller.exe
[2013.01.24 17:48:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 17:48:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 17:41:07 | 000,002,268 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.24 17:39:41 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.01.24 17:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 17:39:27 | 2360,782,848 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.23 22:08:13 | 000,444,830 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2013.01.23 21:46:48 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 21:37:49 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.23 21:37:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.01.23 20:27:28 | 000,000,055 | ---- | M] () -- C:\Users\teo\AppData\Roaming\mbam.context.scan
[2013.01.23 17:34:25 | 000,101,160 | ---- | M] () -- C:\Users\teo\865126897.exe
[2013.01.23 16:38:32 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000Core.job
[2013.01.23 16:34:44 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013.01.22 17:57:29 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
[2013.01.20 14:56:48 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2013.01.17 11:36:27 | 000,080,617 | ---- | M] () -- C:\Users\teo\Desktop\Morningstar® Integrated Web Tools™ - High Low Prices.htm
[2013.01.13 17:16:12 | 003,766,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\teo\Desktop\*.tmp files -> C:\Users\teo\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\teo\*.tmp files -> C:\Users\teo\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.24 18:19:47 | 005,419,212 | ---- | C] () -- C:\Users\teo\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013.01.24 18:10:25 | 001,897,963 | ---- | C] () -- C:\Users\teo\Desktop\MGtools.exe
[2013.01.24 18:09:35 | 000,635,864 | ---- | C] () -- C:\Users\teo\Desktop\cbsidlm-tr1_10a-HitmanPro_3_32bit-ORG-10895604.exe
[2013.01.24 18:07:13 | 002,193,345 | ---- | C] () -- C:\Users\teo\Desktop\tdsskiller.zip
[2013.01.24 17:53:00 | 000,768,512 | ---- | C] () -- C:\Users\teo\Desktop\RogueKiller.exe
[2013.01.23 21:46:48 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 21:37:49 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.23 20:27:28 | 000,000,055 | ---- | C] () -- C:\Users\teo\AppData\Roaming\mbam.context.scan
[2013.01.23 17:43:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2013.01.23 17:34:25 | 000,101,160 | ---- | C] () -- C:\Users\teo\865126897.exe
[2013.01.23 16:34:44 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013.01.17 11:36:16 | 000,080,617 | ---- | C] () -- C:\Users\teo\Desktop\Morningstar® Integrated Web Tools™ - High Low Prices.htm
[2012.12.03 18:22:54 | 000,727,952 | ---- | C] () -- C:\Windows\System32\WSCM64.dll
[2012.12.03 18:22:54 | 000,159,120 | ---- | C] () -- C:\Windows\System32\WSCM32.dll
[2012.10.08 18:39:31 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssj1mlm.dll
[2012.06.30 09:28:47 | 000,002,268 | ---- | C] () -- C:\Windows\wininit.ini
[2012.06.19 12:48:47 | 000,000,093 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.07 04:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2012.02.24 13:38:53 | 000,003,584 | ---- | C] () -- C:\Users\teo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.14 19:07:24 | 000,000,132 | ---- | C] () -- C:\Users\teo\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.11.29 23:21:44 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011.11.17 19:04:58 | 000,000,059 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011.11.17 19:04:45 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011.11.17 19:04:45 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011.08.04 22:31:46 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011.04.23 17:26:08 | 000,001,456 | ---- | C] () -- C:\Users\teo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.04.22 21:23:35 | 000,000,027 | ---- | C] () -- C:\Users\teo\xStream_Render_Node.cfg
[2011.03.16 21:46:37 | 000,000,632 | RHS- | C] () -- C:\Users\teo\ntuser.pol
[2010.11.07 22:04:59 | 000,000,274 | ---- | C] () -- C:\Users\teo\FOX-Free Objects for Crystallography.ini
[2010.05.29 18:13:11 | 000,007,634 | ---- | C] () -- C:\Users\teo\AppData\Local\resmon.resmoncfg
[2010.04.02 19:43:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.03.10 09:36:54 | 000,033,861 | ---- | C] () -- C:\Users\teo\AppData\Roaming\SQLite3.dll

========== ZeroAccess Check ==========

[2009.07.14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.09.14 09:45:00 | 012,969,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009.07.14 01:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009.07.14 01:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
No service found with a name of ALG
SRV - [2009.07.14 01:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009.07.14 01:14:59 | 000,493,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009.07.14 01:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009.07.14 01:15:00 | 000,102,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2009.07.14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009.07.14 01:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009.07.14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 01:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 01:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV - [2009.07.14 01:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 01:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 01:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 01:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009.07.14 01:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 01:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009.07.14 01:16:17 | 000,294,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2009.07.14 01:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009.07.14 01:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 01:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009.07.14 01:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009.07.14 01:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 01:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009.07.14 01:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2009.07.14 01:16:15 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009.07.14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2009.07.14 01:16:13 | 000,743,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009.07.14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.08.01 22:18:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 01:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009.07.14 01:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009.07.14 01:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009.07.14 01:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009.07.14 01:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009.07.14 01:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV - [2009.07.14 01:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2009.07.14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 01:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009.07.14 01:16:21 | 001,912,832 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009.07.14 01:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 01:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009.07.14 01:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: SERVICES >
[2009.06.10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009.07.14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009.07.14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009.07.14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk
File not found Unable to obtain MD5 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
File not found Unable to obtain MD5 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009.07.14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.07.14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009.07.14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009.07.13 21:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009.07.13 21:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2D4B33E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Attached Files


  • 0

#7
castravete
Posted 24 January 2013 - 03:43 PM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Extras.txt



OTL Extras logfile created on: 24.01.2013 19:02:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 66,39% Memory free
5,86 Gb Paging File | 4,73 Gb Available in Paging File | 80,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,23 Gb Total Space | 7,71 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
Drive D: | 265,85 Gb Total Space | 41,48 Gb Free Space | 15,60% Space Free | Partition Type: NTFS

Computer Name: TEO-PC | User Name: teo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- "D:\macr x\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "D:\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
jsfile [open] -- "D:\macr x\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\New folder\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
"FirewallOverride" = 1
"AntiVirusOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0279A9AB-01C3-CD2C-837C-29861A0C863F}" = CCC Help Swedish
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C8CB2A-C6E8-EEF7-6388-B533685F6D7A}" = CCC Help Czech
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64E4CC-F3F5-E222-E59F-6A5B014C8F25}" = Catalyst Control Center Localization All
"{0EB727B6-3814-4E6B-1617-CC39A166651D}" = ccc-utility
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.30.0.75
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.5
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AE1A3BF-EE97-8F00-4BB1-B7F6B85C09BC}" = CCC Help French
"{2BA0A20B-B1D9-29C2-74B3-9BC7F2B0A11C}" = Catalyst Control Center Graphics Full Existing
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32F58E0F-3C9F-4D14-BDF2-A8FAB455AFF2}" = AVG 2013
"{3424165E-3CC9-A6E0-12A6-5BE273FD2636}" = CCC Help Dutch
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English
"{36E782E5-95A5-4B32-B493-DA05F9A6B560}" = BTCentre
"{3B42F282-B492-7489-201D-6BC9BB1D43D5}" = Catalyst Control Center InstallProxy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C76A500-2852-4848-9555-1DB015ABD439}" = NinjaTrader 7
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45E08245-F4FD-092A-D5CD-7CF541F80293}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50606891-5582-1C25-ACDC-E7DEDAD4DD19}" = CCC Help Chinese Traditional
"{54199443-342B-4162-B10D-CAA1C211E7A6}" = 3ds max 7 Architectural Materials
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{549AAD20-ED05-CE3A-B199-BC3D1ACE90B6}" = CCC Help Turkish
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{581C4F63-1B66-AAB2-F33D-05262CE58B25}" = CCC Help Danish
"{5EB4C5CA-962C-486B-81FF-A41B7B8FFBEC}" = 3ds max 7 Additional Maps and Materials
"{5FEF46AD-C410-E866-7FD5-872FB9F26A9D}" = ATI Catalyst Install Manager
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6910C412-A523-493C-BC22-0213CD7F4F3A}" = Industry Giant 2 - Gold Edition
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{703D2082-C8A8-06AE-76E5-1A03FF975621}" = CCC Help German
"{70BBB25F-0B2D-4EB5-B867-0D0E7CB5067F}" = AceReader Pro Deluxe Plus
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{738F8C78-BAAD-8FF4-F6E2-E825FB9C98E5}" = CCC Help Portuguese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8996E652-FCF2-840B-C7DF-9A2EA5DC6053}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A855257-A669-5D67-936E-07314EB19472}" = CCC Help Polish
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97660DB2-EF86-7489-52EC-87C15D64D812}" = CCC Help Spanish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English
"{9F8A956D-99F8-0DC1-5FD9-01AD022BC673}" = Catalyst Control Center Graphics Previews Vista
"{A34E6764-8BF0-A215-9C29-51CCD48FD891}" = CCC Help Chinese Standard
"{A4AA2BCD-6924-41C2-CA8B-C8D617602921}" = Catalyst Control Center Graphics Full New
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF250BF-1FD9-023C-088B-F178C48BC0E2}" = CCC Help Thai
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C1B36C7D-331F-BB66-5A0C-8C97FD956786}" = CCC Help English
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA38C8A-1F5A-7177-BF84-F12F54236027}" = ccc-core-static
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.92.624
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE5F0D0C-4398-2B93-BA14-DEAE92D57DEB}" = CCC Help Hungarian
"{E23D82D4-12E4-0966-9777-79A0A176C6E0}" = CCC Help Russian
"{E5F6E1A6-44AA-4CF7-883E-4F7FA7C4BCA5}" = 3ds max 7 Reference Files
"{E632763D-0D23-8560-2373-E8DE6443D7F9}" = CCC Help Finnish
"{E6F5ADD7-8B77-7650-F4C5-5DF847788229}" = CCC Help Greek
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68386EB-DDD6-0BAA-699B-65EAB94E42E4}" = Catalyst Control Center Core Implementation
"{F7633A58-230B-BCE1-5CDB-4D1FC5C98B44}" = CCC Help Japanese
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FC0B6AA4-C606-2AE5-4111-A9C3288FBF15}" = CCC Help Italian
"{FD7BC32A-1824-343F-B213-14A5626ABA23}" = CCC Help Korean
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5730-6571-9917-5170" = NetLogo 5.0
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.5.7
"Apex PDF Encryption Software 2.3.8.2" = Apex PDF Encryption Software 2.3.8.2
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BitTorrent" = BitTorrent
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BSPlayerf" = BS.Player FREE
"BusinessCardsMX3_is1" = BusinessCardsMX 3.94
"CCleaner" = CCleaner
"CCleaner_is1" = CCleaner 2.13.720
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"CureROM" = CureROM Pro 1.3.1
"ExpressBurn" = Express Burn Disc Burning Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Hamachi" = Hamachi 1.0.1.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"IndustryPlayer 6" = IndustryPlayer 6
"Kengeki Gaiden" = Kengeki Gaiden 1.82
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.4
"Lux Delux_is1" = Lux Delux 5.61
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mendeley Desktop" = Mendeley Desktop 1.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mount&Blade" = Mount&Blade
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Myth II Demo" = Myth II Demo
"Notepad++" = Notepad++
"Plus500" = Plus500
"PokerStars" = PokerStars
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-2160 Series" = Samsung ML-2160 Series
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Printer Live Update" = Samsung Printer Live Update
"Shockwave" = Shockwave
"Shutdown Timer_is1" = Shutdown Timer 1.1
"Speed Reader - X" = Speed Reader - X 5.0.20
"Spyware Doctor" = Spyware Doctor 7.0
"Stockhit Terminal" = Stockhit Terminal 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Text To PDF_is1" = Text To PDF
"TVWiz" = Intel® TV Wizard
"Tzar" = Tzar
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English
"VLC media player" = VLC media player 1.1.11
"Vue 6 xStream 32bit" = Vue 6 xStream 32bit
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 6.0.0.18)
"Xilisoft MP4 Converter" = Xilisoft MP4 Converter
"Yahoo! Messenger" = Yahoo! Messenger
"YouTube Downloader_is1" = YouTube Downloader 2.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.12.2012 17:56:08 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: isuspm.exe, version: 3.0.100.1131, time
stamp: 0x40816c48 Faulting module name: OLEAUT32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdaca Exception code: 0xc0000005 Fault offset: 0x00003e8d Faulting process
id: 0x3cc Faulting application start time: 0x01cdd26a167e94b6 Faulting application
path: c:\program files\common files\installshield\updateservice\isuspm.exe Faulting
module path: C:\Windows\system32\OLEAUT32.dll Report Id: 680fa390-3e5d-11e2-b96e-ca31368172c1

Error - 06.12.2012 10:16:40 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PrivitizeVPN.exe, version: 1.0.0.1, time
stamp: 0x504dc7c1 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000374 Fault offset: 0x000c283b Faulting process
id: 0x16d0 Faulting application start time: 0x01cdd1725ab1cc04 Faulting application
path: C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8d5bf1c3-3faf-11e2-b96e-ca31368172c1

Error - 11.12.2012 17:55:57 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: isuspm.exe, version: 3.0.100.1131, time
stamp: 0x40816c48 Faulting module name: OLEAUT32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdaca Exception code: 0xc0000005 Fault offset: 0x00003e8d Faulting process
id: 0x6c8 Faulting application start time: 0x01cdd7ea42e89743 Faulting application
path: c:\program files\common files\installshield\updateservice\isuspm.exe Faulting
module path: C:\Windows\system32\OLEAUT32.dll Report Id: 8a3fb388-43dd-11e2-b96e-ca31368172c1

Error - 13.01.2013 11:56:00 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: isuspm.exe, version: 3.0.100.1131, time
stamp: 0x40816c48 Faulting module name: OLEAUT32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdaca Exception code: 0xc0000005 Fault offset: 0x00003e8d Faulting process
id: 0x2e8 Faulting application start time: 0x01cdf1a65423fdb2 Faulting application
path: c:\program files\common files\installshield\updateservice\isuspm.exe Faulting
module path: C:\Windows\system32\OLEAUT32.dll Report Id: b9066676-5d99-11e2-b96e-ca31368172c1

Error - 13.01.2013 13:17:03 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AssistantServices.exe, version: 0.0.0.0,
time stamp: 0x4cbbf1c1 Faulting module name: AssistantServices.exe, version: 0.0.0.0,
time stamp: 0x4cbbf1c1 Exception code: 0xc0000417 Fault offset: 0x0000ee9a Faulting
process id: 0xc10 Faulting application start time: 0x01cdf1b1c37b68a2 Faulting application
path: C:\Program Files\ZTE Join Air\AssistantServices.exe Faulting module path:
C:\Program Files\ZTE Join Air\AssistantServices.exe Report Id: 0b984e0e-5da5-11e2-8f06-dd7d7fde43c9

Error - 13.01.2013 16:17:47 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time
stamp: 0x4f15f44a Faulting module name: launcher.maestro.dll, version: 1.0.0.29,
time stamp: 0x4e32067a Exception code: 0xc0000005 Fault offset: 0x000022f6 Faulting
process id: 0x1a0c Faulting application start time: 0x01cdf1b3cebebf13 Faulting application
path: D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
Faulting
module path: D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\launcher.maestro.dll
Report
Id: 4b2b7063-5dbe-11e2-8f06-dd7d7fde43c9

Error - 20.01.2013 10:56:58 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: isuspm.exe, version: 3.0.100.1131, time
stamp: 0x40816c48 Faulting module name: OLEAUT32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdaca Exception code: 0xc0000005 Fault offset: 0x00003e8d Faulting process
id: 0x2048 Faulting application start time: 0x01cdf71e4ffb07a0 Faulting application
path: c:\program files\common files\installshield\updateservice\isuspm.exe Faulting
module path: C:\Windows\system32\OLEAUT32.dll Report Id: a31c0b25-6311-11e2-8f06-dd7d7fde43c9

Error - 23.01.2013 15:30:43 | Computer Name = teo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0xf36bac23 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdaae Exception code: 0xe06d7363 Fault offset: 0x00009617 Faulting
process id: 0x1198 Faulting application start time: 0x01cdf9a00f3d515d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 601a4fd4-6593-11e2-8649-b6839db6336d

Error - 23.01.2013 17:36:40 | Computer Name = teo-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswMonFlt. System Error: The system cannot find the file specified. .

Error - 23.01.2013 18:53:23 | Computer Name = teo-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 12.09.2010 07:55:24 | Computer Name = teo-PC | Source = MCUpdate | ID = 0
Description = 2:55:10 PM - Error connecting to the internet. 2:55:10 PM - Unable
to contact server..

Error - 19.09.2010 06:49:03 | Computer Name = teo-PC | Source = MCUpdate | ID = 0
Description = 1:48:38 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 17.03.2011 09:29:15 | Computer Name = teo-PC | Source = MCUpdate | ID = 0
Description = 3:29:12 PM - Error connecting to the internet. 3:29:12 PM - Unable
to contact server..

Error - 17.03.2011 16:31:06 | Computer Name = teo-PC | Source = MCUpdate | ID = 0
Description = 10:31:05 PM - Error connecting to the internet. 10:31:05 PM - Unable
to contact server..

Error - 23.03.2011 06:22:58 | Computer Name = teo-PC | Source = MCUpdate | ID = 0
Description = 12:22:57 PM - Error connecting to the internet. 12:22:57 PM - Unable
to contact server..

Error - 28.03.2011 06:08:57 | Computer Name = teo-PC | Source = MCUpdate | ID = 0
Description = 1:08:56 PM - Error connecting to the internet. 1:08:56 PM - Unable
to contact server..

[ OSession Events ]
Error - 11.03.2010 14:55:31 | Computer Name = teo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24.01.2013 13:37:59 | Computer Name = teo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 24.01.2013 13:38:29 | Computer Name = teo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Spooler service.

Error - 24.01.2013 13:39:17 | Computer Name = teo-PC | Source = Application Popup | ID = 875
Description = Driver sfsync02.sys has been blocked from loading.

Error - 24.01.2013 13:39:20 | Computer Name = teo-PC | Source = Application Popup | ID = 875
Description = Driver sfdrv01.sys has been blocked from loading.

Error - 24.01.2013 13:40:03 | Computer Name = teo-PC | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.

Error - 24.01.2013 13:41:43 | Computer Name = teo-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 24.01.2013 13:41:44 | Computer Name = teo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfdrv01 sfsync02

Error - 24.01.2013 13:42:02 | Computer Name = teo-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 24.01.2013 13:54:49 | Computer Name = teo-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 24.01.2013 14:54:40 | Computer Name = teo-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.


< End of report >




and OTL.txt

OTL logfile created on: 24.01.2013 19:02:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 66,39% Memory free
5,86 Gb Paging File | 4,73 Gb Available in Paging File | 80,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,23 Gb Total Space | 7,71 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
Drive D: | 265,85 Gb Total Space | 41,48 Gb Free Space | 15,60% Space Free | Partition Type: NTFS

Computer Name: TEO-PC | User Name: teo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.24 18:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teo\Desktop\OTL.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2010.12.17 17:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
PRC - [2010.11.01 13:03:14 | 000,139,088 | ---- | M] () -- C:\Program Files\ZTE Join Air\UIExec.exe
PRC - [2010.11.01 12:58:54 | 000,253,264 | ---- | M] () -- C:\Program Files\ZTE Join Air\AssistantServices.exe
PRC - [2010.06.28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.03.18 20:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2010.03.15 08:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010.03.11 08:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010.03.09 05:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010.01.22 06:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.07.14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.23 17:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2007.09.02 08:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.01.17 12:58:02 | 000,331,776 | ---- | M] () -- C:\Genius\BTCentre\gBTAutoScroll.exe
PRC - [2007.01.12 13:10:18 | 000,483,328 | ---- | M] (TODO: <Company name>) -- C:\Genius\BTCentre\gBTMouseTask.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.03.20 22:01:57 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3534.23515__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.03.20 22:01:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.03.20 22:01:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.03.20 22:01:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.03.20 22:01:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.03.20 22:01:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.03.20 22:01:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.03.20 22:01:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3534.23653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.03.20 22:01:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.03.20 22:01:42 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3534.23638__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.03.20 22:01:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.03.20 22:01:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.03.20 22:01:41 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3534.23535__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.03.20 22:01:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3534.23635__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.03.20 22:01:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3534.23514__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.03.20 22:01:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3534.23512__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.03.20 22:01:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.03.20 22:01:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.03.20 22:01:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3534.23521__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.03.20 22:01:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.03.20 22:01:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3534.23637__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.03.20 22:01:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3534.23511__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.03.20 18:51:50 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2010.12.17 17:13:00 | 000,049,664 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
MOD - [2010.12.17 17:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MOD - [2010.11.01 13:03:14 | 000,139,088 | ---- | M] () -- C:\Program Files\ZTE Join Air\UIExec.exe
MOD - [2009.12.12 13:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.07.14 04:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009.07.14 04:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 04:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 04:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 04:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 04:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 04:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 04:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2007.09.02 08:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 08:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007.01.17 12:58:02 | 000,331,776 | ---- | M] () -- C:\Genius\BTCentre\gBTAutoScroll.exe


========== Services (SafeList) ==========

SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.06 12:47:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.08.08 21:07:38 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.22 15:25:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010.11.01 12:58:54 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.06.25 16:04:53 | 000,068,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.03.18 20:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (CrypKey License)
SRV - [2010.03.15 08:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 08:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.02.19 10:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.22 06:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.07.14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 06:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.31 13:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 13:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | Disabled | Running] -- C:\Users\teo\AppData\Local\Temp\yetntfsp.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\teo\AppData\Local\Temp\TMK72A4.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awpk7ony)
DRV - [2012.12.03 13:02:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011.05.14 14:44:48 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.03.14 06:36:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.04.02 19:40:35 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010.03.29 07:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.03.18 23:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2010.02.24 10:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.06 07:49:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.02.06 07:49:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.08 14:39:12 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.09.27 07:46:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.27 13:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.13 23:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009.07.13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.04 14:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.05.26 02:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.02.24 16:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.08.26 06:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.03 13:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 13:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 13:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007.04.03 11:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus)
DRV - [2004.11.29 18:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004.11.25 16:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004.10.28 10:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{B344D934-D327-4015-AB9E-782627C2B1F5}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.privit...q={searchTerms}
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_EU
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{B344D934-D327-4015-AB9E-782627C2B1F5}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\SearchScopes\{DF1303B7-AC3E-445C-9BCE-0C0F4A2DDE30}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.privit...ize.com/?aff=7"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.privit....com/?aff=7&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\teo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\teo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 12:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 20:07:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 12:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 20:07:12 | 000,000,000 | ---D | M]

[2010.01.08 12:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teo\AppData\Roaming\Mozilla\Extensions
[2012.10.23 01:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teo\AppData\Roaming\Mozilla\Firefox\Profiles\ybdj3nci.default\extensions
[2011.12.04 19:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.06 12:47:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.10.03 20:08:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.26 00:25:58 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2013.01.24 17:57:52 | 000,000,019 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BTCentre] C:\Genius\BTCentre\gBTMouseTask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [jsafesurf] C:\Windows\Help32\safesurf.exe File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UIExec] C:\Program Files\ZTE Join Air\UIExec.exe ()
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [RssGqiad] C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingE1487] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\VPN.dll" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingE2379] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingE9687] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\uninstall.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\RunOnce: [SpybotDeletingF2321] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\VPN.dll" File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\RunOnce: [SpybotDeletingF6036] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe" File not found
O4 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000..\RunOnce: [SpybotDeletingF6109] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\PrivitizeVPN\uninstall.exe" File not found
O4 - Startup: C:\Users\teo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2549153393-2252973610-2979537789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\teo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{679460D6-8304-4CA2-B7C6-1826307D1971}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97EF9BAF-8912-42D7-AC59-C7F0361C7B07}: DhcpNameServer = 109.246.240.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97EF9BAF-8912-42D7-AC59-C7F0361C7B07}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) - C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{85fd23b3-dae5-11e0-9769-ee57e2403dae}\Shell - "" = AutoRun
O33 - MountPoints2\{85fd23b3-dae5-11e0-9769-ee57e2403dae}\Shell\AutoRun\command - "" = I:\Windows\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.01.24 18:55:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\teo\Desktop\OTL.exe
[2013.01.24 18:54:43 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\teo\Desktop\TDSSKiller.exe
[2013.01.24 17:55:14 | 000,000,000 | ---D | C] -- C:\Users\teo\Desktop\RK_Quarantine
[2013.01.23 23:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013.01.23 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.23 21:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.23 21:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.01.23 21:37:48 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.01.23 21:37:48 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.01.23 21:37:46 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.01.23 21:37:42 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.01.23 21:37:38 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.01.23 21:37:12 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.01.23 21:37:12 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2013.01.23 20:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.23 20:23:30 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Roaming\Malwarebytes
[2013.01.23 20:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.23 20:22:46 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\Programs
[2013.01.23 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.23 19:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.23 19:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2013.01.23 19:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2013.01.23 19:03:55 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\Avg2013
[2013.01.23 19:03:54 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\MFAData
[2013.01.23 18:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.01.23 16:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\teo\Desktop\*.tmp files -> C:\Users\teo\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\teo\*.tmp files -> C:\Users\teo\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.24 18:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000UA.job
[2013.01.24 18:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teo\Desktop\OTL.exe
[2013.01.24 18:19:58 | 005,419,212 | ---- | M] () -- C:\Users\teo\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013.01.24 18:10:26 | 001,897,963 | ---- | M] () -- C:\Users\teo\Desktop\MGtools.exe
[2013.01.24 18:09:38 | 000,635,864 | ---- | M] () -- C:\Users\teo\Desktop\cbsidlm-tr1_10a-HitmanPro_3_32bit-ORG-10895604.exe
[2013.01.24 18:07:18 | 002,193,345 | ---- | M] () -- C:\Users\teo\Desktop\tdsskiller.zip
[2013.01.24 17:57:52 | 000,000,019 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.24 17:53:15 | 000,768,512 | ---- | M] () -- C:\Users\teo\Desktop\RogueKiller.exe
[2013.01.24 17:48:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 17:48:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 17:41:07 | 000,002,268 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.24 17:39:41 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.01.24 17:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 17:39:27 | 2360,782,848 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.23 22:08:13 | 000,444,830 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2013.01.23 21:46:48 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 21:37:49 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.23 21:37:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.01.23 20:27:28 | 000,000,055 | ---- | M] () -- C:\Users\teo\AppData\Roaming\mbam.context.scan
[2013.01.23 17:34:25 | 000,101,160 | ---- | M] () -- C:\Users\teo\865126897.exe
[2013.01.23 16:38:32 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000Core.job
[2013.01.23 16:34:44 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013.01.22 17:57:29 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
[2013.01.20 14:56:48 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2013.01.17 11:36:27 | 000,080,617 | ---- | M] () -- C:\Users\teo\Desktop\Morningstar® Integrated Web Tools™ - High Low Prices.htm
[2013.01.13 17:16:12 | 003,766,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\teo\Desktop\*.tmp files -> C:\Users\teo\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\teo\*.tmp files -> C:\Users\teo\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.24 18:19:47 | 005,419,212 | ---- | C] () -- C:\Users\teo\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013.01.24 18:10:25 | 001,897,963 | ---- | C] () -- C:\Users\teo\Desktop\MGtools.exe
[2013.01.24 18:09:35 | 000,635,864 | ---- | C] () -- C:\Users\teo\Desktop\cbsidlm-tr1_10a-HitmanPro_3_32bit-ORG-10895604.exe
[2013.01.24 18:07:13 | 002,193,345 | ---- | C] () -- C:\Users\teo\Desktop\tdsskiller.zip
[2013.01.24 17:53:00 | 000,768,512 | ---- | C] () -- C:\Users\teo\Desktop\RogueKiller.exe
[2013.01.23 21:46:48 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 21:46:48 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 21:37:49 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.23 20:27:28 | 000,000,055 | ---- | C] () -- C:\Users\teo\AppData\Roaming\mbam.context.scan
[2013.01.23 17:43:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2013.01.23 17:34:25 | 000,101,160 | ---- | C] () -- C:\Users\teo\865126897.exe
[2013.01.23 16:34:44 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013.01.17 11:36:16 | 000,080,617 | ---- | C] () -- C:\Users\teo\Desktop\Morningstar® Integrated Web Tools™ - High Low Prices.htm
[2012.12.03 18:22:54 | 000,727,952 | ---- | C] () -- C:\Windows\System32\WSCM64.dll
[2012.12.03 18:22:54 | 000,159,120 | ---- | C] () -- C:\Windows\System32\WSCM32.dll
[2012.10.08 18:39:31 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssj1mlm.dll
[2012.06.30 09:28:47 | 000,002,268 | ---- | C] () -- C:\Windows\wininit.ini
[2012.06.19 12:48:47 | 000,000,093 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.07 04:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2012.02.24 13:38:53 | 000,003,584 | ---- | C] () -- C:\Users\teo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.14 19:07:24 | 000,000,132 | ---- | C] () -- C:\Users\teo\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.11.29 23:21:44 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011.11.17 19:04:58 | 000,000,059 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011.11.17 19:04:45 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011.11.17 19:04:45 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011.08.04 22:31:46 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011.04.23 17:26:08 | 000,001,456 | ---- | C] () -- C:\Users\teo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.04.22 21:23:35 | 000,000,027 | ---- | C] () -- C:\Users\teo\xStream_Render_Node.cfg
[2011.03.16 21:46:37 | 000,000,632 | RHS- | C] () -- C:\Users\teo\ntuser.pol
[2010.11.07 22:04:59 | 000,000,274 | ---- | C] () -- C:\Users\teo\FOX-Free Objects for Crystallography.ini
[2010.05.29 18:13:11 | 000,007,634 | ---- | C] () -- C:\Users\teo\AppData\Local\resmon.resmoncfg
[2010.04.02 19:43:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.03.10 09:36:54 | 000,033,861 | ---- | C] () -- C:\Users\teo\AppData\Roaming\SQLite3.dll

========== ZeroAccess Check ==========

[2009.07.14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.09.14 09:45:00 | 012,969,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009.07.14 01:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009.07.14 01:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
No service found with a name of ALG
SRV - [2009.07.14 01:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009.07.14 01:14:59 | 000,493,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009.07.14 01:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009.07.14 01:15:00 | 000,102,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2009.07.14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009.07.14 01:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009.07.14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 01:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 01:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV - [2009.07.14 01:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 01:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 01:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 01:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009.07.14 01:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 01:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009.07.14 01:16:17 | 000,294,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2009.07.14 01:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009.07.14 01:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 01:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009.07.14 01:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009.07.14 01:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 01:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009.07.14 01:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2009.07.14 01:16:15 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009.07.14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2009.07.14 01:16:13 | 000,743,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009.07.14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.08.01 22:18:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 01:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009.07.14 01:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009.07.14 01:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009.07.14 01:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009.07.14 01:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009.07.14 01:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV - [2009.07.14 01:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2009.07.14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 01:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009.07.14 01:16:21 | 001,912,832 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009.07.14 01:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 01:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009.07.14 01:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: SERVICES >
[2009.06.10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009.07.14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009.07.14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009.07.14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk
File not found Unable to obtain MD5 -- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
File not found Unable to obtain MD5 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009.07.14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009.07.14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009.07.14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009.07.13 21:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009.07.13 21:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2D4B33E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

#8
Essexboy
Posted 24 January 2013 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this one can be a bit of a beast to remove sometimes

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | Disabled | Running] -- C:\Users\teo\AppData\Local\Temp\yetntfsp.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awpk7ony)
O20 - HKLM Winlogon: UserInit - (C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe) - C:\Users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe File not found

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix Rename Combofix to Gotcha prior to running

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
castravete
Posted 24 January 2013 - 05:55 PM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Chrome works, Avast works apparently, windows firewall was turned on. User Account Control is back into my hands. Yahoo messenger also works. The pc moves fine and seems to be in good condition. I have attached the report from ComboFix. It seems to be a very powerful tool. After first reboot, couldn't open any browser. I rebooted again and the problem was fixed.

A million thanks for helping me. I will be able to finish my work in time now. What was the problem ? What type of malware did i encounter ?

Attached Files


  • 0

#10
Essexboy
Posted 25 January 2013 - 06:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For info you had Trojan-Dropper.Win32.Lebag.oub
This has a data stealing capability so I would recommend that you now change all your online passwords and monitor any online banking sites

This one went a bit easier than normal, after this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Files
c:\users\teo\AppData\Local\jmbtgiqm

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

Advertisements

#11
castravete
Posted 25 January 2013 - 05:42 PM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I will follow this steps and in 12hours i will post the results.
  • 0

#12
castravete
Posted 26 January 2013 - 06:56 AM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 26.01.2013 12:43:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\teo\Desktop\Repair Kit
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,98% Memory free
5,86 Gb Paging File | 4,00 Gb Available in Paging File | 68,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,23 Gb Total Space | 6,85 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 265,85 Gb Total Space | 53,20 Gb Free Space | 20,01% Space Free | Partition Type: NTFS

Computer Name: TEO-PC | User Name: teo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.24 18:56:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\teo\Desktop\Repair Kit\OTL.exe
PRC - [2010.12.17 17:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
PRC - [2010.11.01 13:03:14 | 000,139,088 | ---- | M] () -- C:\Program Files\ZTE Join Air\UIExec.exe
PRC - [2010.11.01 12:58:54 | 000,253,264 | ---- | M] () -- C:\Program Files\ZTE Join Air\AssistantServices.exe
PRC - [2010.06.28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.06.28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.03.18 20:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2010.03.15 08:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010.03.11 08:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010.03.09 05:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010.01.22 06:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.07.14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.09.02 08:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.01.17 12:58:02 | 000,331,776 | ---- | M] () -- C:\Genius\BTCentre\gBTAutoScroll.exe
PRC - [2007.01.12 13:10:18 | 000,483,328 | ---- | M] (TODO: <Company name>) -- C:\Genius\BTCentre\gBTMouseTask.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.18 08:07:02 | 012,459,472 | ---- | M] () -- C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013.01.18 08:07:02 | 000,460,240 | ---- | M] () -- C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013.01.18 08:07:01 | 004,012,496 | ---- | M] () -- C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013.01.18 08:06:15 | 000,597,968 | ---- | M] () -- C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013.01.18 08:06:15 | 000,124,368 | ---- | M] () -- C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013.01.18 08:06:13 | 001,552,848 | ---- | M] () -- C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2011.03.20 22:01:57 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3534.23515__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.03.20 22:01:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.03.20 22:01:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.03.20 22:01:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.03.20 22:01:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.03.20 22:01:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.03.20 22:01:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.03.20 22:01:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.03.20 22:01:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.03.20 22:01:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3534.23653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.03.20 22:01:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.03.20 22:01:42 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3534.23638__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.03.20 22:01:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.03.20 22:01:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.03.20 22:01:41 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3534.23535__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.03.20 22:01:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3534.23635__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.03.20 22:01:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3534.23514__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.03.20 22:01:41 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3534.23512__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.03.20 22:01:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.03.20 22:01:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.03.20 22:01:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3534.23521__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.03.20 22:01:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.03.20 22:01:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.03.20 22:01:40 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3534.23637__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.03.20 22:01:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3534.23511__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.12.17 17:13:00 | 000,049,664 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
MOD - [2010.12.17 17:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MOD - [2010.11.01 13:03:14 | 000,139,088 | ---- | M] () -- C:\Program Files\ZTE Join Air\UIExec.exe
MOD - [2009.12.12 13:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.07.14 04:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009.07.14 04:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 04:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 04:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 04:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 04:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 04:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 04:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2007.09.02 08:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 08:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007.01.17 12:58:02 | 000,331,776 | ---- | M] () -- C:\Genius\BTCentre\gBTAutoScroll.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.06 12:47:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.08.08 21:07:38 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.22 15:25:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010.11.01 12:58:54 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\ZTE Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.06.28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.25 16:04:53 | 000,068,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.03.18 20:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (CrypKey License)
SRV - [2010.03.15 08:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 08:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.02.19 10:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.22 06:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.07.14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.11.11 06:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.31 13:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 13:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\teo\AppData\Local\Temp\TMK72A4.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\teo\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.12.03 13:02:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2011.05.14 14:44:48 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.03.14 06:36:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010.06.28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.06.28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.06.28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.06.28 21:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.06.28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.02 19:40:35 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010.03.29 07:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.03.18 23:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2010.02.24 10:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.06 07:49:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.02.06 07:49:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.09.27 07:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.09.27 07:46:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.27 13:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.13 23:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009.07.13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.04 14:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.05.26 02:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009.02.24 16:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.08.26 06:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.03 13:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 13:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 13:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007.04.03 11:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus)
DRV - [2004.11.29 18:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004.11.25 16:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004.10.28 10:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{B344D934-D327-4015-AB9E-782627C2B1F5}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.privit...q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_EU
IE - HKCU\..\SearchScopes\{B344D934-D327-4015-AB9E-782627C2B1F5}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DF1303B7-AC3E-445C-9BCE-0C0F4A2DDE30}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.privit...ize.com/?aff=7"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.privit....com/?aff=7&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\teo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\teo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 12:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 20:07:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 12:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 20:07:12 | 000,000,000 | ---D | M]

[2010.01.08 12:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teo\AppData\Roaming\Mozilla\Extensions
[2012.10.23 01:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\teo\AppData\Roaming\Mozilla\Firefox\Profiles\ybdj3nci.default\extensions
[2011.12.04 19:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.06 12:47:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.10.03 20:08:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.26 00:25:58 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\teo\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\teo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\teo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\teo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: c\u0103utare Google = C:\Users\teo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\teo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: Gmail = C:\Users\teo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.01.25 23:44:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BTCentre] C:\Genius\BTCentre\gBTMouseTask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UIExec] C:\Program Files\ZTE Join Air\UIExec.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Welcome Center] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\teo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\teo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{679460D6-8304-4CA2-B7C6-1826307D1971}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97EF9BAF-8912-42D7-AC59-C7F0361C7B07}: DhcpNameServer = 109.246.240.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97EF9BAF-8912-42D7-AC59-C7F0361C7B07}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.25 23:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.25 23:56:58 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.24 23:55:56 | 000,000,000 | ---D | C] -- C:\Users\teo\Desktop\Repair Kit
[2013.01.24 23:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.01.24 23:51:48 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.01.24 23:51:47 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.01.24 23:51:44 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.01.24 23:51:41 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.01.24 23:51:32 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.01.24 23:51:02 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2013.01.24 23:51:01 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.01.24 23:39:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.24 23:32:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.01.24 23:30:27 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\temp
[2013.01.24 22:58:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.24 22:58:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.24 22:58:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.24 22:56:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.24 22:55:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.24 22:12:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.24 22:09:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.23 23:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013.01.23 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.23 21:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.23 20:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.23 20:23:30 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Roaming\Malwarebytes
[2013.01.23 20:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.23 20:22:46 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\Programs
[2013.01.23 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.23 19:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.01.23 19:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2013.01.23 19:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2013.01.23 19:03:55 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\Avg2013
[2013.01.23 19:03:54 | 000,000,000 | ---D | C] -- C:\Users\teo\AppData\Local\MFAData
[2013.01.23 18:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2 C:\Users\teo\Desktop\*.tmp files -> C:\Users\teo\Desktop\*.tmp -> ]
[1 C:\Users\teo\*.tmp files -> C:\Users\teo\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.26 12:39:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000UA.job
[2013.01.26 12:39:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.26 00:04:04 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.26 00:04:04 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 23:57:25 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.25 23:54:53 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.01.25 23:54:24 | 2360,782,848 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 23:44:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.01.25 15:22:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000Core.job
[2013.01.25 00:15:40 | 000,671,490 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.25 00:15:40 | 000,125,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.24 23:51:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.01.23 22:08:13 | 000,444,830 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2013.01.23 20:27:28 | 000,000,055 | ---- | M] () -- C:\Users\teo\AppData\Roaming\mbam.context.scan
[2013.01.22 17:57:29 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
[2013.01.17 11:36:27 | 000,080,617 | ---- | M] () -- C:\Users\teo\Desktop\Morningstar® Integrated Web Tools™ - High Low Prices.htm
[2013.01.13 17:16:12 | 003,766,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\teo\Desktop\*.tmp files -> C:\Users\teo\Desktop\*.tmp -> ]
[1 C:\Users\teo\*.tmp files -> C:\Users\teo\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.25 23:57:25 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.24 22:58:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.24 22:58:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.24 22:58:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.24 22:58:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.24 22:58:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.23 20:27:28 | 000,000,055 | ---- | C] () -- C:\Users\teo\AppData\Roaming\mbam.context.scan
[2013.01.23 17:43:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2013.01.17 11:36:16 | 000,080,617 | ---- | C] () -- C:\Users\teo\Desktop\Morningstar® Integrated Web Tools™ - High Low Prices.htm
[2012.12.03 18:22:54 | 000,727,952 | ---- | C] () -- C:\Windows\System32\WSCM64.dll
[2012.12.03 18:22:54 | 000,159,120 | ---- | C] () -- C:\Windows\System32\WSCM32.dll
[2012.10.08 18:39:31 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssj1mlm.dll
[2012.06.19 12:48:47 | 000,000,093 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.07 04:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2012.02.24 13:38:53 | 000,003,584 | ---- | C] () -- C:\Users\teo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.14 19:07:24 | 000,000,132 | ---- | C] () -- C:\Users\teo\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.11.29 23:21:44 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011.11.17 19:04:58 | 000,000,059 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011.11.17 19:04:45 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011.11.17 19:04:45 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011.08.04 22:31:46 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011.04.23 17:26:08 | 000,001,456 | ---- | C] () -- C:\Users\teo\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.04.22 21:23:35 | 000,000,027 | ---- | C] () -- C:\Users\teo\xStream_Render_Node.cfg
[2011.03.16 21:46:37 | 000,000,632 | RHS- | C] () -- C:\Users\teo\ntuser.pol
[2010.11.07 22:04:59 | 000,000,274 | ---- | C] () -- C:\Users\teo\FOX-Free Objects for Crystallography.ini
[2010.05.29 18:13:11 | 000,007,634 | ---- | C] () -- C:\Users\teo\AppData\Local\resmon.resmoncfg
[2010.04.02 19:43:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

========== ZeroAccess Check ==========

[2009.07.14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.09.14 09:45:00 | 012,969,984 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.12.03 13:03:57 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\AnvSoft
[2013.01.23 19:34:01 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\BitTorrent
[2011.11.25 23:46:39 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\BSplayer
[2011.11.25 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\BSplayer Pro
[2012.01.02 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\DAEMON Tools Pro
[2011.05.01 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.15 09:19:02 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Firefly Studios
[2010.10.23 09:01:08 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\fizzy
[2011.05.14 14:45:35 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\GetRightToGo
[2010.01.07 20:55:44 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\GrabPro
[2011.02.07 15:54:31 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\ImgBurn
[2011.08.31 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Lionhead Studios
[2012.09.04 19:49:39 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\LolClient
[2011.11.20 20:03:28 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\mojosoft
[2010.02.02 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Mount&Blade
[2012.10.30 22:56:25 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Mount&Blade Warband
[2012.10.30 22:56:25 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.09.06 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\My Games
[2010.01.08 05:20:18 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Notepad++
[2011.05.01 09:52:51 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Orbit
[2010.04.02 17:24:45 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\PC Suite
[2012.10.08 18:42:39 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Samsung
[2010.03.26 14:44:54 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Sierra Entertainment
[2011.10.24 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\The Creative Assembly
[2012.03.09 16:58:59 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Ubisoft
[2012.12.03 18:27:46 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Wondershare Video Converter Ultimate
[2010.08.21 18:41:45 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\Xilisoft Corporation
[2011.03.02 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\teo\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2D4B33E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >



Report from Malwarebytes


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.25.08

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
teo :: TEO-PC [administrator]

Protection: Disabled

26.01.2013 00:01:32
mbam-log-2013-01-26 (00-01-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214376
Time elapsed: 12 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Report from OTL - after reboot

All processes killed
========== FILES ==========
Folder move failed. c:\users\teo\AppData\Local\jmbtgiqm scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: teo
->Temp folder emptied: 720140 bytes
->Temporary Internet Files folder emptied: 50228130 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49665067 bytes
->Google Chrome cache emptied: 40659193 bytes
->Flash cache emptied: 1101 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01252013_234401

Files\Folders moved on Reboot...
c:\users\teo\AppData\Local\jmbtgiqm folder moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#13
Essexboy
Posted 26 January 2013 - 07:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now, any problems
  • 0

#14
castravete
Posted 26 January 2013 - 11:43 AM

castravete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I feel that everything is working all right. There are no more symptoms associated with the infection.
  • 0

#15
Essexboy
Posted 26 January 2013 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP