Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help me remove a virus [Closed] [Solved]

Started by docfxit , Jan 25 2013 09:38 AM

  • This topic is locked This topic is locked

#1
docfxit
Posted 25 January 2013 - 09:38 AM

docfxit

    Member

  • Member
  • PipPipPip
  • 102 posts
With Spy-the-Spy I see Bitdefender is quarantining a number of files many times every day. One is agent_setup.exe. The file doesn't show up in a search of the hard drive.
I have been trying to find what is creating this file and haven't had any luck. My Anti-Virus Bitdefender is up-to-date. I have updated Malwarebytes, rebooted into safe mode and run Malwarebytes. I have run a full Anti-Virus scan. I have updated and run Spybot.

OTL logfile created on: 1/24/2013 10:52:44 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dnload\SpywareRemovers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 28.59% Memory free
3.77 Gb Paging File | 2.29 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.66 Gb Free Space | 61.25% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 7.75 Gb Free Space | 11.05% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/24 22:52:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dnload\SpywareRemovers\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/24 16:32:54 | 000,225,552 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2012/12/17 08:47:02 | 000,019,968 | ---- | M] (Apache Software Foundation) -- C:\csvn\bin\httpd.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/29 00:27:38 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\plugin-container.exe
PRC - [2012/11/29 00:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/09/20 18:01:42 | 000,603,704 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2012/09/20 18:01:40 | 001,265,208 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/04/10 02:17:00 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/04/10 02:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/10/27 02:35:24 | 002,920,517 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/21 12:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 09:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/12 10:48:05 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/24 16:32:54 | 000,225,552 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2012/12/17 08:47:08 | 000,145,408 | ---- | M] () -- C:\csvn\lib\modules\mod_python.so
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/29 00:27:37 | 002,397,152 | ---- | M] () -- C:\Program Files\Firefox\mozjs.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:05:01 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:01:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/11/27 09:00:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/27 07:20:13 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2012/09/20 17:58:56 | 000,093,184 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2012/09/20 17:58:56 | 000,050,736 | R--- | M] () -- C:\Program Files\Soluto\PCGDeviceScanLib.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 09:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/12 03:24:49 | 000,174,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Java\jre7/bin/java.exe -- (CSVNConsole)
SRV - [2012/12/24 16:32:54 | 000,225,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012/12/17 08:47:02 | 000,019,968 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\csvn\bin\httpd.exe -- (CollabNetSubversionServer)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/23 21:54:04 | 002,033,400 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Program Files\ultravnc\winvnc.exe -- (uvnc_service)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/09/20 18:01:42 | 000,603,704 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/07/13 12:29:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/10 02:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/09/27 11:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 09:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/11/06 12:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\timntr.sys -- (timounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swvnic.sys -- (SWVNIC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Gary\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2012/12/24 16:34:12 | 000,016,656 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/20 17:58:44 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/05/17 08:14:29 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2012/05/03 13:40:40 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/04/10 02:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/09/01 22:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 22:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 22:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/01 22:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/01 22:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/13 10:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/11/06 12:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKCU\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012/12/17 10:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/01/18 17:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2012/12/31 16:00:02 | 000,000,162 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [atr.exe] File not found
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe (Individual Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk = C:\Program Files\SpyTheSpy\SpyTheSpy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.micr...dd/clearadj.CAB (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2013/01/20 20:58:25 | 000,000,000 | ---D | C] -- C:\CompChecker
[2013/01/18 06:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/01/17 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2013/01/17 14:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CollabNet Subversion Edge
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpyTheSpy
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyTheSpy
[2013/01/17 12:15:56 | 000,000,000 | ---D | C] -- C:\csvn
[2013/01/10 16:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/01/10 16:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/01/08 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/02 15:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2013/01/02 15:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\NCH Software Suite
[2013/01/02 15:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\NCH Software
[2012/12/31 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\WO Mic Client
[2012/12/31 20:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\WOMic
[2012/12/27 22:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\vanBasco's Karaoke Player
[2012/12/27 22:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Karaoke Player vanBasco's
[2012/12/26 21:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe

========== Files - Modified Within 30 Days ==========

[2013/01/24 20:09:13 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/24 07:24:16 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/22 20:25:04 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/01/22 20:23:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 13:59:40 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 12:14:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/21 10:50:40 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iDo Wedding Couple Edition.lnk
[2013/01/19 09:51:38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/18 09:33:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/01/18 06:52:01 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 17:55:43 | 000,003,216 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/01/17 17:46:22 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/01/17 12:50:57 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/17 10:41:39 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/01/10 16:16:37 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/03 17:55:18 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2013/01/02 15:47:54 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/31 16:00:02 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/28 11:58:24 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/12/27 22:26:37 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\vanBasco's Karaoke Player.lnk
[2012/12/27 22:26:36 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\vanBasco's Karaoke Player.lnk

========== Files Created - No Company Name ==========

[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:53:57 | 000,746,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2013/01/21 10:50:40 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iDo Wedding Couple Edition.lnk
[2013/01/18 06:52:01 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 12:50:57 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 16:16:37 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/08 10:10:42 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #2.lnk
[2013/01/08 10:10:33 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #3.lnk
[2013/01/08 10:10:30 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #4.lnk
[2013/01/08 10:10:27 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #5.lnk
[2013/01/02 15:44:34 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2013/01/02 15:44:34 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/27 22:26:37 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\vanBasco's Karaoke Player.lnk
[2012/12/27 22:26:36 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\vanBasco's Karaoke Player.lnk
[2012/12/24 16:33:14 | 000,055,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0404.dll
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0404.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0C0A.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0410.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0409.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0407.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0C0A.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0419.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0410.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0407.dll
[2012/12/05 08:28:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0411.dll
[2012/12/05 08:28:44 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0419.dll
[2012/12/05 08:28:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0804.dll
[2012/12/05 08:28:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0409.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0412.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0411.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0804.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0412.dll
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/09/24 07:21:03 | 000,197,659 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498655.bdinstall.bin
[2012/09/24 06:52:44 | 000,060,826 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498180.bdinstall.bin
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/13 10:13:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DDF800369E.sys
[2012/06/12 16:36:03 | 000,313,900 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1339543597.bdinstall.bin
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/06/01 10:12:21 | 000,369,332 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338566755.bdinstall.bin
[2012/06/01 07:04:50 | 000,098,465 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338562424.bdinstall.bin
[2012/06/01 06:31:24 | 000,366,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338559386.bdinstall.bin
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 16:46:01 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F96E50C605.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/24 16:51:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0DF62F3DE1.sys
[2012/04/20 21:05:05 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9D3D1C15A6.sys
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/29 19:53:44 | 000,444,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330569044.bdinstall.bin
[2012/02/29 17:35:50 | 000,139,870 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330559400.bdinstall.bin
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/27 19:02:35 | 000,171,164 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327718518.bdinstall.bin
[2012/01/27 16:23:43 | 000,302,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327708936.bdinstall.bin
[2012/01/27 09:20:01 | 000,617,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327682970.bdinstall.bin
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/12/17 09:15:18 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0782A18B0A.sys
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/25 13:17:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A4DABE9A09.sys
[2011/09/22 20:01:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/22 20:01:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/22 20:01:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/22 20:01:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/22 20:01:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/31 08:31:08 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\587E447A25.sys
[2011/08/26 08:54:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\51B05C58E0.sys
[2011/08/23 21:38:41 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1617EC5C27.sys
[2011/08/22 08:46:49 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\215AFABA7D.sys
[2011/08/15 11:31:05 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B21765FADC.sys
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/06/16 06:14:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D09F512B2C.sys
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/12 21:24:48 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/12 21:24:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ECB69BB7BF.sys
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\Ÿ9Ÿ9
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/01/24 07:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/10/29 08:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/11/28 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/10/29 07:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2012/11/20 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/01/24 17:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2012/10/29 07:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >


Thank you for looking at this for me.

Docfxit
  • 0

Advertisements

#2
godawgs
Posted 27 January 2013 - 02:51 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello docfxit, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

After you post the Extras.txt file, open OTL in the C:\Dnload\SpywareRemovers folder and click the CleanUp button. This will delete the OTL.exe file and all log files and folders created. OTL should be run from the Desktop of the drive with Windows on it.. Then download a fresh copy of OTL from here and save it to the desktop.

I am in the process of analyizing your logs. In the mean time I want you to run some additional scans.

Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-2.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (See the image below)

    Posted Image
  • Make sure the boxes under Objects to scan are checked like the image below.
  • In the Additionak options section, check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system. (See the image below)

    Posted Image
  • Click OK
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by clicking Report

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-3.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32 bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller.exe file and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Extras.txt log
2. The aswMBR log
3. The TDSSKiller log
4. The RKreport.txt log
  • 0

#3
docfxit
Posted 27 January 2013 - 05:16 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Thank you godawgs for taking my case. I'm happy to hear from you.

I have been reading your post. It starts out by asking me to post the Extras.txt file that OTL created. On my first run of OTL.exe it didn't create a file called Extras.txt. It did create a file called OTL.txt. I did post that on my first post. I don't think you need it again but I will post it again in the interest of following instructions.

OTL logfile created on: 1/24/2013 10:52:44 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dnload\SpywareRemovers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 28.59% Memory free
3.77 Gb Paging File | 2.29 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.66 Gb Free Space | 61.25% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 7.75 Gb Free Space | 11.05% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/24 22:52:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dnload\SpywareRemovers\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/24 16:32:54 | 000,225,552 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2012/12/17 08:47:02 | 000,019,968 | ---- | M] (Apache Software Foundation) -- C:\csvn\bin\httpd.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/29 00:27:38 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\plugin-container.exe
PRC - [2012/11/29 00:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/09/20 18:01:42 | 000,603,704 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2012/09/20 18:01:40 | 001,265,208 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/04/10 02:17:00 | 000,452,880 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/04/10 02:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/10/27 02:35:24 | 002,920,517 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/21 12:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 09:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/12 10:48:05 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/24 16:32:54 | 000,225,552 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2012/12/17 08:47:08 | 000,145,408 | ---- | M] () -- C:\csvn\lib\modules\mod_python.so
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/29 00:27:37 | 002,397,152 | ---- | M] () -- C:\Program Files\Firefox\mozjs.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:05:01 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:01:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/11/27 09:00:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/27 07:20:13 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2012/09/20 17:58:56 | 000,093,184 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2012/09/20 17:58:56 | 000,050,736 | R--- | M] () -- C:\Program Files\Soluto\PCGDeviceScanLib.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 09:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/12 03:24:49 | 000,174,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Java\jre7/bin/java.exe -- (CSVNConsole)
SRV - [2012/12/24 16:32:54 | 000,225,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012/12/17 08:47:02 | 000,019,968 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\csvn\bin\httpd.exe -- (CollabNetSubversionServer)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/23 21:54:04 | 002,033,400 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Program Files\ultravnc\winvnc.exe -- (uvnc_service)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/09/20 18:01:42 | 000,603,704 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/07/13 12:29:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/10 02:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/09/27 11:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 09:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/11/06 12:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\timntr.sys -- (timounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swvnic.sys -- (SWVNIC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Gary\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2012/12/24 16:34:12 | 000,016,656 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/20 17:58:44 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/05/17 08:14:29 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2012/05/03 13:40:40 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/04/10 02:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/09/01 22:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 22:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 22:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/01 22:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/01 22:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/13 10:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/11/06 12:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKCU\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012/12/17 10:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/01/18 17:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2012/12/31 16:00:02 | 000,000,162 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [atr.exe] File not found
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe (Individual Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk = C:\Program Files\SpyTheSpy\SpyTheSpy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.micr...dd/clearadj.CAB (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2013/01/20 20:58:25 | 000,000,000 | ---D | C] -- C:\CompChecker
[2013/01/18 06:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/01/17 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2013/01/17 14:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CollabNet Subversion Edge
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpyTheSpy
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyTheSpy
[2013/01/17 12:15:56 | 000,000,000 | ---D | C] -- C:\csvn
[2013/01/10 16:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/01/10 16:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/01/08 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/02 15:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2013/01/02 15:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\NCH Software Suite
[2013/01/02 15:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\NCH Software
[2012/12/31 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\WO Mic Client
[2012/12/31 20:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\WOMic
[2012/12/27 22:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\vanBasco's Karaoke Player
[2012/12/27 22:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Karaoke Player vanBasco's
[2012/12/26 21:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe

========== Files - Modified Within 30 Days ==========

[2013/01/24 20:09:13 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/24 07:24:16 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/22 20:25:04 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/01/22 20:23:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 13:59:40 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 12:14:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/21 10:50:40 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iDo Wedding Couple Edition.lnk
[2013/01/19 09:51:38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/18 09:33:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/01/18 06:52:01 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 17:55:43 | 000,003,216 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/01/17 17:46:22 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/01/17 12:50:57 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/17 10:41:39 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/01/10 16:16:37 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/03 17:55:18 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2013/01/02 15:47:54 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/31 16:00:02 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/28 11:58:24 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2012/12/27 22:26:37 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\vanBasco's Karaoke Player.lnk
[2012/12/27 22:26:36 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\vanBasco's Karaoke Player.lnk

========== Files Created - No Company Name ==========

[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:53:57 | 000,746,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2013/01/21 10:50:40 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iDo Wedding Couple Edition.lnk
[2013/01/18 06:52:01 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 12:50:57 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 16:16:37 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/08 10:10:42 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #2.lnk
[2013/01/08 10:10:33 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #3.lnk
[2013/01/08 10:10:30 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #4.lnk
[2013/01/08 10:10:27 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #5.lnk
[2013/01/02 15:44:34 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2013/01/02 15:44:34 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/27 22:26:37 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\vanBasco's Karaoke Player.lnk
[2012/12/27 22:26:36 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\vanBasco's Karaoke Player.lnk
[2012/12/24 16:33:14 | 000,055,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0404.dll
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0404.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0C0A.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0410.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0409.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0407.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0C0A.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0419.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0410.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0407.dll
[2012/12/05 08:28:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0411.dll
[2012/12/05 08:28:44 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0419.dll
[2012/12/05 08:28:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0804.dll
[2012/12/05 08:28:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0409.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0412.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0411.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0804.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0412.dll
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/09/24 07:21:03 | 000,197,659 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498655.bdinstall.bin
[2012/09/24 06:52:44 | 000,060,826 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498180.bdinstall.bin
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/13 10:13:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DDF800369E.sys
[2012/06/12 16:36:03 | 000,313,900 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1339543597.bdinstall.bin
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/06/01 10:12:21 | 000,369,332 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338566755.bdinstall.bin
[2012/06/01 07:04:50 | 000,098,465 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338562424.bdinstall.bin
[2012/06/01 06:31:24 | 000,366,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338559386.bdinstall.bin
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 16:46:01 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F96E50C605.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/24 16:51:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0DF62F3DE1.sys
[2012/04/20 21:05:05 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9D3D1C15A6.sys
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/29 19:53:44 | 000,444,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330569044.bdinstall.bin
[2012/02/29 17:35:50 | 000,139,870 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330559400.bdinstall.bin
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/27 19:02:35 | 000,171,164 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327718518.bdinstall.bin
[2012/01/27 16:23:43 | 000,302,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327708936.bdinstall.bin
[2012/01/27 09:20:01 | 000,617,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327682970.bdinstall.bin
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/12/17 09:15:18 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0782A18B0A.sys
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/25 13:17:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A4DABE9A09.sys
[2011/09/22 20:01:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/22 20:01:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/22 20:01:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/22 20:01:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/22 20:01:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/31 08:31:08 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\587E447A25.sys
[2011/08/26 08:54:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\51B05C58E0.sys
[2011/08/23 21:38:41 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1617EC5C27.sys
[2011/08/22 08:46:49 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\215AFABA7D.sys
[2011/08/15 11:31:05 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B21765FADC.sys
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/06/16 06:14:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D09F512B2C.sys
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/12 21:24:48 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/12 21:24:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ECB69BB7BF.sys
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\Ÿ9Ÿ9
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/01/24 07:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/10/29 08:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/11/28 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/10/29 07:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2012/11/20 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/01/24 17:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2012/10/29 07:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >

Thanks for helping me,

Docfxit.

I will continue following instructions now.
  • 0

#4
docfxit
Posted 27 January 2013 - 05:49 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-27 15:43:54
-----------------------------
15:43:54.359 OS Version: Windows 5.1.2600 Service Pack 3
15:43:54.359 Number of processors: 4 586 0x2502
15:43:54.359 ComputerName: DOCFXITLT UserName: Gary
15:43:55.171 Initialize success
15:44:31.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:44:31.562 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
15:44:31.593 Disk 0 MBR read successfully
15:44:31.609 Disk 0 MBR scan
15:44:31.625 Disk 0 Windows 7 default MBR code
15:44:31.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 205072 MB offset 63
15:44:31.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 71849 MB offset 419988240
15:44:31.718 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 200017 MB offset 567136256
15:44:31.734 Disk 0 scanning sectors +976771072
15:44:31.828 Disk 0 scanning C:\WINDOWS\system32\drivers
15:44:40.734 Service scanning
15:44:55.437 Modules scanning
15:45:01.765 Disk 0 trace - called modules:
15:45:01.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:45:01.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa4eab8]
15:45:01.812 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\000000c2[0x8aa5ff18]
15:45:01.828 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa52940]
15:45:01.843 Scan finished successfully
15:47:00.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\MBR.dat"
15:47:00.656 The log file has been saved successfully to "C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\aswMBR.txt"
  • 0

#5
docfxit
Posted 27 January 2013 - 05:56 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
15:50:29.0812 5104 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:50:30.0359 5104 ============================================================
15:50:30.0359 5104 Current date / time: 2013/01/27 15:50:30.0359
15:50:30.0359 5104 SystemInfo:
15:50:30.0359 5104
15:50:30.0359 5104 OS Version: 5.1.2600 ServicePack: 3.0
15:50:30.0359 5104 Product type: Workstation
15:50:30.0359 5104 ComputerName: DOCFXITLT
15:50:30.0359 5104 UserName: Gary
15:50:30.0359 5104 Windows directory: C:\WINDOWS
15:50:30.0359 5104 System windows directory: C:\WINDOWS
15:50:30.0359 5104 Processor architecture: Intel x86
15:50:30.0359 5104 Number of processors: 4
15:50:30.0359 5104 Page size: 0x1000
15:50:30.0359 5104 Boot type: Normal boot
15:50:30.0359 5104 ============================================================
15:50:31.0390 5104 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:50:31.0390 5104 ============================================================
15:50:31.0390 5104 \Device\Harddisk0\DR0:
15:50:31.0390 5104 MBR partitions:
15:50:31.0390 5104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x190882D1
15:50:31.0390 5104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19088310, BlocksNum 0x8C54C40
15:50:31.0390 5104 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21CDD000, BlocksNum 0x186A8800
15:50:31.0390 5104 ============================================================
15:50:31.0421 5104 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:31.0453 5104 D: <-> \Device\Harddisk0\DR0\Partition3
15:50:31.0500 5104 F: <-> \Device\Harddisk0\DR0\Partition2
15:50:31.0500 5104 ============================================================
15:50:31.0500 5104 Initialize success
15:50:31.0500 5104 ============================================================
15:51:10.0296 5184 ============================================================
15:51:10.0296 5184 Scan started
15:51:10.0296 5184 Mode: Manual; SigCheck; TDLFS;
15:51:10.0296 5184 ============================================================
15:51:10.0625 5184 ================ Scan system memory ========================
15:51:11.0218 5184 System memory - ok
15:51:11.0218 5184 ================ Scan services =============================
15:51:11.0359 5184 [ A6FF6799B541BACB73C69269F4BF326D ] 5U877 C:\WINDOWS\system32\DRIVERS\5U877.sys
15:51:11.0640 5184 5U877 - ok
15:51:11.0640 5184 Abiosdsk - ok
15:51:11.0656 5184 abp480n5 - ok
15:51:11.0687 5184 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:51:11.0906 5184 ACPI - ok
15:51:11.0921 5184 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:51:12.0031 5184 ACPIEC - ok
15:51:12.0062 5184 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
15:51:12.0078 5184 adfs - ok
15:51:12.0078 5184 adpu160m - ok
15:51:12.0078 5184 aeaudio - ok
15:51:12.0109 5184 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:51:12.0250 5184 aec - ok
15:51:12.0265 5184 [ 2722F2BEDF14C4F7A2EBB4B468892F68 ] AEIWL C:\WINDOWS\system32\DRIVERS\AEIWLNDS.sys
15:51:12.0296 5184 AEIWL - ok
15:51:12.0328 5184 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:51:12.0343 5184 AFD - ok
15:51:12.0390 5184 [ 9B0295DDE5E9DE149593B5279353DBEB ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:51:12.0437 5184 AgereSoftModem ( UnsignedFile.Multi.Generic ) - warning
15:51:12.0437 5184 AgereSoftModem - detected UnsignedFile.Multi.Generic (1)
15:51:12.0453 5184 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:51:12.0593 5184 agp440 - ok
15:51:12.0593 5184 Aha154x - ok
15:51:12.0593 5184 aic78u2 - ok
15:51:12.0609 5184 aic78xx - ok
15:51:12.0640 5184 [ CB5A5079744A0535416D3A5E462C5EFE ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
15:51:12.0687 5184 aksfridge - ok
15:51:12.0718 5184 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:51:12.0875 5184 Alerter - ok
15:51:12.0890 5184 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:51:13.0031 5184 ALG - ok
15:51:13.0031 5184 AliIde - ok
15:51:13.0046 5184 amsint - ok
15:51:13.0062 5184 [ D1FC4AC47A26D5B666654258126540D9 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
15:51:13.0062 5184 AnyDVD ( UnsignedFile.Multi.Generic ) - warning
15:51:13.0062 5184 AnyDVD - detected UnsignedFile.Multi.Generic (1)
15:51:13.0125 5184 [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
15:51:13.0125 5184 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
15:51:13.0125 5184 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
15:51:13.0156 5184 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:51:13.0296 5184 AppMgmt - ok
15:51:13.0312 5184 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:51:13.0437 5184 Arp1394 - ok
15:51:13.0453 5184 asc - ok
15:51:13.0453 5184 asc3350p - ok
15:51:13.0453 5184 asc3550 - ok
15:51:13.0546 5184 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:51:13.0562 5184 aspnet_state - ok
15:51:13.0578 5184 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:51:13.0718 5184 AsyncMac - ok
15:51:13.0750 5184 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:51:13.0890 5184 atapi - ok
15:51:13.0890 5184 Atdisk - ok
15:51:13.0921 5184 [ BF997DFD2969902D9F7B983C1BA95811 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:51:13.0937 5184 Ati HotKey Poller - ok
15:51:13.0984 5184 [ 5719F857136EE618F6EC7A5CCD9FB7AB ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:51:14.0062 5184 ati2mtag - ok
15:51:14.0078 5184 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:51:14.0218 5184 Atmarpc - ok
15:51:14.0250 5184 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:51:14.0390 5184 AudioSrv - ok
15:51:14.0406 5184 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:51:14.0531 5184 audstub - ok
15:51:14.0546 5184 [ 9AD5AA947569DB289CE81B1B1D47BA00 ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
15:51:14.0609 5184 avc3 - ok
15:51:14.0640 5184 [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv C:\WINDOWS\system32\DRIVERS\avchv.sys
15:51:14.0656 5184 avchv - ok
15:51:14.0703 5184 [ 44A93102C687D6A491902F52B60CD4D2 ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
15:51:14.0734 5184 avckf - ok
15:51:14.0765 5184 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
15:51:14.0765 5184 BANTExt ( UnsignedFile.Multi.Generic ) - warning
15:51:14.0765 5184 BANTExt - detected UnsignedFile.Multi.Generic (1)
15:51:14.0781 5184 [ 5EF7AC38B4A7DC80860D7FFAFAC78C36 ] bdfsfltr C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
15:51:14.0796 5184 bdfsfltr - ok
15:51:14.0859 5184 [ F7D825F7E47D8A7865F5D2156B1B7A24 ] bdftdif C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
15:51:14.0875 5184 bdftdif - ok
15:51:14.0906 5184 [ E260C0079B5C1107B87E98F356292004 ] bdsandbox C:\WINDOWS\system32\drivers\bdsandbox.sys
15:51:14.0906 5184 bdsandbox - ok
15:51:14.0937 5184 [ A9A33963C8358979827D1A75B20C0423 ] bdselfpr C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys
15:51:14.0968 5184 bdselfpr - ok
15:51:14.0984 5184 [ 375CD0B9F433465EC6F50D4DF44E9448 ] BDVEDISK C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
15:51:15.0000 5184 BDVEDISK - ok
15:51:15.0031 5184 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:51:15.0156 5184 Beep - ok
15:51:15.0187 5184 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:51:15.0406 5184 BITS - ok
15:51:15.0421 5184 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:51:15.0453 5184 Browser - ok
15:51:15.0484 5184 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
15:51:15.0500 5184 btaudio - ok
15:51:15.0515 5184 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
15:51:15.0531 5184 BTDriver - ok
15:51:15.0578 5184 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:51:15.0625 5184 BTKRNL - ok
15:51:15.0687 5184 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
15:51:15.0718 5184 btwdins - ok
15:51:15.0734 5184 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:51:15.0750 5184 BTWDNDIS - ok
15:51:15.0765 5184 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
15:51:15.0781 5184 btwhid - ok
15:51:15.0796 5184 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
15:51:15.0796 5184 BTWUSB - ok
15:51:15.0812 5184 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:51:15.0953 5184 cbidf2k - ok
15:51:15.0968 5184 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:51:16.0109 5184 CCDECODE - ok
15:51:16.0125 5184 cd20xrnt - ok
15:51:16.0125 5184 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:51:16.0265 5184 Cdaudio - ok
15:51:16.0281 5184 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:51:16.0437 5184 Cdfs - ok
15:51:16.0484 5184 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:51:16.0640 5184 Cdrom - ok
15:51:16.0640 5184 Changer - ok
15:51:16.0812 5184 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
15:51:16.0984 5184 cisvc - ok
15:51:17.0078 5184 [ 6C99DE57C87D6F3EE85998A7E49F7BF9 ] CLDTVHNService C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
15:51:17.0093 5184 CLDTVHNService - ok
15:51:17.0125 5184 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:51:17.0281 5184 ClipSrv - ok
15:51:17.0312 5184 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:17.0328 5184 clr_optimization_v2.0.50727_32 - ok
15:51:17.0343 5184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:17.0359 5184 clr_optimization_v4.0.30319_32 - ok
15:51:17.0390 5184 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:51:17.0546 5184 CmBatt - ok
15:51:17.0546 5184 CmdIde - ok
15:51:17.0593 5184 [ CCE576878D626AE07F6932DF57503CED ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys
15:51:17.0671 5184 CnxtHdAudService - ok
15:51:17.0718 5184 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:51:17.0859 5184 Compbatt - ok
15:51:17.0859 5184 COMSysApp - ok
15:51:17.0875 5184 Cpqarray - ok
15:51:17.0906 5184 [ 96EBCE6B6579A4AAC2C5A82F93CA3A52 ] CprDrvr C:\WINDOWS\system32\DRIVERS\CprDrvr.sys
15:51:17.0921 5184 CprDrvr - ok
15:51:17.0953 5184 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:51:17.0968 5184 cpudrv - ok
15:51:17.0984 5184 [ 743C403D20A89DB5ED84C874768B7119 ] cpuz133 C:\WINDOWS\system32\drivers\cpuz133_x32.sys
15:51:18.0000 5184 cpuz133 - ok
15:51:18.0015 5184 cpuz135 - ok
15:51:18.0015 5184 cpuz136 - ok
15:51:18.0031 5184 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:51:18.0171 5184 CryptSvc - ok
15:51:18.0187 5184 [ 9149AE69296322678AE3AD5D2BFB88BC ] CV2K1 C:\WINDOWS\system32\DRIVERS\cv2k1.sys
15:51:18.0203 5184 CV2K1 - ok
15:51:18.0234 5184 [ 57015A01DFE25DB151C0CD5A548B796F ] Cwbrxd C:\WINDOWS\CWBRXD.EXE
15:51:18.0234 5184 Cwbrxd ( UnsignedFile.Multi.Generic ) - warning
15:51:18.0234 5184 Cwbrxd - detected UnsignedFile.Multi.Generic (1)
15:51:18.0234 5184 dac2w2k - ok
15:51:18.0250 5184 dac960nt - ok
15:51:18.0281 5184 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:51:18.0468 5184 DcomLaunch - ok
15:51:18.0484 5184 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:51:18.0640 5184 Dhcp - ok
15:51:18.0656 5184 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:51:18.0796 5184 Disk - ok
15:51:18.0812 5184 dmadmin - ok
15:51:18.0812 5184 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:51:19.0000 5184 dmboot - ok
15:51:19.0000 5184 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
15:51:19.0156 5184 dmio - ok
15:51:19.0156 5184 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:51:19.0281 5184 dmload - ok
15:51:19.0312 5184 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:51:19.0437 5184 dmserver - ok
15:51:19.0453 5184 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:51:19.0609 5184 DMusic - ok
15:51:19.0609 5184 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
15:51:19.0625 5184 DNE - ok
15:51:19.0640 5184 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:51:19.0656 5184 Dnscache - ok
15:51:19.0687 5184 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:51:19.0828 5184 Dot3svc - ok
15:51:19.0828 5184 dpti2o - ok
15:51:19.0843 5184 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:51:19.0968 5184 drmkaud - ok
15:51:20.0000 5184 DUMeterSvc - ok
15:51:20.0015 5184 [ FAE8B6B311F898DF3D19BC638E980CA5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:51:20.0062 5184 E100B - ok
15:51:20.0093 5184 [ 361F5D93D53B46E34EF1823259C37328 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
15:51:20.0109 5184 e1kexpress - ok
15:51:20.0125 5184 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:51:20.0265 5184 EapHost - ok
15:51:20.0281 5184 [ FADE3C8099D7570C090738453D29123E ] EGATHDRV C:\WINDOWS\System32\EGATHDRV.SYS
15:51:20.0296 5184 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
15:51:20.0296 5184 EGATHDRV - detected UnsignedFile.Multi.Generic (1)
15:51:20.0328 5184 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:51:20.0468 5184 ERSvc - ok
15:51:20.0500 5184 [ C2370B7A25174C0FB8FB10A19E091B46 ] EterlogicVirtualSerialDriver C:\WINDOWS\system32\drivers\VSPE.sys
15:51:20.0500 5184 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - warning
15:51:20.0500 5184 EterlogicVirtualSerialDriver - detected UnsignedFile.Multi.Generic (1)
15:51:20.0531 5184 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:51:20.0562 5184 Eventlog - ok
15:51:20.0593 5184 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:51:20.0625 5184 EventSystem - ok
15:51:20.0703 5184 [ 7635B73FEC87F78E3A2D7ABAA5AC89B0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:51:20.0750 5184 EvtEng - ok
15:51:20.0781 5184 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:51:20.0921 5184 Fastfat - ok
15:51:20.0953 5184 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:51:21.0000 5184 FastUserSwitchingCompatibility - ok
15:51:21.0015 5184 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:51:21.0156 5184 Fdc - ok
15:51:21.0156 5184 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:51:21.0296 5184 Fips - ok
15:51:21.0359 5184 [ C87B91DC6C2E3965B107FCC9985DA1E4 ] FJTWMKSV C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
15:51:21.0359 5184 FJTWMKSV ( UnsignedFile.Multi.Generic ) - warning
15:51:21.0359 5184 FJTWMKSV - detected UnsignedFile.Multi.Generic (1)
15:51:21.0406 5184 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:51:21.0468 5184 FLEXnet Licensing Service - ok
15:51:21.0468 5184 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:51:21.0625 5184 Flpydisk - ok
15:51:21.0625 5184 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:51:21.0765 5184 FltMgr - ok
15:51:21.0828 5184 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:51:21.0843 5184 FontCache3.0.0.0 - ok
15:51:21.0859 5184 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:51:21.0984 5184 Fs_Rec - ok
15:51:22.0000 5184 [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
15:51:22.0015 5184 FTDIBUS - ok
15:51:22.0046 5184 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:51:22.0171 5184 Ftdisk - ok
15:51:22.0187 5184 [ 678A73F56DDF84A08C31123C386E9967 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
15:51:22.0187 5184 FTSER2K - ok
15:51:22.0203 5184 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
15:51:22.0203 5184 giveio ( UnsignedFile.Multi.Generic ) - warning
15:51:22.0203 5184 giveio - detected UnsignedFile.Multi.Generic (1)
15:51:22.0218 5184 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:51:22.0343 5184 Gpc - ok
15:51:22.0390 5184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:51:22.0406 5184 gupdate - ok
15:51:22.0406 5184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:51:22.0421 5184 gupdatem - ok
15:51:22.0453 5184 [ 9DE9A7A19195C57EF38B4EE25422F2D7 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
15:51:22.0484 5184 Hardlock - ok
15:51:22.0500 5184 hasplms - ok
15:51:22.0515 5184 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
15:51:22.0531 5184 Haspnt ( UnsignedFile.Multi.Generic ) - warning
15:51:22.0531 5184 Haspnt - detected UnsignedFile.Multi.Generic (1)
15:51:22.0546 5184 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:51:22.0687 5184 HDAudBus - ok
15:51:22.0703 5184 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
15:51:22.0750 5184 HECI - ok
15:51:22.0796 5184 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:51:22.0937 5184 helpsvc - ok
15:51:22.0968 5184 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:51:23.0109 5184 HidServ - ok
15:51:23.0140 5184 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:51:23.0281 5184 HidUsb - ok
15:51:23.0312 5184 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:51:23.0437 5184 hkmsvc - ok
15:51:23.0468 5184 [ EA86B5A4909002DF55441D20B9401522 ] hmonitor C:\WINDOWS\system32\drivers\hmonitor.sys
15:51:23.0468 5184 hmonitor ( UnsignedFile.Multi.Generic ) - warning
15:51:23.0468 5184 hmonitor - detected UnsignedFile.Multi.Generic (1)
15:51:23.0468 5184 hpn - ok
15:51:23.0484 5184 hpt3xx - ok
15:51:23.0500 5184 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:51:23.0546 5184 HPZid412 - ok
15:51:23.0562 5184 [ 0D13842210353435FC1FB35CA7807644 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:51:23.0593 5184 HSFHWAZL - ok
15:51:23.0609 5184 [ 8BC605518B1052DB7011E5C4CC8417BF ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:51:23.0671 5184 HSF_DPV - ok
15:51:23.0703 5184 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:51:23.0718 5184 HTTP - ok
15:51:23.0750 5184 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:51:23.0890 5184 HTTPFilter - ok
15:51:23.0890 5184 HWiNFO32 - ok
15:51:23.0906 5184 [ 448BB2FE30F1DDE9EAA4F0E87B52B687 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys
15:51:23.0906 5184 hwinterface ( UnsignedFile.Multi.Generic ) - warning
15:51:23.0906 5184 hwinterface - detected UnsignedFile.Multi.Generic (1)
15:51:23.0921 5184 i2omgmt - ok
15:51:23.0921 5184 i2omp - ok
15:51:23.0953 5184 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:51:24.0093 5184 i8042prt - ok
15:51:24.0125 5184 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\WINDOWS\system32\Drivers\iaStor.sys
15:51:24.0156 5184 iaStor - ok
15:51:24.0187 5184 [ FA3D0A6DA7BB7968EFE5C5BC267F0E55 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:51:24.0187 5184 IBMPMDRV - ok
15:51:24.0218 5184 [ 495F184A29B80B51735BCEE91D84FE8F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
15:51:24.0218 5184 IBMPMSVC - ok
15:51:24.0265 5184 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:51:24.0281 5184 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:51:24.0281 5184 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:51:24.0312 5184 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:51:24.0375 5184 idsvc - ok
15:51:24.0390 5184 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:51:24.0531 5184 Imapi - ok
15:51:24.0562 5184 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:51:24.0703 5184 ImapiService - ok
15:51:24.0718 5184 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys
15:51:24.0750 5184 Impcd - ok
15:51:24.0750 5184 ini910u - ok
15:51:24.0781 5184 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:51:24.0921 5184 IntelIde - ok
15:51:24.0937 5184 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:51:25.0062 5184 intelppm - ok
15:51:25.0140 5184 [ D057DF46B913AC54200DFD0EDB2909CE ] Intuit Entitlement Service v6.0 C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
15:51:25.0140 5184 Intuit Entitlement Service v6.0 ( UnsignedFile.Multi.Generic ) - warning
15:51:25.0140 5184 Intuit Entitlement Service v6.0 - detected UnsignedFile.Multi.Generic (1)
15:51:25.0187 5184 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
15:51:25.0203 5184 IntuitUpdateService - ok
15:51:25.0218 5184 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:51:25.0234 5184 IntuitUpdateServiceV4 - ok
15:51:25.0234 5184 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:51:25.0359 5184 ip6fw - ok
15:51:25.0375 5184 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:51:25.0484 5184 IpFilterDriver - ok
15:51:25.0500 5184 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:51:25.0625 5184 IpInIp - ok
15:51:25.0656 5184 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:51:25.0781 5184 IpNat - ok
15:51:25.0796 5184 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:51:25.0937 5184 IPSec - ok
15:51:25.0937 5184 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
15:51:26.0062 5184 irda - ok
15:51:26.0078 5184 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:51:26.0203 5184 IRENUM - ok
15:51:26.0234 5184 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
15:51:26.0359 5184 Irmon - ok
15:51:26.0375 5184 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:51:26.0515 5184 isapnp - ok
15:51:26.0562 5184 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:51:26.0578 5184 JavaQuickStarterService - ok
15:51:26.0593 5184 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:51:26.0734 5184 Kbdclass - ok
15:51:26.0734 5184 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:51:26.0875 5184 kbdhid - ok
15:51:26.0890 5184 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:51:27.0015 5184 kmixer - ok
15:51:27.0046 5184 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:51:27.0062 5184 KSecDD - ok
15:51:27.0093 5184 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:51:27.0125 5184 lanmanserver - ok
15:51:27.0140 5184 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:51:27.0171 5184 lanmanworkstation - ok
15:51:27.0187 5184 [ 12E54181D584F72296FD6EC72309BD94 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:51:27.0203 5184 LBeepKE - ok
15:51:27.0203 5184 lbrtfdc - ok
15:51:27.0265 5184 [ 54581F1B8A4B517040AD316E5C430A2C ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:51:27.0281 5184 LBTServ - ok
15:51:27.0328 5184 [ 8B5EB24FCE3926128138B769D50CEE1B ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
15:51:27.0343 5184 LENOVO.CAMMUTE - ok
15:51:27.0359 5184 [ 128158D8B1DF639BF3E3FDBCBB64CDAC ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:51:27.0375 5184 LENOVO.MICMUTE - ok
15:51:27.0406 5184 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
15:51:27.0406 5184 lenovo.smi - ok
15:51:27.0437 5184 [ 2A727534372EDE8C0A4EDB1F037A44BF ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:51:27.0437 5184 LEqdUsb - ok
15:51:27.0453 5184 [ 9C694DFC271AC043E4FA8DDF8BB4C57E ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:51:27.0468 5184 LHidEqd - ok
15:51:27.0484 5184 [ 5001C2B3557B53DED02ABED3BCC6FD2D ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:51:27.0500 5184 LHidFilt - ok
15:51:27.0531 5184 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:51:27.0656 5184 LmHosts - ok
15:51:27.0703 5184 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
15:51:27.0734 5184 LMIGuardianSvc - ok
15:51:27.0765 5184 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
15:51:27.0765 5184 LMIInfo - ok
15:51:27.0796 5184 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
15:51:27.0812 5184 LMIMaint - ok
15:51:27.0843 5184 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
15:51:27.0859 5184 lmimirr - ok
15:51:27.0859 5184 LMIRfsClientNP - ok
15:51:27.0875 5184 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
15:51:27.0890 5184 LMIRfsDriver - ok
15:51:27.0906 5184 [ 3AD9369E5D17014971A11728F198994C ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:51:27.0906 5184 LMouFilt - ok
15:51:27.0968 5184 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:51:27.0984 5184 LMS - ok
15:51:28.0015 5184 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
15:51:28.0046 5184 LogMeIn - ok
15:51:28.0078 5184 [ A8E911E5B3F36080C71D30239D137A1A ] mamotou C:\WINDOWS\system32\DRIVERS\mamotou.sys
15:51:28.0093 5184 mamotou ( UnsignedFile.Multi.Generic ) - warning
15:51:28.0093 5184 mamotou - detected UnsignedFile.Multi.Generic (1)
15:51:28.0125 5184 [ 1B467FB39D6EE0E7F1970EEE5FC07121 ] MaVctrl C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
15:51:28.0125 5184 MaVctrl ( UnsignedFile.Multi.Generic ) - warning
15:51:28.0125 5184 MaVctrl - detected UnsignedFile.Multi.Generic (1)
15:51:28.0140 5184 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:51:28.0171 5184 mdmxsdk - ok
15:51:28.0187 5184 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:51:28.0312 5184 Messenger - ok
15:51:28.0343 5184 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:51:28.0453 5184 mnmdd - ok
15:51:28.0484 5184 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:51:28.0609 5184 mnmsrvc - ok
15:51:28.0609 5184 MNSFramework - ok
15:51:28.0625 5184 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:51:28.0765 5184 Modem - ok
15:51:28.0765 5184 motccgp - ok
15:51:28.0781 5184 motccgpfl - ok
15:51:28.0796 5184 MotDev - ok
15:51:28.0796 5184 motmodem - ok
15:51:28.0812 5184 motport - ok
15:51:28.0843 5184 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:51:28.0968 5184 Mouclass - ok
15:51:29.0046 5184 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:51:29.0156 5184 mouhid - ok
15:51:29.0171 5184 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:51:29.0312 5184 MountMgr - ok
15:51:29.0312 5184 mraid35x - ok
15:51:29.0328 5184 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:51:29.0453 5184 MRxDAV - ok
15:51:29.0484 5184 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:51:29.0515 5184 MRxSmb - ok
15:51:29.0546 5184 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:51:29.0671 5184 MSDTC - ok
15:51:29.0703 5184 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:51:29.0828 5184 Msfs - ok
15:51:29.0828 5184 MSIServer - ok
15:51:29.0843 5184 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:51:30.0000 5184 MSKSSRV - ok
15:51:30.0000 5184 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:51:30.0156 5184 MSPCLOCK - ok
15:51:30.0171 5184 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:51:30.0312 5184 MSPQM - ok
15:51:30.0328 5184 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:51:30.0468 5184 mssmbios - ok
15:51:30.0468 5184 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:51:30.0609 5184 MSTEE - ok
15:51:30.0640 5184 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\WINDOWS\system32\drivers\povrtdev.sys
15:51:30.0656 5184 msvad_simple - ok
15:51:30.0671 5184 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:51:30.0687 5184 Mup - ok
15:51:30.0718 5184 [ DF934C2600AA8DED283BE4BC10E4B34F ] mv2 C:\WINDOWS\system32\DRIVERS\mv2.sys
15:51:30.0734 5184 mv2 - ok
15:51:30.0750 5184 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:51:30.0921 5184 NABTSFEC - ok
15:51:30.0953 5184 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:51:31.0125 5184 napagent - ok
15:51:31.0140 5184 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:51:31.0296 5184 NDIS - ok
15:51:31.0328 5184 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:51:31.0500 5184 NdisIP - ok
15:51:31.0515 5184 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:51:31.0546 5184 NdisTapi - ok
15:51:31.0578 5184 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:51:31.0734 5184 Ndisuio - ok
15:51:31.0734 5184 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:51:31.0875 5184 NdisWan - ok
15:51:31.0906 5184 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:51:31.0921 5184 NDProxy - ok
15:51:31.0984 5184 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:51:32.0000 5184 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:51:32.0000 5184 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:51:32.0031 5184 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:51:32.0187 5184 NetBIOS - ok
15:51:32.0218 5184 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:51:32.0390 5184 NetBT - ok
15:51:32.0421 5184 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:51:32.0593 5184 NetDDE - ok
15:51:32.0593 5184 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:51:32.0734 5184 NetDDEdsdm - ok
15:51:32.0750 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:51:32.0921 5184 Netlogon - ok
15:51:32.0968 5184 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:51:33.0109 5184 Netman - ok
15:51:33.0312 5184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:51:33.0328 5184 NetTcpPortSharing - ok
15:51:33.0765 5184 [ 731019BFF8E22E19A9A8857C3452F57C ] NETwNx32 C:\WINDOWS\system32\DRIVERS\Netwxn00.sys
15:51:35.0937 5184 NETwNx32 - ok
15:51:35.0953 5184 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:51:36.0093 5184 NIC1394 - ok
15:51:36.0140 5184 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:51:36.0203 5184 Nla - ok
15:51:36.0250 5184 [ C8F536FB328AFE64A7F18BBFC00B10EE ] nlsvc C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
15:51:36.0343 5184 nlsvc ( UnsignedFile.Multi.Generic ) - warning
15:51:36.0343 5184 nlsvc - detected UnsignedFile.Multi.Generic (1)
15:51:36.0359 5184 [ 3EE27BCFF781F07A12DF75E8BE852B0E ] nltdi C:\WINDOWS\system32\drivers\nltdi.sys
15:51:36.0406 5184 nltdi ( UnsignedFile.Multi.Generic ) - warning
15:51:36.0406 5184 nltdi - detected UnsignedFile.Multi.Generic (1)
15:51:36.0437 5184 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:51:36.0578 5184 nm - ok
15:51:36.0609 5184 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
15:51:36.0625 5184 NPF - ok
15:51:36.0656 5184 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:51:36.0828 5184 Npfs - ok
15:51:36.0859 5184 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
15:51:36.0984 5184 NSCIRDA - ok
15:51:37.0046 5184 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:51:37.0250 5184 Ntfs - ok
15:51:37.0593 5184 [ 8AD12622C7FA674CB9979E3448AB89C6 ] ntk_dtv C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys
15:51:37.0609 5184 ntk_dtv - ok
15:51:37.0625 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:51:37.0765 5184 NtLmSsp - ok
15:51:37.0828 5184 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:51:38.0015 5184 NtmsSvc - ok
15:51:38.0031 5184 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:51:38.0156 5184 Null - ok
15:51:38.0812 5184 [ ED45706A29E5592F328B7970206F31D4 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:51:40.0796 5184 nv - ok
15:51:40.0828 5184 [ 8EB410A64C86D51007687EE00BC2F912 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
15:51:40.0859 5184 NVHDA - ok
15:51:40.0906 5184 [ 3DE292C1AE616DFBBC12C89A1F730127 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
15:51:40.0937 5184 nvsvc - ok
15:51:40.0968 5184 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:51:41.0109 5184 NwlnkFlt - ok
15:51:41.0125 5184 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:51:41.0250 5184 NwlnkFwd - ok
15:51:41.0265 5184 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:51:41.0421 5184 ohci1394 - ok
15:51:41.0500 5184 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:41.0515 5184 ose - ok
15:51:41.0687 5184 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:51:41.0828 5184 Parport - ok
15:51:41.0843 5184 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:51:42.0000 5184 PartMgr - ok
15:51:42.0031 5184 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:51:42.0171 5184 ParVdm - ok
15:51:42.0218 5184 [ B935FC153DF18752402616BA8DBB867C ] PCAMPR5 C:\WINDOWS\system32\PCAMPR5.SYS
15:51:42.0234 5184 PCAMPR5 ( UnsignedFile.Multi.Generic ) - warning
15:51:42.0234 5184 PCAMPR5 - detected UnsignedFile.Multi.Generic (1)
15:51:42.0250 5184 [ 2F9806B52CB3748B1E49222744B28E3C ] PCANDIS5 C:\WINDOWS\system32\PCANDIS5.SYS
15:51:42.0250 5184 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
15:51:42.0250 5184 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
15:51:42.0296 5184 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:51:42.0421 5184 PCI - ok
15:51:42.0421 5184 PCIDump - ok
15:51:42.0453 5184 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:51:42.0593 5184 PCIIde - ok
15:51:42.0625 5184 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:51:42.0765 5184 Pcmcia - ok
15:51:42.0781 5184 PDCOMP - ok
15:51:42.0781 5184 PDFRAME - ok
15:51:42.0796 5184 PDRELI - ok
15:51:42.0796 5184 PDRFRAME - ok
15:51:42.0812 5184 perc2 - ok
15:51:42.0828 5184 perc2hib - ok
15:51:42.0875 5184 [ F9C143FABED28D30372CD5254B8557E6 ] phildecn C:\WINDOWS\system32\DRIVERS\phildecn.sys
15:51:42.0890 5184 phildecn - ok
15:51:42.0921 5184 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:51:42.0953 5184 PlugPlay - ok
15:51:42.0968 5184 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:51:42.0984 5184 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:51:42.0984 5184 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:51:43.0000 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:51:43.0156 5184 PolicyAgent - ok
15:51:43.0187 5184 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:51:43.0343 5184 PptpMiniport - ok
15:51:43.0359 5184 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:51:43.0484 5184 Processor - ok
15:51:43.0500 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:51:43.0625 5184 ProtectedStorage - ok
15:51:43.0656 5184 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\System32\PSIService.exe
15:51:43.0671 5184 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
15:51:43.0671 5184 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
15:51:43.0687 5184 [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
15:51:43.0703 5184 psadd ( UnsignedFile.Multi.Generic ) - warning
15:51:43.0703 5184 psadd - detected UnsignedFile.Multi.Generic (1)
15:51:43.0718 5184 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:51:43.0734 5184 PSI_SVC_2 - ok
15:51:43.0765 5184 [ D7D37D6EB0EDC8F051E9E5C96FEE263A ] pssnap C:\WINDOWS\system32\DRIVERS\pssnap.sys
15:51:43.0765 5184 pssnap - ok
15:51:43.0781 5184 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:51:43.0890 5184 Ptilink - ok
15:51:43.0906 5184 [ 6C1B4DA4388BEFE2DD75875D5D743B43 ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
15:51:43.0921 5184 pwdrvio - ok
15:51:43.0937 5184 [ 2F59E9A21D6FAD7BC7E20BD1E9DE62BA ] pwdspio C:\WINDOWS\system32\pwdspio.sys
15:51:43.0968 5184 pwdspio - ok
15:51:44.0015 5184 [ 5D17052A59754A1C74DA571C27A0557E ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:51:44.0031 5184 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
15:51:44.0031 5184 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
15:51:44.0046 5184 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:51:44.0062 5184 QBFCService ( UnsignedFile.Multi.Generic ) - warning
15:51:44.0062 5184 QBFCService - detected UnsignedFile.Multi.Generic (1)
15:51:44.0140 5184 [ 131FA69F24175796380FA7D534A4B871 ] QBPOSDBServiceV9 C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe
15:51:44.0250 5184 QBPOSDBServiceV9 - ok
15:51:44.0296 5184 [ 25FC19BADF78B7FB1D835AAC4B0B91A5 ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
15:51:44.0359 5184 QBVSS ( UnsignedFile.Multi.Generic ) - warning
15:51:44.0359 5184 QBVSS - detected UnsignedFile.Multi.Generic (1)
15:51:44.0359 5184 ql1080 - ok
15:51:44.0359 5184 Ql10wnt - ok
15:51:44.0375 5184 ql12160 - ok
15:51:44.0375 5184 ql1240 - ok
15:51:44.0375 5184 ql1280 - ok
15:51:44.0406 5184 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:51:44.0515 5184 RasAcd - ok
15:51:44.0546 5184 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:51:44.0687 5184 RasAuto - ok
15:51:44.0703 5184 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:51:44.0796 5184 Rasirda - ok
15:51:44.0812 5184 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:51:44.0937 5184 Rasl2tp - ok
15:51:44.0968 5184 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:51:45.0109 5184 RasMan - ok
15:51:45.0125 5184 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:51:45.0250 5184 RasPppoe - ok
15:51:45.0296 5184 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:51:45.0406 5184 Raspti - ok
15:51:45.0437 5184 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:51:45.0562 5184 Rdbss - ok
15:51:45.0593 5184 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:51:45.0718 5184 RDPCDD - ok
15:51:45.0718 5184 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:51:45.0859 5184 rdpdr - ok
15:51:45.0890 5184 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:51:45.0921 5184 RDPWD - ok
15:51:45.0937 5184 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:51:46.0078 5184 RDSessMgr - ok
15:51:46.0093 5184 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:51:46.0234 5184 redbook - ok
15:51:46.0281 5184 [ 805FF688F3C53AB8028B62CCA3BF4D63 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
15:51:46.0296 5184 ReflectService.exe - ok
15:51:46.0328 5184 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\WINDOWS\system32\drivers\regi.sys
15:51:46.0343 5184 regi - ok
15:51:46.0390 5184 [ 89D87FE52AF0D06B5E56C3517360CDD8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:51:46.0421 5184 RegSrvc - ok
15:51:46.0468 5184 [ 335ADC4CD25E3E08051B916746D1F600 ] Remark FTP Utility C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe
15:51:46.0468 5184 Remark FTP Utility - ok
15:51:46.0500 5184 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:51:46.0656 5184 RemoteAccess - ok
15:51:46.0671 5184 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:51:46.0812 5184 RemoteRegistry - ok
15:51:46.0828 5184 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:51:46.0843 5184 Revoflt - ok
15:51:46.0875 5184 [ 571E6AE8D33F6AAAF342D0919630F901 ] rimspci C:\WINDOWS\system32\DRIVERS\rimspe86.sys
15:51:46.0890 5184 rimspci - ok
15:51:46.0906 5184 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
15:51:47.0031 5184 ROOTMODEM - ok
15:51:47.0062 5184 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
15:51:47.0078 5184 rpcapd - ok
15:51:47.0109 5184 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:51:47.0234 5184 RpcLocator - ok
15:51:47.0296 5184 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:51:47.0328 5184 RpcSs - ok
15:51:48.0031 5184 [ AB913046C995F509BD8BD80C089EA48D ] rpm C:\Program Files\RPM\rpmsrv.exe
15:51:48.0187 5184 rpm ( UnsignedFile.Multi.Generic ) - warning
15:51:48.0187 5184 rpm - detected UnsignedFile.Multi.Generic (1)
15:51:48.0218 5184 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:51:48.0328 5184 RSVP - ok
15:51:48.0343 5184 RTL8187B - ok
15:51:48.0375 5184 [ BA11D5F61A74E156BF6F33DDDD1AD1CE ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
15:51:48.0406 5184 RTL8192su - ok
15:51:48.0500 5184 [ D272FC5581526D8D124C2A1B071FB3EF ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
15:51:48.0562 5184 S24EventMonitor - ok
15:51:48.0578 5184 [ 27FC71DA659305E260ACBDA15A318399 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:51:48.0593 5184 s24trans - ok
15:51:48.0609 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:51:48.0734 5184 SamSs - ok
15:51:48.0765 5184 [ CA57D847403633D0D97114071B59C2B2 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
15:51:48.0796 5184 SbieDrv - ok
15:51:48.0843 5184 [ 5CC11034A2E22DFF623BC922090AEBAB ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
15:51:48.0859 5184 SbieSvc - ok
15:51:48.0890 5184 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:51:49.0031 5184 SCardSvr - ok
15:51:49.0062 5184 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
15:51:49.0078 5184 SCDEmu - ok
15:51:49.0093 5184 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:51:49.0234 5184 Schedule - ok
15:51:49.0265 5184 [ D1FACB3C7D12F439C18EF01AA88C2A9D ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:51:49.0296 5184 sdbus - ok
15:51:49.0312 5184 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:51:49.0421 5184 Secdrv - ok
15:51:49.0437 5184 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:51:49.0937 5184 seclogon - ok
15:51:49.0953 5184 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:51:50.0078 5184 SENS - ok
15:51:50.0093 5184 [ FABB763BC9CACB020EB8E2F230AB8C66 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:51:50.0125 5184 Ser2pl - ok
15:51:50.0140 5184 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:51:50.0328 5184 serenum - ok
15:51:50.0343 5184 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:51:50.0468 5184 Serial - ok
15:51:50.0500 5184 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:51:50.0625 5184 Sfloppy - ok
15:51:50.0671 5184 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:51:50.0812 5184 SharedAccess - ok
15:51:50.0843 5184 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:51:50.0859 5184 ShellHWDetection - ok
15:51:50.0890 5184 [ BC31655A03D9E9ED6F7116BAFB9B38C7 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
15:51:50.0906 5184 Shockprf - ok
15:51:50.0906 5184 Simbad - ok
15:51:50.0937 5184 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:51:50.0953 5184 SkypeUpdate - ok
15:51:50.0968 5184 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:51:51.0093 5184 SLIP - ok
15:51:51.0125 5184 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
15:51:51.0125 5184 Smapint ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0125 5184 Smapint - detected UnsignedFile.Multi.Generic (1)
15:51:51.0156 5184 [ 9ACBC471D86ED01A6F6BF30394C8ACEF ] smbusp C:\WINDOWS\system32\DRIVERS\intelsmb.sys
15:51:51.0171 5184 smbusp ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0171 5184 smbusp - detected UnsignedFile.Multi.Generic (1)
15:51:51.0187 5184 [ BDC46E011B863B02607DF88771F9BC29 ] SMDRV C:\WINDOWS\system32\drivers\SMDRV.SYS
15:51:51.0187 5184 SMDRV ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0187 5184 SMDRV - detected UnsignedFile.Multi.Generic (1)
15:51:51.0218 5184 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
15:51:51.0234 5184 smihlp - ok
15:51:51.0265 5184 [ A247EF7B238795EBBC33744221A391DE ] SMServer C:\WINDOWS\system32\snmvtsvc.exe
15:51:51.0281 5184 SMServer ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0281 5184 SMServer - detected UnsignedFile.Multi.Generic (1)
15:51:51.0296 5184 smwdm - ok
15:51:51.0328 5184 [ DA44FCEBF4EFB826667ED1FAB6159BEA ] SndTAudio C:\WINDOWS\system32\drivers\SndTAudio.sys
15:51:51.0343 5184 SndTAudio ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0343 5184 SndTAudio - detected UnsignedFile.Multi.Generic (1)
15:51:51.0375 5184 [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto C:\WINDOWS\system32\DRIVERS\Soluto.sys
15:51:51.0375 5184 Soluto - ok
15:51:51.0421 5184 [ 39D0BBAFB94DE8F1D14ABD575EA32381 ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
15:51:51.0437 5184 SolutoLauncherService - ok
15:51:51.0468 5184 [ BCA25A87AD78FEDAC5C5ABD92DB3BECD ] SolutoRemoteService C:\Program Files\Soluto\SolutoRemoteService.exe
15:51:51.0515 5184 SolutoRemoteService ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0515 5184 SolutoRemoteService - detected UnsignedFile.Multi.Generic (1)
15:51:51.0546 5184 [ 34EB2B1D8BB151D10A3F189FE21C9A36 ] SolutoService C:\Program Files\Soluto\SolutoService.exe
15:51:51.0578 5184 SolutoService - ok
15:51:51.0578 5184 Sparrow - ok
15:51:51.0609 5184 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
15:51:51.0625 5184 speedfan - ok
15:51:51.0671 5184 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:51:51.0812 5184 splitter - ok
15:51:51.0828 5184 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:51:51.0859 5184 Spooler - ok
15:51:51.0890 5184 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:51:52.0015 5184 sr - ok
15:51:52.0046 5184 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:51:52.0187 5184 srservice - ok
15:51:52.0203 5184 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:51:52.0234 5184 Srv - ok
15:51:52.0250 5184 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:51:52.0390 5184 SSDPSRV - ok
15:51:52.0406 5184 [ FDAEB4E13915D9096E10A334318481EA ] ssecbus C:\WINDOWS\system32\DRIVERS\ssecbus.sys
15:51:52.0421 5184 ssecbus - ok
15:51:52.0421 5184 [ 58D6E84ECD0AB3B90702BE52ED8718C9 ] ssecmdfl C:\WINDOWS\system32\DRIVERS\ssecmdfl.sys
15:51:52.0437 5184 ssecmdfl - ok
15:51:52.0453 5184 [ 1C559A3E8DE75D68603ED6BFCF7449CF ] ssecmdm C:\WINDOWS\system32\DRIVERS\ssecmdm.sys
15:51:52.0468 5184 ssecmdm - ok
15:51:52.0500 5184 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:51:52.0609 5184 StillCam - ok
15:51:52.0640 5184 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:51:52.0781 5184 stisvc - ok
15:51:52.0796 5184 [ 8AFA1B80366276F8345A6B61E0DF2F3E ] stmtpm C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
15:51:52.0828 5184 stmtpm - ok
15:51:52.0843 5184 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:51:52.0968 5184 streamip - ok
15:51:53.0015 5184 [ 422394FDF08173E04038781AEC0E447C ] STSService C:\Program Files\SoundTaxi Media Suite\STSService.exe
15:51:53.0031 5184 STSService ( UnsignedFile.Multi.Generic ) - warning
15:51:53.0031 5184 STSService - detected UnsignedFile.Multi.Generic (1)
15:51:53.0078 5184 [ ECD5A069C1A1F1E7A10E92DA0DB54D61 ] stunnel C:\Program Files\Stunnel\stunnel.exe
15:51:53.0078 5184 stunnel ( UnsignedFile.Multi.Generic ) - warning
15:51:53.0078 5184 stunnel - detected UnsignedFile.Multi.Generic (1)
15:51:53.0093 5184 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:51:53.0234 5184 swenum - ok
15:51:53.0250 5184 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:51:53.0375 5184 swmidi - ok
15:51:53.0390 5184 SwPrv - ok
15:51:53.0390 5184 SWVNIC - ok
15:51:53.0406 5184 symc810 - ok
15:51:53.0406 5184 symc8xx - ok
15:51:53.0421 5184 sym_hi - ok
15:51:53.0437 5184 sym_u3 - ok
15:51:53.0484 5184 [ 2185CC5BE9922562108CF87F42E4BBAF ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:51:53.0546 5184 SynTP - ok
15:51:53.0562 5184 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:51:53.0687 5184 sysaudio - ok
15:51:53.0718 5184 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:51:53.0859 5184 SysmonLog - ok
15:51:53.0875 5184 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:51:54.0015 5184 TapiSrv - ok
15:51:54.0046 5184 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:51:54.0078 5184 Tcpip - ok
15:51:54.0109 5184 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
15:51:54.0125 5184 TcUsb - ok
15:51:54.0140 5184 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:51:54.0265 5184 TDPIPE - ok
15:51:54.0296 5184 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
15:51:54.0296 5184 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
15:51:54.0296 5184 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
15:51:54.0296 5184 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:51:54.0437 5184 TDTCP - ok
15:51:54.0453 5184 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:51:54.0578 5184 TermDD - ok
15:51:54.0609 5184 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:51:54.0750 5184 TermService - ok
15:51:54.0781 5184 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:51:54.0796 5184 Themes - ok
15:51:54.0796 5184 timounter - ok
15:51:54.0828 5184 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:51:54.0953 5184 TlntSvr - ok
15:51:55.0000 5184 [ 7B1EC7D932018CAE44DA2E2106CBEE44 ] ToolTipFixer C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
15:51:55.0015 5184 ToolTipFixer ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0015 5184 ToolTipFixer - detected UnsignedFile.Multi.Generic (1)
15:51:55.0015 5184 TosIde - ok
15:51:55.0031 5184 [ 17C902C6FD47E0DE6A29EA6312A41EEA ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
15:51:55.0046 5184 Tp4Track ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0046 5184 Tp4Track - detected UnsignedFile.Multi.Generic (1)
15:51:55.0062 5184 [ C5DC9E462407B274B504DE2AA3220C2E ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
15:51:55.0078 5184 TPDIGIMN - ok
15:51:55.0093 5184 [ 4B2F57221E4CA268967EED0C4F2B7726 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
15:51:55.0109 5184 TPHDEXLGSVC - ok
15:51:55.0140 5184 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
15:51:55.0171 5184 TPHKDRV - ok
15:51:55.0218 5184 [ 1DBF0267CEBF80F0BD24DFE895367DB5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
15:51:55.0234 5184 TPHKLOAD - ok
15:51:55.0250 5184 [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:51:55.0265 5184 TPHKSVC - ok
15:51:55.0281 5184 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
15:51:55.0296 5184 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0296 5184 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
15:51:55.0312 5184 [ 8D6678AAAB7CA42A71999E7B931CDF1D ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
15:51:55.0328 5184 TPPWR ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0328 5184 TPPWR - detected UnsignedFile.Multi.Generic (1)
15:51:55.0343 5184 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:51:55.0484 5184 TrkWks - ok
15:51:55.0500 5184 [ 9016639C71328E4667D06119937AA20A ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
15:51:55.0515 5184 trufos - ok
15:51:55.0562 5184 [ F48BABF1CC195A33D3BC959A3478A8D1 ] ts_lb C:\WINDOWS\system32\drivers\ts_lb.sys
15:51:55.0578 5184 ts_lb - ok
15:51:55.0593 5184 tvMobiliService - ok
15:51:55.0609 5184 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:51:55.0750 5184 Udfs - ok
15:51:55.0750 5184 ultra - ok
15:51:55.0781 5184 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
15:51:55.0781 5184 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0781 5184 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
15:51:55.0875 5184 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:51:55.0968 5184 UNS - ok
15:51:56.0000 5184 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:51:56.0140 5184 Update - ok
15:51:56.0203 5184 [ 3CC00597A30B23757AA23CB677918BEF ] Update Server C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
15:51:56.0218 5184 Update Server - ok
15:51:56.0281 5184 [ 03579BEC2E930B92EFD6D4E7F899CFF5 ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
15:51:56.0281 5184 UPDATESRV - ok
15:51:56.0312 5184 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
15:51:56.0312 5184 UPHClean ( UnsignedFile.Multi.Generic ) - warning
15:51:56.0312 5184 UPHClean - detected UnsignedFile.Multi.Generic (1)
15:51:56.0359 5184 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:51:56.0500 5184 upnphost - ok
15:51:56.0515 5184 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:51:56.0640 5184 UPS - ok
15:51:56.0671 5184 [ EFFAF949D2E4026FB3A75689DF7CF01A ] USB-100 C:\WINDOWS\system32\DRIVERS\USBKR100.SYS
15:51:56.0687 5184 USB-100 ( UnsignedFile.Multi.Generic ) - warning
15:51:56.0687 5184 USB-100 - detected UnsignedFile.Multi.Generic (1)
15:51:56.0703 5184 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:51:56.0843 5184 usbaudio - ok
15:51:56.0859 5184 [ D9F3BB7C292F194F3B053CE295754EB8 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
15:51:56.0875 5184 usbbus ( UnsignedFile.Multi.Generic ) - warning
15:51:56.0875 5184 usbbus - detected UnsignedFile.Multi.Generic (1)
15:51:56.0890 5184 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:51:57.0015 5184 usbccgp - ok
15:51:57.0062 5184 [ C4F77DA649F99FAD116EA585376FC164 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
15:51:57.0078 5184 UsbDiag ( UnsignedFile.Multi.Generic ) - warning
15:51:57.0078 5184 UsbDiag - detected UnsignedFile.Multi.Generic (1)
15:51:57.0109 5184 [ A09173673303D72C64A16FB7FAC74BD1 ] USBDLM C:\Program Files\USBDLM\USBDLM.exe
15:51:57.0125 5184 USBDLM ( UnsignedFile.Multi.Generic ) - warning
15:51:57.0125 5184 USBDLM - detected UnsignedFile.Multi.Generic (1)
15:51:57.0140 5184 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:51:57.0281 5184 usbehci - ok
15:51:57.0296 5184 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:51:57.0437 5184 usbhub - ok
15:51:57.0437 5184 [ C0613CE45E617BC671DE8EBB1B30D175 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
15:51:57.0453 5184 USBModem ( UnsignedFile.Multi.Generic ) - warning
15:51:57.0453 5184 USBModem - detected UnsignedFile.Multi.Generic (1)
15:51:57.0453 5184 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:51:57.0593 5184 usbprint - ok
15:51:57.0593 5184 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:51:57.0734 5184 usbscan - ok
15:51:57.0750 5184 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:51:57.0875 5184 USBSTOR - ok
15:51:57.0875 5184 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:51:58.0000 5184 usbuhci - ok
15:51:58.0015 5184 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:51:58.0140 5184 usbvideo - ok
15:51:58.0203 5184 [ 71867D71C0D15CE63B8621DC41421F6F ] uvnc_service C:\Program Files\UltraVNC\WinVNC.exe
15:51:58.0312 5184 uvnc_service - ok
15:51:58.0343 5184 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:51:58.0468 5184 VgaSave - ok
15:51:58.0468 5184 ViaIde - ok
15:51:58.0500 5184 [ 303F1100F686453DE134FE9DEBB431FC ] vmfilter323 C:\WINDOWS\system32\drivers\vmfilter323.sys
15:51:58.0687 5184 vmfilter323 - ok
15:51:58.0703 5184 [ B67632451F760797BB183E1FB99F4B39 ] vnccom C:\WINDOWS\system32\Drivers\vnccom.SYS
15:51:58.0703 5184 vnccom ( UnsignedFile.Multi.Generic ) - warning
15:51:58.0703 5184 vnccom - detected UnsignedFile.Multi.Generic (1)
15:51:58.0718 5184 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys
15:51:58.0734 5184 vncdrv ( UnsignedFile.Multi.Generic ) - warning
15:51:58.0734 5184 vncdrv - detected UnsignedFile.Multi.Generic (1)
15:51:58.0734 5184 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:51:58.0875 5184 VolSnap - ok
15:51:58.0906 5184 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:51:59.0031 5184 VSS - ok
15:51:59.0046 5184 VSSERV - ok
15:51:59.0062 5184 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:51:59.0203 5184 W32Time - ok
15:51:59.0234 5184 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:51:59.0359 5184 Wanarp - ok
15:51:59.0375 5184 [ 4C0B8EF721783F52F8E531FBDC4B1F74 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:51:59.0500 5184 wceusbsh - ok
15:51:59.0531 5184 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:51:59.0562 5184 Wdf01000 - ok
15:51:59.0578 5184 WDICA - ok
15:51:59.0593 5184 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:51:59.0718 5184 wdmaud - ok
15:51:59.0734 5184 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:51:59.0890 5184 WebClient - ok
15:51:59.0921 5184 [ 9AD66687D0753B14E24CC2D4982927B7 ] WebDriveFSD C:\Program Files\WebDrive\wdfsd.sys
15:51:59.0937 5184 WebDriveFSD - ok
15:51:59.0984 5184 [ 6820484B9C655B0F7C780CC3C557F516 ] WebDriveService C:\Program Files\WebDrive\wdService.exe
15:52:00.0062 5184 WebDriveService - ok
15:52:00.0093 5184 [ E08CA06BD56B66D6565123445ADB37A6 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:52:00.0140 5184 winachsf - ok
15:52:00.0187 5184 [ 451F905BC7BFF9E1CFF2E7AE76196B2C ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
15:52:00.0218 5184 WinDriver6 - ok
15:52:00.0265 5184 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:52:00.0421 5184 winmgmt - ok
15:52:00.0453 5184 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:52:00.0468 5184 WinUSB - ok
15:52:00.0515 5184 [ DDA0A4CCAA58CFD178771F268E23F88C ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
15:52:00.0546 5184 WLANKEEPER - ok
15:52:00.0562 5184 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:52:00.0593 5184 WmdmPmSN - ok
15:52:00.0640 5184 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:52:00.0687 5184 Wmi - ok
15:52:00.0718 5184 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:52:00.0859 5184 WmiAcpi - ok
15:52:00.0890 5184 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:52:01.0046 5184 WmiApSrv - ok
15:52:01.0078 5184 [ BE35756C940B30B8C173E910EECE175B ] wovad_micarray C:\WINDOWS\system32\drivers\womic.sys
15:52:01.0093 5184 wovad_micarray ( UnsignedFile.Multi.Generic ) - warning
15:52:01.0093 5184 wovad_micarray - detected UnsignedFile.Multi.Generic (1)
15:52:01.0109 5184 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:52:01.0125 5184 WpdUsb - ok
15:52:01.0218 5184 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:52:01.0265 5184 WPFFontCache_v0400 - ok
15:52:01.0296 5184 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:52:01.0437 5184 WS2IFSL - ok
15:52:01.0468 5184 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:52:01.0625 5184 wscsvc - ok
15:52:01.0640 5184 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:52:01.0812 5184 WSTCODEC - ok
15:52:01.0843 5184 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:52:01.0906 5184 wuauserv - ok
15:52:01.0921 5184 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:52:01.0968 5184 WudfPf - ok
15:52:01.0968 5184 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:52:01.0984 5184 WudfRd - ok
15:52:02.0000 5184 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:52:02.0031 5184 WudfSvc - ok
15:52:02.0062 5184 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:52:02.0234 5184 WZCSVC - ok
15:52:02.0250 5184 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:52:02.0406 5184 xmlprov - ok
15:52:02.0437 5184 [ 53E9AE94C9F8D0CB29BAC368A2DE0AD2 ] ZSMC326 C:\WINDOWS\system32\Drivers\usbvm323.sys
15:52:02.0453 5184 ZSMC326 - ok
15:52:02.0500 5184 ================ Scan global ===============================
15:52:02.0515 5184 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:52:02.0546 5184 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:52:02.0578 5184 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:52:02.0593 5184 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:52:02.0593 5184 [Global] - ok
15:52:02.0593 5184 ================ Scan MBR ==================================
15:52:02.0609 5184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:52:03.0171 5184 \Device\Harddisk0\DR0 - ok
15:52:03.0171 5184 ================ Scan VBR ==================================
15:52:03.0187 5184 [ 20B5E3FEAF69D067F2BCD754E6238689 ] \Device\Harddisk0\DR0\Partition1
15:52:03.0187 5184 \Device\Harddisk0\DR0\Partition1 - ok
15:52:03.0203 5184 [ 627D700195F48507B6C3B345B6EC8843 ] \Device\Harddisk0\DR0\Partition2
15:52:03.0203 5184 \Device\Harddisk0\DR0\Partition2 - ok
15:52:03.0218 5184 [ 6986BB08000E1D5DFD001F32E770BA48 ] \Device\Harddisk0\DR0\Partition3
15:52:03.0234 5184 \Device\Harddisk0\DR0\Partition3 - ok
15:52:03.0234 5184 ============================================================
15:52:03.0234 5184 Scan finished
15:52:03.0234 5184 ============================================================
15:52:03.0359 5208 Detected object count: 51
15:52:03.0359 5208 Actual detected object count: 51
15:53:36.0671 5208 AgereSoftModem ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0671 5208 AgereSoftModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0671 5208 AnyDVD ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0671 5208 AnyDVD ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0687 5208 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0687 5208 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0687 5208 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0687 5208 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0687 5208 Cwbrxd ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0687 5208 Cwbrxd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0703 5208 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0703 5208 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0703 5208 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0703 5208 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0703 5208 FJTWMKSV ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0703 5208 FJTWMKSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0718 5208 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0718 5208 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0718 5208 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0718 5208 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0718 5208 hmonitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0718 5208 hmonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0734 5208 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0734 5208 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0734 5208 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0734 5208 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0734 5208 Intuit Entitlement Service v6.0 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0734 5208 Intuit Entitlement Service v6.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0750 5208 mamotou ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0750 5208 mamotou ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0750 5208 MaVctrl ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0750 5208 MaVctrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0750 5208 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0750 5208 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0765 5208 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0765 5208 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0765 5208 nltdi ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0765 5208 nltdi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0765 5208 PCAMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0765 5208 PCAMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0781 5208 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0781 5208 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0781 5208 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0781 5208 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0781 5208 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0781 5208 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0796 5208 psadd ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0796 5208 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0796 5208 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0796 5208 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0796 5208 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0796 5208 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 rpm ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 rpm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 smbusp ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 smbusp ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SMDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SMDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SMServer ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SMServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SndTAudio ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SndTAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SolutoRemoteService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SolutoRemoteService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 STSService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 STSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 stunnel ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 stunnel ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 ToolTipFixer ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 ToolTipFixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 Tp4Track ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 Tp4Track ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 TPPWR ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 TPPWR ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 USB-100 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 USB-100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 usbbus ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 usbbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 UsbDiag ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 UsbDiag ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 USBDLM ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 USBDLM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 USBModem ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 USBModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 vnccom ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 wovad_micarray ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 wovad_micarray ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
docfxit
Posted 27 January 2013 - 06:19 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
15:50:29.0812 5104 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:50:30.0359 5104 ============================================================
15:50:30.0359 5104 Current date / time: 2013/01/27 15:50:30.0359
15:50:30.0359 5104 SystemInfo:
15:50:30.0359 5104
15:50:30.0359 5104 OS Version: 5.1.2600 ServicePack: 3.0
15:50:30.0359 5104 Product type: Workstation
15:50:30.0359 5104 ComputerName: DOCFXITLT
15:50:30.0359 5104 UserName: Gary
15:50:30.0359 5104 Windows directory: C:\WINDOWS
15:50:30.0359 5104 System windows directory: C:\WINDOWS
15:50:30.0359 5104 Processor architecture: Intel x86
15:50:30.0359 5104 Number of processors: 4
15:50:30.0359 5104 Page size: 0x1000
15:50:30.0359 5104 Boot type: Normal boot
15:50:30.0359 5104 ============================================================
15:50:31.0390 5104 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:50:31.0390 5104 ============================================================
15:50:31.0390 5104 \Device\Harddisk0\DR0:
15:50:31.0390 5104 MBR partitions:
15:50:31.0390 5104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x190882D1
15:50:31.0390 5104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19088310, BlocksNum 0x8C54C40
15:50:31.0390 5104 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21CDD000, BlocksNum 0x186A8800
15:50:31.0390 5104 ============================================================
15:50:31.0421 5104 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:31.0453 5104 D: <-> \Device\Harddisk0\DR0\Partition3
15:50:31.0500 5104 F: <-> \Device\Harddisk0\DR0\Partition2
15:50:31.0500 5104 ============================================================
15:50:31.0500 5104 Initialize success
15:50:31.0500 5104 ============================================================
15:51:10.0296 5184 ============================================================
15:51:10.0296 5184 Scan started
15:51:10.0296 5184 Mode: Manual; SigCheck; TDLFS;
15:51:10.0296 5184 ============================================================
15:51:10.0625 5184 ================ Scan system memory ========================
15:51:11.0218 5184 System memory - ok
15:51:11.0218 5184 ================ Scan services =============================
15:51:11.0359 5184 [ A6FF6799B541BACB73C69269F4BF326D ] 5U877 C:\WINDOWS\system32\DRIVERS\5U877.sys
15:51:11.0640 5184 5U877 - ok
15:51:11.0640 5184 Abiosdsk - ok
15:51:11.0656 5184 abp480n5 - ok
15:51:11.0687 5184 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:51:11.0906 5184 ACPI - ok
15:51:11.0921 5184 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:51:12.0031 5184 ACPIEC - ok
15:51:12.0062 5184 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
15:51:12.0078 5184 adfs - ok
15:51:12.0078 5184 adpu160m - ok
15:51:12.0078 5184 aeaudio - ok
15:51:12.0109 5184 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:51:12.0250 5184 aec - ok
15:51:12.0265 5184 [ 2722F2BEDF14C4F7A2EBB4B468892F68 ] AEIWL C:\WINDOWS\system32\DRIVERS\AEIWLNDS.sys
15:51:12.0296 5184 AEIWL - ok
15:51:12.0328 5184 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:51:12.0343 5184 AFD - ok
15:51:12.0390 5184 [ 9B0295DDE5E9DE149593B5279353DBEB ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:51:12.0437 5184 AgereSoftModem ( UnsignedFile.Multi.Generic ) - warning
15:51:12.0437 5184 AgereSoftModem - detected UnsignedFile.Multi.Generic (1)
15:51:12.0453 5184 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:51:12.0593 5184 agp440 - ok
15:51:12.0593 5184 Aha154x - ok
15:51:12.0593 5184 aic78u2 - ok
15:51:12.0609 5184 aic78xx - ok
15:51:12.0640 5184 [ CB5A5079744A0535416D3A5E462C5EFE ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
15:51:12.0687 5184 aksfridge - ok
15:51:12.0718 5184 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:51:12.0875 5184 Alerter - ok
15:51:12.0890 5184 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:51:13.0031 5184 ALG - ok
15:51:13.0031 5184 AliIde - ok
15:51:13.0046 5184 amsint - ok
15:51:13.0062 5184 [ D1FC4AC47A26D5B666654258126540D9 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
15:51:13.0062 5184 AnyDVD ( UnsignedFile.Multi.Generic ) - warning
15:51:13.0062 5184 AnyDVD - detected UnsignedFile.Multi.Generic (1)
15:51:13.0125 5184 [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
15:51:13.0125 5184 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
15:51:13.0125 5184 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
15:51:13.0156 5184 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:51:13.0296 5184 AppMgmt - ok
15:51:13.0312 5184 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:51:13.0437 5184 Arp1394 - ok
15:51:13.0453 5184 asc - ok
15:51:13.0453 5184 asc3350p - ok
15:51:13.0453 5184 asc3550 - ok
15:51:13.0546 5184 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:51:13.0562 5184 aspnet_state - ok
15:51:13.0578 5184 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:51:13.0718 5184 AsyncMac - ok
15:51:13.0750 5184 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:51:13.0890 5184 atapi - ok
15:51:13.0890 5184 Atdisk - ok
15:51:13.0921 5184 [ BF997DFD2969902D9F7B983C1BA95811 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
15:51:13.0937 5184 Ati HotKey Poller - ok
15:51:13.0984 5184 [ 5719F857136EE618F6EC7A5CCD9FB7AB ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:51:14.0062 5184 ati2mtag - ok
15:51:14.0078 5184 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:51:14.0218 5184 Atmarpc - ok
15:51:14.0250 5184 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:51:14.0390 5184 AudioSrv - ok
15:51:14.0406 5184 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:51:14.0531 5184 audstub - ok
15:51:14.0546 5184 [ 9AD5AA947569DB289CE81B1B1D47BA00 ] avc3 C:\WINDOWS\system32\DRIVERS\avc3.sys
15:51:14.0609 5184 avc3 - ok
15:51:14.0640 5184 [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv C:\WINDOWS\system32\DRIVERS\avchv.sys
15:51:14.0656 5184 avchv - ok
15:51:14.0703 5184 [ 44A93102C687D6A491902F52B60CD4D2 ] avckf C:\WINDOWS\system32\DRIVERS\avckf.sys
15:51:14.0734 5184 avckf - ok
15:51:14.0765 5184 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
15:51:14.0765 5184 BANTExt ( UnsignedFile.Multi.Generic ) - warning
15:51:14.0765 5184 BANTExt - detected UnsignedFile.Multi.Generic (1)
15:51:14.0781 5184 [ 5EF7AC38B4A7DC80860D7FFAFAC78C36 ] bdfsfltr C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
15:51:14.0796 5184 bdfsfltr - ok
15:51:14.0859 5184 [ F7D825F7E47D8A7865F5D2156B1B7A24 ] bdftdif C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
15:51:14.0875 5184 bdftdif - ok
15:51:14.0906 5184 [ E260C0079B5C1107B87E98F356292004 ] bdsandbox C:\WINDOWS\system32\drivers\bdsandbox.sys
15:51:14.0906 5184 bdsandbox - ok
15:51:14.0937 5184 [ A9A33963C8358979827D1A75B20C0423 ] bdselfpr C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys
15:51:14.0968 5184 bdselfpr - ok
15:51:14.0984 5184 [ 375CD0B9F433465EC6F50D4DF44E9448 ] BDVEDISK C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
15:51:15.0000 5184 BDVEDISK - ok
15:51:15.0031 5184 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:51:15.0156 5184 Beep - ok
15:51:15.0187 5184 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:51:15.0406 5184 BITS - ok
15:51:15.0421 5184 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:51:15.0453 5184 Browser - ok
15:51:15.0484 5184 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
15:51:15.0500 5184 btaudio - ok
15:51:15.0515 5184 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
15:51:15.0531 5184 BTDriver - ok
15:51:15.0578 5184 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:51:15.0625 5184 BTKRNL - ok
15:51:15.0687 5184 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
15:51:15.0718 5184 btwdins - ok
15:51:15.0734 5184 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
15:51:15.0750 5184 BTWDNDIS - ok
15:51:15.0765 5184 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
15:51:15.0781 5184 btwhid - ok
15:51:15.0796 5184 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
15:51:15.0796 5184 BTWUSB - ok
15:51:15.0812 5184 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:51:15.0953 5184 cbidf2k - ok
15:51:15.0968 5184 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:51:16.0109 5184 CCDECODE - ok
15:51:16.0125 5184 cd20xrnt - ok
15:51:16.0125 5184 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:51:16.0265 5184 Cdaudio - ok
15:51:16.0281 5184 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:51:16.0437 5184 Cdfs - ok
15:51:16.0484 5184 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:51:16.0640 5184 Cdrom - ok
15:51:16.0640 5184 Changer - ok
15:51:16.0812 5184 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
15:51:16.0984 5184 cisvc - ok
15:51:17.0078 5184 [ 6C99DE57C87D6F3EE85998A7E49F7BF9 ] CLDTVHNService C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
15:51:17.0093 5184 CLDTVHNService - ok
15:51:17.0125 5184 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:51:17.0281 5184 ClipSrv - ok
15:51:17.0312 5184 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:17.0328 5184 clr_optimization_v2.0.50727_32 - ok
15:51:17.0343 5184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:17.0359 5184 clr_optimization_v4.0.30319_32 - ok
15:51:17.0390 5184 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:51:17.0546 5184 CmBatt - ok
15:51:17.0546 5184 CmdIde - ok
15:51:17.0593 5184 [ CCE576878D626AE07F6932DF57503CED ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys
15:51:17.0671 5184 CnxtHdAudService - ok
15:51:17.0718 5184 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:51:17.0859 5184 Compbatt - ok
15:51:17.0859 5184 COMSysApp - ok
15:51:17.0875 5184 Cpqarray - ok
15:51:17.0906 5184 [ 96EBCE6B6579A4AAC2C5A82F93CA3A52 ] CprDrvr C:\WINDOWS\system32\DRIVERS\CprDrvr.sys
15:51:17.0921 5184 CprDrvr - ok
15:51:17.0953 5184 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:51:17.0968 5184 cpudrv - ok
15:51:17.0984 5184 [ 743C403D20A89DB5ED84C874768B7119 ] cpuz133 C:\WINDOWS\system32\drivers\cpuz133_x32.sys
15:51:18.0000 5184 cpuz133 - ok
15:51:18.0015 5184 cpuz135 - ok
15:51:18.0015 5184 cpuz136 - ok
15:51:18.0031 5184 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:51:18.0171 5184 CryptSvc - ok
15:51:18.0187 5184 [ 9149AE69296322678AE3AD5D2BFB88BC ] CV2K1 C:\WINDOWS\system32\DRIVERS\cv2k1.sys
15:51:18.0203 5184 CV2K1 - ok
15:51:18.0234 5184 [ 57015A01DFE25DB151C0CD5A548B796F ] Cwbrxd C:\WINDOWS\CWBRXD.EXE
15:51:18.0234 5184 Cwbrxd ( UnsignedFile.Multi.Generic ) - warning
15:51:18.0234 5184 Cwbrxd - detected UnsignedFile.Multi.Generic (1)
15:51:18.0234 5184 dac2w2k - ok
15:51:18.0250 5184 dac960nt - ok
15:51:18.0281 5184 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:51:18.0468 5184 DcomLaunch - ok
15:51:18.0484 5184 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:51:18.0640 5184 Dhcp - ok
15:51:18.0656 5184 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:51:18.0796 5184 Disk - ok
15:51:18.0812 5184 dmadmin - ok
15:51:18.0812 5184 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:51:19.0000 5184 dmboot - ok
15:51:19.0000 5184 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
15:51:19.0156 5184 dmio - ok
15:51:19.0156 5184 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:51:19.0281 5184 dmload - ok
15:51:19.0312 5184 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:51:19.0437 5184 dmserver - ok
15:51:19.0453 5184 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:51:19.0609 5184 DMusic - ok
15:51:19.0609 5184 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
15:51:19.0625 5184 DNE - ok
15:51:19.0640 5184 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:51:19.0656 5184 Dnscache - ok
15:51:19.0687 5184 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:51:19.0828 5184 Dot3svc - ok
15:51:19.0828 5184 dpti2o - ok
15:51:19.0843 5184 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:51:19.0968 5184 drmkaud - ok
15:51:20.0000 5184 DUMeterSvc - ok
15:51:20.0015 5184 [ FAE8B6B311F898DF3D19BC638E980CA5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:51:20.0062 5184 E100B - ok
15:51:20.0093 5184 [ 361F5D93D53B46E34EF1823259C37328 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
15:51:20.0109 5184 e1kexpress - ok
15:51:20.0125 5184 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:51:20.0265 5184 EapHost - ok
15:51:20.0281 5184 [ FADE3C8099D7570C090738453D29123E ] EGATHDRV C:\WINDOWS\System32\EGATHDRV.SYS
15:51:20.0296 5184 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
15:51:20.0296 5184 EGATHDRV - detected UnsignedFile.Multi.Generic (1)
15:51:20.0328 5184 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:51:20.0468 5184 ERSvc - ok
15:51:20.0500 5184 [ C2370B7A25174C0FB8FB10A19E091B46 ] EterlogicVirtualSerialDriver C:\WINDOWS\system32\drivers\VSPE.sys
15:51:20.0500 5184 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - warning
15:51:20.0500 5184 EterlogicVirtualSerialDriver - detected UnsignedFile.Multi.Generic (1)
15:51:20.0531 5184 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:51:20.0562 5184 Eventlog - ok
15:51:20.0593 5184 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:51:20.0625 5184 EventSystem - ok
15:51:20.0703 5184 [ 7635B73FEC87F78E3A2D7ABAA5AC89B0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:51:20.0750 5184 EvtEng - ok
15:51:20.0781 5184 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:51:20.0921 5184 Fastfat - ok
15:51:20.0953 5184 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:51:21.0000 5184 FastUserSwitchingCompatibility - ok
15:51:21.0015 5184 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:51:21.0156 5184 Fdc - ok
15:51:21.0156 5184 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:51:21.0296 5184 Fips - ok
15:51:21.0359 5184 [ C87B91DC6C2E3965B107FCC9985DA1E4 ] FJTWMKSV C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
15:51:21.0359 5184 FJTWMKSV ( UnsignedFile.Multi.Generic ) - warning
15:51:21.0359 5184 FJTWMKSV - detected UnsignedFile.Multi.Generic (1)
15:51:21.0406 5184 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:51:21.0468 5184 FLEXnet Licensing Service - ok
15:51:21.0468 5184 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:51:21.0625 5184 Flpydisk - ok
15:51:21.0625 5184 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:51:21.0765 5184 FltMgr - ok
15:51:21.0828 5184 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:51:21.0843 5184 FontCache3.0.0.0 - ok
15:51:21.0859 5184 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:51:21.0984 5184 Fs_Rec - ok
15:51:22.0000 5184 [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
15:51:22.0015 5184 FTDIBUS - ok
15:51:22.0046 5184 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:51:22.0171 5184 Ftdisk - ok
15:51:22.0187 5184 [ 678A73F56DDF84A08C31123C386E9967 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
15:51:22.0187 5184 FTSER2K - ok
15:51:22.0203 5184 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
15:51:22.0203 5184 giveio ( UnsignedFile.Multi.Generic ) - warning
15:51:22.0203 5184 giveio - detected UnsignedFile.Multi.Generic (1)
15:51:22.0218 5184 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:51:22.0343 5184 Gpc - ok
15:51:22.0390 5184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:51:22.0406 5184 gupdate - ok
15:51:22.0406 5184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:51:22.0421 5184 gupdatem - ok
15:51:22.0453 5184 [ 9DE9A7A19195C57EF38B4EE25422F2D7 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
15:51:22.0484 5184 Hardlock - ok
15:51:22.0500 5184 hasplms - ok
15:51:22.0515 5184 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
15:51:22.0531 5184 Haspnt ( UnsignedFile.Multi.Generic ) - warning
15:51:22.0531 5184 Haspnt - detected UnsignedFile.Multi.Generic (1)
15:51:22.0546 5184 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:51:22.0687 5184 HDAudBus - ok
15:51:22.0703 5184 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
15:51:22.0750 5184 HECI - ok
15:51:22.0796 5184 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:51:22.0937 5184 helpsvc - ok
15:51:22.0968 5184 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:51:23.0109 5184 HidServ - ok
15:51:23.0140 5184 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:51:23.0281 5184 HidUsb - ok
15:51:23.0312 5184 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:51:23.0437 5184 hkmsvc - ok
15:51:23.0468 5184 [ EA86B5A4909002DF55441D20B9401522 ] hmonitor C:\WINDOWS\system32\drivers\hmonitor.sys
15:51:23.0468 5184 hmonitor ( UnsignedFile.Multi.Generic ) - warning
15:51:23.0468 5184 hmonitor - detected UnsignedFile.Multi.Generic (1)
15:51:23.0468 5184 hpn - ok
15:51:23.0484 5184 hpt3xx - ok
15:51:23.0500 5184 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:51:23.0546 5184 HPZid412 - ok
15:51:23.0562 5184 [ 0D13842210353435FC1FB35CA7807644 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:51:23.0593 5184 HSFHWAZL - ok
15:51:23.0609 5184 [ 8BC605518B1052DB7011E5C4CC8417BF ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:51:23.0671 5184 HSF_DPV - ok
15:51:23.0703 5184 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:51:23.0718 5184 HTTP - ok
15:51:23.0750 5184 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:51:23.0890 5184 HTTPFilter - ok
15:51:23.0890 5184 HWiNFO32 - ok
15:51:23.0906 5184 [ 448BB2FE30F1DDE9EAA4F0E87B52B687 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys
15:51:23.0906 5184 hwinterface ( UnsignedFile.Multi.Generic ) - warning
15:51:23.0906 5184 hwinterface - detected UnsignedFile.Multi.Generic (1)
15:51:23.0921 5184 i2omgmt - ok
15:51:23.0921 5184 i2omp - ok
15:51:23.0953 5184 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:51:24.0093 5184 i8042prt - ok
15:51:24.0125 5184 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\WINDOWS\system32\Drivers\iaStor.sys
15:51:24.0156 5184 iaStor - ok
15:51:24.0187 5184 [ FA3D0A6DA7BB7968EFE5C5BC267F0E55 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:51:24.0187 5184 IBMPMDRV - ok
15:51:24.0218 5184 [ 495F184A29B80B51735BCEE91D84FE8F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
15:51:24.0218 5184 IBMPMSVC - ok
15:51:24.0265 5184 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:51:24.0281 5184 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:51:24.0281 5184 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:51:24.0312 5184 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:51:24.0375 5184 idsvc - ok
15:51:24.0390 5184 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:51:24.0531 5184 Imapi - ok
15:51:24.0562 5184 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:51:24.0703 5184 ImapiService - ok
15:51:24.0718 5184 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys
15:51:24.0750 5184 Impcd - ok
15:51:24.0750 5184 ini910u - ok
15:51:24.0781 5184 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:51:24.0921 5184 IntelIde - ok
15:51:24.0937 5184 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:51:25.0062 5184 intelppm - ok
15:51:25.0140 5184 [ D057DF46B913AC54200DFD0EDB2909CE ] Intuit Entitlement Service v6.0 C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
15:51:25.0140 5184 Intuit Entitlement Service v6.0 ( UnsignedFile.Multi.Generic ) - warning
15:51:25.0140 5184 Intuit Entitlement Service v6.0 - detected UnsignedFile.Multi.Generic (1)
15:51:25.0187 5184 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
15:51:25.0203 5184 IntuitUpdateService - ok
15:51:25.0218 5184 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:51:25.0234 5184 IntuitUpdateServiceV4 - ok
15:51:25.0234 5184 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:51:25.0359 5184 ip6fw - ok
15:51:25.0375 5184 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:51:25.0484 5184 IpFilterDriver - ok
15:51:25.0500 5184 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:51:25.0625 5184 IpInIp - ok
15:51:25.0656 5184 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:51:25.0781 5184 IpNat - ok
15:51:25.0796 5184 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:51:25.0937 5184 IPSec - ok
15:51:25.0937 5184 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
15:51:26.0062 5184 irda - ok
15:51:26.0078 5184 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:51:26.0203 5184 IRENUM - ok
15:51:26.0234 5184 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
15:51:26.0359 5184 Irmon - ok
15:51:26.0375 5184 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:51:26.0515 5184 isapnp - ok
15:51:26.0562 5184 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:51:26.0578 5184 JavaQuickStarterService - ok
15:51:26.0593 5184 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:51:26.0734 5184 Kbdclass - ok
15:51:26.0734 5184 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:51:26.0875 5184 kbdhid - ok
15:51:26.0890 5184 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:51:27.0015 5184 kmixer - ok
15:51:27.0046 5184 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:51:27.0062 5184 KSecDD - ok
15:51:27.0093 5184 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:51:27.0125 5184 lanmanserver - ok
15:51:27.0140 5184 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:51:27.0171 5184 lanmanworkstation - ok
15:51:27.0187 5184 [ 12E54181D584F72296FD6EC72309BD94 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:51:27.0203 5184 LBeepKE - ok
15:51:27.0203 5184 lbrtfdc - ok
15:51:27.0265 5184 [ 54581F1B8A4B517040AD316E5C430A2C ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:51:27.0281 5184 LBTServ - ok
15:51:27.0328 5184 [ 8B5EB24FCE3926128138B769D50CEE1B ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
15:51:27.0343 5184 LENOVO.CAMMUTE - ok
15:51:27.0359 5184 [ 128158D8B1DF639BF3E3FDBCBB64CDAC ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:51:27.0375 5184 LENOVO.MICMUTE - ok
15:51:27.0406 5184 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
15:51:27.0406 5184 lenovo.smi - ok
15:51:27.0437 5184 [ 2A727534372EDE8C0A4EDB1F037A44BF ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:51:27.0437 5184 LEqdUsb - ok
15:51:27.0453 5184 [ 9C694DFC271AC043E4FA8DDF8BB4C57E ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:51:27.0468 5184 LHidEqd - ok
15:51:27.0484 5184 [ 5001C2B3557B53DED02ABED3BCC6FD2D ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:51:27.0500 5184 LHidFilt - ok
15:51:27.0531 5184 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:51:27.0656 5184 LmHosts - ok
15:51:27.0703 5184 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
15:51:27.0734 5184 LMIGuardianSvc - ok
15:51:27.0765 5184 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
15:51:27.0765 5184 LMIInfo - ok
15:51:27.0796 5184 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
15:51:27.0812 5184 LMIMaint - ok
15:51:27.0843 5184 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
15:51:27.0859 5184 lmimirr - ok
15:51:27.0859 5184 LMIRfsClientNP - ok
15:51:27.0875 5184 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
15:51:27.0890 5184 LMIRfsDriver - ok
15:51:27.0906 5184 [ 3AD9369E5D17014971A11728F198994C ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:51:27.0906 5184 LMouFilt - ok
15:51:27.0968 5184 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:51:27.0984 5184 LMS - ok
15:51:28.0015 5184 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
15:51:28.0046 5184 LogMeIn - ok
15:51:28.0078 5184 [ A8E911E5B3F36080C71D30239D137A1A ] mamotou C:\WINDOWS\system32\DRIVERS\mamotou.sys
15:51:28.0093 5184 mamotou ( UnsignedFile.Multi.Generic ) - warning
15:51:28.0093 5184 mamotou - detected UnsignedFile.Multi.Generic (1)
15:51:28.0125 5184 [ 1B467FB39D6EE0E7F1970EEE5FC07121 ] MaVctrl C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
15:51:28.0125 5184 MaVctrl ( UnsignedFile.Multi.Generic ) - warning
15:51:28.0125 5184 MaVctrl - detected UnsignedFile.Multi.Generic (1)
15:51:28.0140 5184 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:51:28.0171 5184 mdmxsdk - ok
15:51:28.0187 5184 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:51:28.0312 5184 Messenger - ok
15:51:28.0343 5184 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:51:28.0453 5184 mnmdd - ok
15:51:28.0484 5184 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:51:28.0609 5184 mnmsrvc - ok
15:51:28.0609 5184 MNSFramework - ok
15:51:28.0625 5184 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:51:28.0765 5184 Modem - ok
15:51:28.0765 5184 motccgp - ok
15:51:28.0781 5184 motccgpfl - ok
15:51:28.0796 5184 MotDev - ok
15:51:28.0796 5184 motmodem - ok
15:51:28.0812 5184 motport - ok
15:51:28.0843 5184 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:51:28.0968 5184 Mouclass - ok
15:51:29.0046 5184 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:51:29.0156 5184 mouhid - ok
15:51:29.0171 5184 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:51:29.0312 5184 MountMgr - ok
15:51:29.0312 5184 mraid35x - ok
15:51:29.0328 5184 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:51:29.0453 5184 MRxDAV - ok
15:51:29.0484 5184 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:51:29.0515 5184 MRxSmb - ok
15:51:29.0546 5184 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:51:29.0671 5184 MSDTC - ok
15:51:29.0703 5184 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:51:29.0828 5184 Msfs - ok
15:51:29.0828 5184 MSIServer - ok
15:51:29.0843 5184 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:51:30.0000 5184 MSKSSRV - ok
15:51:30.0000 5184 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:51:30.0156 5184 MSPCLOCK - ok
15:51:30.0171 5184 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:51:30.0312 5184 MSPQM - ok
15:51:30.0328 5184 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:51:30.0468 5184 mssmbios - ok
15:51:30.0468 5184 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:51:30.0609 5184 MSTEE - ok
15:51:30.0640 5184 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\WINDOWS\system32\drivers\povrtdev.sys
15:51:30.0656 5184 msvad_simple - ok
15:51:30.0671 5184 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:51:30.0687 5184 Mup - ok
15:51:30.0718 5184 [ DF934C2600AA8DED283BE4BC10E4B34F ] mv2 C:\WINDOWS\system32\DRIVERS\mv2.sys
15:51:30.0734 5184 mv2 - ok
15:51:30.0750 5184 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:51:30.0921 5184 NABTSFEC - ok
15:51:30.0953 5184 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:51:31.0125 5184 napagent - ok
15:51:31.0140 5184 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:51:31.0296 5184 NDIS - ok
15:51:31.0328 5184 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:51:31.0500 5184 NdisIP - ok
15:51:31.0515 5184 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:51:31.0546 5184 NdisTapi - ok
15:51:31.0578 5184 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:51:31.0734 5184 Ndisuio - ok
15:51:31.0734 5184 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:51:31.0875 5184 NdisWan - ok
15:51:31.0906 5184 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:51:31.0921 5184 NDProxy - ok
15:51:31.0984 5184 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:51:32.0000 5184 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:51:32.0000 5184 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:51:32.0031 5184 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:51:32.0187 5184 NetBIOS - ok
15:51:32.0218 5184 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:51:32.0390 5184 NetBT - ok
15:51:32.0421 5184 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:51:32.0593 5184 NetDDE - ok
15:51:32.0593 5184 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:51:32.0734 5184 NetDDEdsdm - ok
15:51:32.0750 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:51:32.0921 5184 Netlogon - ok
15:51:32.0968 5184 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:51:33.0109 5184 Netman - ok
15:51:33.0312 5184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:51:33.0328 5184 NetTcpPortSharing - ok
15:51:33.0765 5184 [ 731019BFF8E22E19A9A8857C3452F57C ] NETwNx32 C:\WINDOWS\system32\DRIVERS\Netwxn00.sys
15:51:35.0937 5184 NETwNx32 - ok
15:51:35.0953 5184 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:51:36.0093 5184 NIC1394 - ok
15:51:36.0140 5184 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:51:36.0203 5184 Nla - ok
15:51:36.0250 5184 [ C8F536FB328AFE64A7F18BBFC00B10EE ] nlsvc C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
15:51:36.0343 5184 nlsvc ( UnsignedFile.Multi.Generic ) - warning
15:51:36.0343 5184 nlsvc - detected UnsignedFile.Multi.Generic (1)
15:51:36.0359 5184 [ 3EE27BCFF781F07A12DF75E8BE852B0E ] nltdi C:\WINDOWS\system32\drivers\nltdi.sys
15:51:36.0406 5184 nltdi ( UnsignedFile.Multi.Generic ) - warning
15:51:36.0406 5184 nltdi - detected UnsignedFile.Multi.Generic (1)
15:51:36.0437 5184 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:51:36.0578 5184 nm - ok
15:51:36.0609 5184 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
15:51:36.0625 5184 NPF - ok
15:51:36.0656 5184 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:51:36.0828 5184 Npfs - ok
15:51:36.0859 5184 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
15:51:36.0984 5184 NSCIRDA - ok
15:51:37.0046 5184 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:51:37.0250 5184 Ntfs - ok
15:51:37.0593 5184 [ 8AD12622C7FA674CB9979E3448AB89C6 ] ntk_dtv C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys
15:51:37.0609 5184 ntk_dtv - ok
15:51:37.0625 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:51:37.0765 5184 NtLmSsp - ok
15:51:37.0828 5184 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:51:38.0015 5184 NtmsSvc - ok
15:51:38.0031 5184 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:51:38.0156 5184 Null - ok
15:51:38.0812 5184 [ ED45706A29E5592F328B7970206F31D4 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:51:40.0796 5184 nv - ok
15:51:40.0828 5184 [ 8EB410A64C86D51007687EE00BC2F912 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
15:51:40.0859 5184 NVHDA - ok
15:51:40.0906 5184 [ 3DE292C1AE616DFBBC12C89A1F730127 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
15:51:40.0937 5184 nvsvc - ok
15:51:40.0968 5184 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:51:41.0109 5184 NwlnkFlt - ok
15:51:41.0125 5184 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:51:41.0250 5184 NwlnkFwd - ok
15:51:41.0265 5184 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:51:41.0421 5184 ohci1394 - ok
15:51:41.0500 5184 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:41.0515 5184 ose - ok
15:51:41.0687 5184 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:51:41.0828 5184 Parport - ok
15:51:41.0843 5184 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:51:42.0000 5184 PartMgr - ok
15:51:42.0031 5184 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:51:42.0171 5184 ParVdm - ok
15:51:42.0218 5184 [ B935FC153DF18752402616BA8DBB867C ] PCAMPR5 C:\WINDOWS\system32\PCAMPR5.SYS
15:51:42.0234 5184 PCAMPR5 ( UnsignedFile.Multi.Generic ) - warning
15:51:42.0234 5184 PCAMPR5 - detected UnsignedFile.Multi.Generic (1)
15:51:42.0250 5184 [ 2F9806B52CB3748B1E49222744B28E3C ] PCANDIS5 C:\WINDOWS\system32\PCANDIS5.SYS
15:51:42.0250 5184 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
15:51:42.0250 5184 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
15:51:42.0296 5184 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:51:42.0421 5184 PCI - ok
15:51:42.0421 5184 PCIDump - ok
15:51:42.0453 5184 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:51:42.0593 5184 PCIIde - ok
15:51:42.0625 5184 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:51:42.0765 5184 Pcmcia - ok
15:51:42.0781 5184 PDCOMP - ok
15:51:42.0781 5184 PDFRAME - ok
15:51:42.0796 5184 PDRELI - ok
15:51:42.0796 5184 PDRFRAME - ok
15:51:42.0812 5184 perc2 - ok
15:51:42.0828 5184 perc2hib - ok
15:51:42.0875 5184 [ F9C143FABED28D30372CD5254B8557E6 ] phildecn C:\WINDOWS\system32\DRIVERS\phildecn.sys
15:51:42.0890 5184 phildecn - ok
15:51:42.0921 5184 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:51:42.0953 5184 PlugPlay - ok
15:51:42.0968 5184 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:51:42.0984 5184 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:51:42.0984 5184 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:51:43.0000 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:51:43.0156 5184 PolicyAgent - ok
15:51:43.0187 5184 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:51:43.0343 5184 PptpMiniport - ok
15:51:43.0359 5184 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:51:43.0484 5184 Processor - ok
15:51:43.0500 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:51:43.0625 5184 ProtectedStorage - ok
15:51:43.0656 5184 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\System32\PSIService.exe
15:51:43.0671 5184 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
15:51:43.0671 5184 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
15:51:43.0687 5184 [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
15:51:43.0703 5184 psadd ( UnsignedFile.Multi.Generic ) - warning
15:51:43.0703 5184 psadd - detected UnsignedFile.Multi.Generic (1)
15:51:43.0718 5184 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:51:43.0734 5184 PSI_SVC_2 - ok
15:51:43.0765 5184 [ D7D37D6EB0EDC8F051E9E5C96FEE263A ] pssnap C:\WINDOWS\system32\DRIVERS\pssnap.sys
15:51:43.0765 5184 pssnap - ok
15:51:43.0781 5184 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:51:43.0890 5184 Ptilink - ok
15:51:43.0906 5184 [ 6C1B4DA4388BEFE2DD75875D5D743B43 ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
15:51:43.0921 5184 pwdrvio - ok
15:51:43.0937 5184 [ 2F59E9A21D6FAD7BC7E20BD1E9DE62BA ] pwdspio C:\WINDOWS\system32\pwdspio.sys
15:51:43.0968 5184 pwdspio - ok
15:51:44.0015 5184 [ 5D17052A59754A1C74DA571C27A0557E ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:51:44.0031 5184 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
15:51:44.0031 5184 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
15:51:44.0046 5184 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:51:44.0062 5184 QBFCService ( UnsignedFile.Multi.Generic ) - warning
15:51:44.0062 5184 QBFCService - detected UnsignedFile.Multi.Generic (1)
15:51:44.0140 5184 [ 131FA69F24175796380FA7D534A4B871 ] QBPOSDBServiceV9 C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe
15:51:44.0250 5184 QBPOSDBServiceV9 - ok
15:51:44.0296 5184 [ 25FC19BADF78B7FB1D835AAC4B0B91A5 ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
15:51:44.0359 5184 QBVSS ( UnsignedFile.Multi.Generic ) - warning
15:51:44.0359 5184 QBVSS - detected UnsignedFile.Multi.Generic (1)
15:51:44.0359 5184 ql1080 - ok
15:51:44.0359 5184 Ql10wnt - ok
15:51:44.0375 5184 ql12160 - ok
15:51:44.0375 5184 ql1240 - ok
15:51:44.0375 5184 ql1280 - ok
15:51:44.0406 5184 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:51:44.0515 5184 RasAcd - ok
15:51:44.0546 5184 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:51:44.0687 5184 RasAuto - ok
15:51:44.0703 5184 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:51:44.0796 5184 Rasirda - ok
15:51:44.0812 5184 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:51:44.0937 5184 Rasl2tp - ok
15:51:44.0968 5184 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:51:45.0109 5184 RasMan - ok
15:51:45.0125 5184 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:51:45.0250 5184 RasPppoe - ok
15:51:45.0296 5184 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:51:45.0406 5184 Raspti - ok
15:51:45.0437 5184 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:51:45.0562 5184 Rdbss - ok
15:51:45.0593 5184 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:51:45.0718 5184 RDPCDD - ok
15:51:45.0718 5184 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:51:45.0859 5184 rdpdr - ok
15:51:45.0890 5184 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:51:45.0921 5184 RDPWD - ok
15:51:45.0937 5184 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:51:46.0078 5184 RDSessMgr - ok
15:51:46.0093 5184 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:51:46.0234 5184 redbook - ok
15:51:46.0281 5184 [ 805FF688F3C53AB8028B62CCA3BF4D63 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
15:51:46.0296 5184 ReflectService.exe - ok
15:51:46.0328 5184 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\WINDOWS\system32\drivers\regi.sys
15:51:46.0343 5184 regi - ok
15:51:46.0390 5184 [ 89D87FE52AF0D06B5E56C3517360CDD8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:51:46.0421 5184 RegSrvc - ok
15:51:46.0468 5184 [ 335ADC4CD25E3E08051B916746D1F600 ] Remark FTP Utility C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe
15:51:46.0468 5184 Remark FTP Utility - ok
15:51:46.0500 5184 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:51:46.0656 5184 RemoteAccess - ok
15:51:46.0671 5184 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:51:46.0812 5184 RemoteRegistry - ok
15:51:46.0828 5184 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:51:46.0843 5184 Revoflt - ok
15:51:46.0875 5184 [ 571E6AE8D33F6AAAF342D0919630F901 ] rimspci C:\WINDOWS\system32\DRIVERS\rimspe86.sys
15:51:46.0890 5184 rimspci - ok
15:51:46.0906 5184 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
15:51:47.0031 5184 ROOTMODEM - ok
15:51:47.0062 5184 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
15:51:47.0078 5184 rpcapd - ok
15:51:47.0109 5184 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:51:47.0234 5184 RpcLocator - ok
15:51:47.0296 5184 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:51:47.0328 5184 RpcSs - ok
15:51:48.0031 5184 [ AB913046C995F509BD8BD80C089EA48D ] rpm C:\Program Files\RPM\rpmsrv.exe
15:51:48.0187 5184 rpm ( UnsignedFile.Multi.Generic ) - warning
15:51:48.0187 5184 rpm - detected UnsignedFile.Multi.Generic (1)
15:51:48.0218 5184 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:51:48.0328 5184 RSVP - ok
15:51:48.0343 5184 RTL8187B - ok
15:51:48.0375 5184 [ BA11D5F61A74E156BF6F33DDDD1AD1CE ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
15:51:48.0406 5184 RTL8192su - ok
15:51:48.0500 5184 [ D272FC5581526D8D124C2A1B071FB3EF ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
15:51:48.0562 5184 S24EventMonitor - ok
15:51:48.0578 5184 [ 27FC71DA659305E260ACBDA15A318399 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:51:48.0593 5184 s24trans - ok
15:51:48.0609 5184 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:51:48.0734 5184 SamSs - ok
15:51:48.0765 5184 [ CA57D847403633D0D97114071B59C2B2 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
15:51:48.0796 5184 SbieDrv - ok
15:51:48.0843 5184 [ 5CC11034A2E22DFF623BC922090AEBAB ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
15:51:48.0859 5184 SbieSvc - ok
15:51:48.0890 5184 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:51:49.0031 5184 SCardSvr - ok
15:51:49.0062 5184 [ BC7C602A9202429D37CCD07E7EBB6404 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
15:51:49.0078 5184 SCDEmu - ok
15:51:49.0093 5184 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:51:49.0234 5184 Schedule - ok
15:51:49.0265 5184 [ D1FACB3C7D12F439C18EF01AA88C2A9D ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:51:49.0296 5184 sdbus - ok
15:51:49.0312 5184 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:51:49.0421 5184 Secdrv - ok
15:51:49.0437 5184 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:51:49.0937 5184 seclogon - ok
15:51:49.0953 5184 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:51:50.0078 5184 SENS - ok
15:51:50.0093 5184 [ FABB763BC9CACB020EB8E2F230AB8C66 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:51:50.0125 5184 Ser2pl - ok
15:51:50.0140 5184 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:51:50.0328 5184 serenum - ok
15:51:50.0343 5184 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:51:50.0468 5184 Serial - ok
15:51:50.0500 5184 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:51:50.0625 5184 Sfloppy - ok
15:51:50.0671 5184 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:51:50.0812 5184 SharedAccess - ok
15:51:50.0843 5184 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:51:50.0859 5184 ShellHWDetection - ok
15:51:50.0890 5184 [ BC31655A03D9E9ED6F7116BAFB9B38C7 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
15:51:50.0906 5184 Shockprf - ok
15:51:50.0906 5184 Simbad - ok
15:51:50.0937 5184 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:51:50.0953 5184 SkypeUpdate - ok
15:51:50.0968 5184 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:51:51.0093 5184 SLIP - ok
15:51:51.0125 5184 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
15:51:51.0125 5184 Smapint ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0125 5184 Smapint - detected UnsignedFile.Multi.Generic (1)
15:51:51.0156 5184 [ 9ACBC471D86ED01A6F6BF30394C8ACEF ] smbusp C:\WINDOWS\system32\DRIVERS\intelsmb.sys
15:51:51.0171 5184 smbusp ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0171 5184 smbusp - detected UnsignedFile.Multi.Generic (1)
15:51:51.0187 5184 [ BDC46E011B863B02607DF88771F9BC29 ] SMDRV C:\WINDOWS\system32\drivers\SMDRV.SYS
15:51:51.0187 5184 SMDRV ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0187 5184 SMDRV - detected UnsignedFile.Multi.Generic (1)
15:51:51.0218 5184 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
15:51:51.0234 5184 smihlp - ok
15:51:51.0265 5184 [ A247EF7B238795EBBC33744221A391DE ] SMServer C:\WINDOWS\system32\snmvtsvc.exe
15:51:51.0281 5184 SMServer ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0281 5184 SMServer - detected UnsignedFile.Multi.Generic (1)
15:51:51.0296 5184 smwdm - ok
15:51:51.0328 5184 [ DA44FCEBF4EFB826667ED1FAB6159BEA ] SndTAudio C:\WINDOWS\system32\drivers\SndTAudio.sys
15:51:51.0343 5184 SndTAudio ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0343 5184 SndTAudio - detected UnsignedFile.Multi.Generic (1)
15:51:51.0375 5184 [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto C:\WINDOWS\system32\DRIVERS\Soluto.sys
15:51:51.0375 5184 Soluto - ok
15:51:51.0421 5184 [ 39D0BBAFB94DE8F1D14ABD575EA32381 ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
15:51:51.0437 5184 SolutoLauncherService - ok
15:51:51.0468 5184 [ BCA25A87AD78FEDAC5C5ABD92DB3BECD ] SolutoRemoteService C:\Program Files\Soluto\SolutoRemoteService.exe
15:51:51.0515 5184 SolutoRemoteService ( UnsignedFile.Multi.Generic ) - warning
15:51:51.0515 5184 SolutoRemoteService - detected UnsignedFile.Multi.Generic (1)
15:51:51.0546 5184 [ 34EB2B1D8BB151D10A3F189FE21C9A36 ] SolutoService C:\Program Files\Soluto\SolutoService.exe
15:51:51.0578 5184 SolutoService - ok
15:51:51.0578 5184 Sparrow - ok
15:51:51.0609 5184 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
15:51:51.0625 5184 speedfan - ok
15:51:51.0671 5184 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:51:51.0812 5184 splitter - ok
15:51:51.0828 5184 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:51:51.0859 5184 Spooler - ok
15:51:51.0890 5184 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:51:52.0015 5184 sr - ok
15:51:52.0046 5184 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:51:52.0187 5184 srservice - ok
15:51:52.0203 5184 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:51:52.0234 5184 Srv - ok
15:51:52.0250 5184 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:51:52.0390 5184 SSDPSRV - ok
15:51:52.0406 5184 [ FDAEB4E13915D9096E10A334318481EA ] ssecbus C:\WINDOWS\system32\DRIVERS\ssecbus.sys
15:51:52.0421 5184 ssecbus - ok
15:51:52.0421 5184 [ 58D6E84ECD0AB3B90702BE52ED8718C9 ] ssecmdfl C:\WINDOWS\system32\DRIVERS\ssecmdfl.sys
15:51:52.0437 5184 ssecmdfl - ok
15:51:52.0453 5184 [ 1C559A3E8DE75D68603ED6BFCF7449CF ] ssecmdm C:\WINDOWS\system32\DRIVERS\ssecmdm.sys
15:51:52.0468 5184 ssecmdm - ok
15:51:52.0500 5184 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:51:52.0609 5184 StillCam - ok
15:51:52.0640 5184 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:51:52.0781 5184 stisvc - ok
15:51:52.0796 5184 [ 8AFA1B80366276F8345A6B61E0DF2F3E ] stmtpm C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
15:51:52.0828 5184 stmtpm - ok
15:51:52.0843 5184 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:51:52.0968 5184 streamip - ok
15:51:53.0015 5184 [ 422394FDF08173E04038781AEC0E447C ] STSService C:\Program Files\SoundTaxi Media Suite\STSService.exe
15:51:53.0031 5184 STSService ( UnsignedFile.Multi.Generic ) - warning
15:51:53.0031 5184 STSService - detected UnsignedFile.Multi.Generic (1)
15:51:53.0078 5184 [ ECD5A069C1A1F1E7A10E92DA0DB54D61 ] stunnel C:\Program Files\Stunnel\stunnel.exe
15:51:53.0078 5184 stunnel ( UnsignedFile.Multi.Generic ) - warning
15:51:53.0078 5184 stunnel - detected UnsignedFile.Multi.Generic (1)
15:51:53.0093 5184 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:51:53.0234 5184 swenum - ok
15:51:53.0250 5184 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:51:53.0375 5184 swmidi - ok
15:51:53.0390 5184 SwPrv - ok
15:51:53.0390 5184 SWVNIC - ok
15:51:53.0406 5184 symc810 - ok
15:51:53.0406 5184 symc8xx - ok
15:51:53.0421 5184 sym_hi - ok
15:51:53.0437 5184 sym_u3 - ok
15:51:53.0484 5184 [ 2185CC5BE9922562108CF87F42E4BBAF ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:51:53.0546 5184 SynTP - ok
15:51:53.0562 5184 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:51:53.0687 5184 sysaudio - ok
15:51:53.0718 5184 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:51:53.0859 5184 SysmonLog - ok
15:51:53.0875 5184 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:51:54.0015 5184 TapiSrv - ok
15:51:54.0046 5184 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:51:54.0078 5184 Tcpip - ok
15:51:54.0109 5184 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
15:51:54.0125 5184 TcUsb - ok
15:51:54.0140 5184 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:51:54.0265 5184 TDPIPE - ok
15:51:54.0296 5184 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
15:51:54.0296 5184 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
15:51:54.0296 5184 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
15:51:54.0296 5184 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:51:54.0437 5184 TDTCP - ok
15:51:54.0453 5184 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:51:54.0578 5184 TermDD - ok
15:51:54.0609 5184 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:51:54.0750 5184 TermService - ok
15:51:54.0781 5184 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:51:54.0796 5184 Themes - ok
15:51:54.0796 5184 timounter - ok
15:51:54.0828 5184 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:51:54.0953 5184 TlntSvr - ok
15:51:55.0000 5184 [ 7B1EC7D932018CAE44DA2E2106CBEE44 ] ToolTipFixer C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
15:51:55.0015 5184 ToolTipFixer ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0015 5184 ToolTipFixer - detected UnsignedFile.Multi.Generic (1)
15:51:55.0015 5184 TosIde - ok
15:51:55.0031 5184 [ 17C902C6FD47E0DE6A29EA6312A41EEA ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
15:51:55.0046 5184 Tp4Track ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0046 5184 Tp4Track - detected UnsignedFile.Multi.Generic (1)
15:51:55.0062 5184 [ C5DC9E462407B274B504DE2AA3220C2E ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
15:51:55.0078 5184 TPDIGIMN - ok
15:51:55.0093 5184 [ 4B2F57221E4CA268967EED0C4F2B7726 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
15:51:55.0109 5184 TPHDEXLGSVC - ok
15:51:55.0140 5184 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
15:51:55.0171 5184 TPHKDRV - ok
15:51:55.0218 5184 [ 1DBF0267CEBF80F0BD24DFE895367DB5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
15:51:55.0234 5184 TPHKLOAD - ok
15:51:55.0250 5184 [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:51:55.0265 5184 TPHKSVC - ok
15:51:55.0281 5184 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
15:51:55.0296 5184 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0296 5184 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
15:51:55.0312 5184 [ 8D6678AAAB7CA42A71999E7B931CDF1D ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
15:51:55.0328 5184 TPPWR ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0328 5184 TPPWR - detected UnsignedFile.Multi.Generic (1)
15:51:55.0343 5184 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:51:55.0484 5184 TrkWks - ok
15:51:55.0500 5184 [ 9016639C71328E4667D06119937AA20A ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
15:51:55.0515 5184 trufos - ok
15:51:55.0562 5184 [ F48BABF1CC195A33D3BC959A3478A8D1 ] ts_lb C:\WINDOWS\system32\drivers\ts_lb.sys
15:51:55.0578 5184 ts_lb - ok
15:51:55.0593 5184 tvMobiliService - ok
15:51:55.0609 5184 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:51:55.0750 5184 Udfs - ok
15:51:55.0750 5184 ultra - ok
15:51:55.0781 5184 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
15:51:55.0781 5184 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
15:51:55.0781 5184 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
15:51:55.0875 5184 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:51:55.0968 5184 UNS - ok
15:51:56.0000 5184 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:51:56.0140 5184 Update - ok
15:51:56.0203 5184 [ 3CC00597A30B23757AA23CB677918BEF ] Update Server C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
15:51:56.0218 5184 Update Server - ok
15:51:56.0281 5184 [ 03579BEC2E930B92EFD6D4E7F899CFF5 ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
15:51:56.0281 5184 UPDATESRV - ok
15:51:56.0312 5184 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
15:51:56.0312 5184 UPHClean ( UnsignedFile.Multi.Generic ) - warning
15:51:56.0312 5184 UPHClean - detected UnsignedFile.Multi.Generic (1)
15:51:56.0359 5184 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:51:56.0500 5184 upnphost - ok
15:51:56.0515 5184 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:51:56.0640 5184 UPS - ok
15:51:56.0671 5184 [ EFFAF949D2E4026FB3A75689DF7CF01A ] USB-100 C:\WINDOWS\system32\DRIVERS\USBKR100.SYS
15:51:56.0687 5184 USB-100 ( UnsignedFile.Multi.Generic ) - warning
15:51:56.0687 5184 USB-100 - detected UnsignedFile.Multi.Generic (1)
15:51:56.0703 5184 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:51:56.0843 5184 usbaudio - ok
15:51:56.0859 5184 [ D9F3BB7C292F194F3B053CE295754EB8 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
15:51:56.0875 5184 usbbus ( UnsignedFile.Multi.Generic ) - warning
15:51:56.0875 5184 usbbus - detected UnsignedFile.Multi.Generic (1)
15:51:56.0890 5184 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:51:57.0015 5184 usbccgp - ok
15:51:57.0062 5184 [ C4F77DA649F99FAD116EA585376FC164 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
15:51:57.0078 5184 UsbDiag ( UnsignedFile.Multi.Generic ) - warning
15:51:57.0078 5184 UsbDiag - detected UnsignedFile.Multi.Generic (1)
15:51:57.0109 5184 [ A09173673303D72C64A16FB7FAC74BD1 ] USBDLM C:\Program Files\USBDLM\USBDLM.exe
15:51:57.0125 5184 USBDLM ( UnsignedFile.Multi.Generic ) - warning
15:51:57.0125 5184 USBDLM - detected UnsignedFile.Multi.Generic (1)
15:51:57.0140 5184 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:51:57.0281 5184 usbehci - ok
15:51:57.0296 5184 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:51:57.0437 5184 usbhub - ok
15:51:57.0437 5184 [ C0613CE45E617BC671DE8EBB1B30D175 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
15:51:57.0453 5184 USBModem ( UnsignedFile.Multi.Generic ) - warning
15:51:57.0453 5184 USBModem - detected UnsignedFile.Multi.Generic (1)
15:51:57.0453 5184 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:51:57.0593 5184 usbprint - ok
15:51:57.0593 5184 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:51:57.0734 5184 usbscan - ok
15:51:57.0750 5184 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:51:57.0875 5184 USBSTOR - ok
15:51:57.0875 5184 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:51:58.0000 5184 usbuhci - ok
15:51:58.0015 5184 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:51:58.0140 5184 usbvideo - ok
15:51:58.0203 5184 [ 71867D71C0D15CE63B8621DC41421F6F ] uvnc_service C:\Program Files\UltraVNC\WinVNC.exe
15:51:58.0312 5184 uvnc_service - ok
15:51:58.0343 5184 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:51:58.0468 5184 VgaSave - ok
15:51:58.0468 5184 ViaIde - ok
15:51:58.0500 5184 [ 303F1100F686453DE134FE9DEBB431FC ] vmfilter323 C:\WINDOWS\system32\drivers\vmfilter323.sys
15:51:58.0687 5184 vmfilter323 - ok
15:51:58.0703 5184 [ B67632451F760797BB183E1FB99F4B39 ] vnccom C:\WINDOWS\system32\Drivers\vnccom.SYS
15:51:58.0703 5184 vnccom ( UnsignedFile.Multi.Generic ) - warning
15:51:58.0703 5184 vnccom - detected UnsignedFile.Multi.Generic (1)
15:51:58.0718 5184 [ 4EC979B157D1AA075330362ACB5424E5 ] vncdrv C:\WINDOWS\system32\DRIVERS\vncdrv.sys
15:51:58.0734 5184 vncdrv ( UnsignedFile.Multi.Generic ) - warning
15:51:58.0734 5184 vncdrv - detected UnsignedFile.Multi.Generic (1)
15:51:58.0734 5184 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:51:58.0875 5184 VolSnap - ok
15:51:58.0906 5184 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:51:59.0031 5184 VSS - ok
15:51:59.0046 5184 VSSERV - ok
15:51:59.0062 5184 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:51:59.0203 5184 W32Time - ok
15:51:59.0234 5184 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:51:59.0359 5184 Wanarp - ok
15:51:59.0375 5184 [ 4C0B8EF721783F52F8E531FBDC4B1F74 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:51:59.0500 5184 wceusbsh - ok
15:51:59.0531 5184 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:51:59.0562 5184 Wdf01000 - ok
15:51:59.0578 5184 WDICA - ok
15:51:59.0593 5184 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:51:59.0718 5184 wdmaud - ok
15:51:59.0734 5184 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:51:59.0890 5184 WebClient - ok
15:51:59.0921 5184 [ 9AD66687D0753B14E24CC2D4982927B7 ] WebDriveFSD C:\Program Files\WebDrive\wdfsd.sys
15:51:59.0937 5184 WebDriveFSD - ok
15:51:59.0984 5184 [ 6820484B9C655B0F7C780CC3C557F516 ] WebDriveService C:\Program Files\WebDrive\wdService.exe
15:52:00.0062 5184 WebDriveService - ok
15:52:00.0093 5184 [ E08CA06BD56B66D6565123445ADB37A6 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:52:00.0140 5184 winachsf - ok
15:52:00.0187 5184 [ 451F905BC7BFF9E1CFF2E7AE76196B2C ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
15:52:00.0218 5184 WinDriver6 - ok
15:52:00.0265 5184 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:52:00.0421 5184 winmgmt - ok
15:52:00.0453 5184 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:52:00.0468 5184 WinUSB - ok
15:52:00.0515 5184 [ DDA0A4CCAA58CFD178771F268E23F88C ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
15:52:00.0546 5184 WLANKEEPER - ok
15:52:00.0562 5184 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:52:00.0593 5184 WmdmPmSN - ok
15:52:00.0640 5184 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:52:00.0687 5184 Wmi - ok
15:52:00.0718 5184 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:52:00.0859 5184 WmiAcpi - ok
15:52:00.0890 5184 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:52:01.0046 5184 WmiApSrv - ok
15:52:01.0078 5184 [ BE35756C940B30B8C173E910EECE175B ] wovad_micarray C:\WINDOWS\system32\drivers\womic.sys
15:52:01.0093 5184 wovad_micarray ( UnsignedFile.Multi.Generic ) - warning
15:52:01.0093 5184 wovad_micarray - detected UnsignedFile.Multi.Generic (1)
15:52:01.0109 5184 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:52:01.0125 5184 WpdUsb - ok
15:52:01.0218 5184 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:52:01.0265 5184 WPFFontCache_v0400 - ok
15:52:01.0296 5184 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:52:01.0437 5184 WS2IFSL - ok
15:52:01.0468 5184 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:52:01.0625 5184 wscsvc - ok
15:52:01.0640 5184 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:52:01.0812 5184 WSTCODEC - ok
15:52:01.0843 5184 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:52:01.0906 5184 wuauserv - ok
15:52:01.0921 5184 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:52:01.0968 5184 WudfPf - ok
15:52:01.0968 5184 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:52:01.0984 5184 WudfRd - ok
15:52:02.0000 5184 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:52:02.0031 5184 WudfSvc - ok
15:52:02.0062 5184 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:52:02.0234 5184 WZCSVC - ok
15:52:02.0250 5184 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:52:02.0406 5184 xmlprov - ok
15:52:02.0437 5184 [ 53E9AE94C9F8D0CB29BAC368A2DE0AD2 ] ZSMC326 C:\WINDOWS\system32\Drivers\usbvm323.sys
15:52:02.0453 5184 ZSMC326 - ok
15:52:02.0500 5184 ================ Scan global ===============================
15:52:02.0515 5184 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:52:02.0546 5184 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:52:02.0578 5184 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:52:02.0593 5184 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:52:02.0593 5184 [Global] - ok
15:52:02.0593 5184 ================ Scan MBR ==================================
15:52:02.0609 5184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:52:03.0171 5184 \Device\Harddisk0\DR0 - ok
15:52:03.0171 5184 ================ Scan VBR ==================================
15:52:03.0187 5184 [ 20B5E3FEAF69D067F2BCD754E6238689 ] \Device\Harddisk0\DR0\Partition1
15:52:03.0187 5184 \Device\Harddisk0\DR0\Partition1 - ok
15:52:03.0203 5184 [ 627D700195F48507B6C3B345B6EC8843 ] \Device\Harddisk0\DR0\Partition2
15:52:03.0203 5184 \Device\Harddisk0\DR0\Partition2 - ok
15:52:03.0218 5184 [ 6986BB08000E1D5DFD001F32E770BA48 ] \Device\Harddisk0\DR0\Partition3
15:52:03.0234 5184 \Device\Harddisk0\DR0\Partition3 - ok
15:52:03.0234 5184 ============================================================
15:52:03.0234 5184 Scan finished
15:52:03.0234 5184 ============================================================
15:52:03.0359 5208 Detected object count: 51
15:52:03.0359 5208 Actual detected object count: 51
15:53:36.0671 5208 AgereSoftModem ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0671 5208 AgereSoftModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0671 5208 AnyDVD ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0671 5208 AnyDVD ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0687 5208 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0687 5208 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0687 5208 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0687 5208 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0687 5208 Cwbrxd ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0687 5208 Cwbrxd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0703 5208 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0703 5208 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0703 5208 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0703 5208 EterlogicVirtualSerialDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0703 5208 FJTWMKSV ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0703 5208 FJTWMKSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0718 5208 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0718 5208 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0718 5208 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0718 5208 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0718 5208 hmonitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0718 5208 hmonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0734 5208 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0734 5208 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0734 5208 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0734 5208 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0734 5208 Intuit Entitlement Service v6.0 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0734 5208 Intuit Entitlement Service v6.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0750 5208 mamotou ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0750 5208 mamotou ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0750 5208 MaVctrl ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0750 5208 MaVctrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0750 5208 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0750 5208 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0765 5208 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0765 5208 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0765 5208 nltdi ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0765 5208 nltdi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0765 5208 PCAMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0765 5208 PCAMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0781 5208 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0781 5208 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0781 5208 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0781 5208 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0781 5208 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0781 5208 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0796 5208 psadd ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0796 5208 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0796 5208 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0796 5208 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0796 5208 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0796 5208 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 rpm ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 rpm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 smbusp ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 smbusp ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SMDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SMDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SMServer ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SMServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SndTAudio ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SndTAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 SolutoRemoteService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 SolutoRemoteService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 STSService ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 STSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 stunnel ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 stunnel ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 ToolTipFixer ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 ToolTipFixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 Tp4Track ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 Tp4Track ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 TPPWR ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 TPPWR ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0812 5208 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0812 5208 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 USB-100 ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 USB-100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 usbbus ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 usbbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 UsbDiag ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 UsbDiag ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 USBDLM ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 USBDLM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 USBModem ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 USBModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 vnccom ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 vnccom ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 vncdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 vncdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:53:36.0828 5208 wovad_micarray ( UnsignedFile.Multi.Generic ) - skipped by user
15:53:36.0828 5208 wovad_micarray ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#7
godawgs
Posted 28 January 2013 - 10:31 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thank you godawgs for taking my case

You are welcome.

I have been reading your post. It starts out by asking me to post the Extras.txt file that OTL created. On my first run of OTL.exe it didn't create a file called Extras.txt. It did create a file called OTL.txt. I did post that on my first post. I don't think you need it again but I will post it again in the interest of following instructions.

Actually you didn't post the OTL.txt log from the first run.....you posted it from the 4th run.

OTL logfile created on: 1/24/2013 10:52:44 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dnload\SpywareRemovers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

I still need to see the Extras.txt log so we will do it a different way. You also posted 2 TDSSKiller logs, but not the RKreport.txt log from the RogueKiller scan.

Please make sure you have done the following things and we will continue:

1.
Re-open OTL in the C:\Dnload\SpywareRemovers folder and click the CleanUp button.

2.
IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

3.
Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

Now let's get a new OTL scan with the Extras.txt log. I have changed the settings so please read the instructions carefully. It may help to print them out or save them to a text file.

Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.*
/md5stop
DRIVES


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Do Not click the box beside Include 64bit Scans at the top of the console.
  • In the Extra Registry section, click the box beside Use Safelist<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your next reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file


Step-2.

I want to see the RKreport.txt file from the RogueKiller scan. It should be located on the desktop. If it isn't, go back to Step 3 in post #2 and re-run RogueKiller.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The Extras.txt log
3. The RKreport.txt log
  • 0

#8
docfxit
Posted 29 January 2013 - 05:01 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL logfile created on: 1/29/2013 1:55:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 52.72% Memory free
3.77 Gb Paging File | 2.71 Gb Available in Paging File | 71.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.17 Gb Free Space | 61.00% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 15:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe
PRC - [2013/01/10 11:08:58 | 001,229,296 | ---- | M] (Soluto) -- c:\Program Files\Soluto\Soluto.exe
PRC - [2013/01/09 04:10:54 | 006,326,272 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2012/12/16 03:25:20 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/12/12 20:30:26 | 000,278,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/04 09:43:30 | 001,851,192 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2012/09/30 23:23:54 | 000,150,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/25 22:30:50 | 000,706,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\7113d7b0d1ab8e22518f1eee04bd79dc\SolutoCleanup.ni.dll
MOD - [2013/01/25 22:30:49 | 000,681,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\a510bee3c1e6633374c7e0457a9c2afb\PCGDataAggregation.ni.dll
MOD - [2013/01/25 22:30:47 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5900fea26dfbf076656a76a6ec415ceb\PCGBootVisualizingCore.ni.dll
MOD - [2013/01/25 22:30:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\7b20a2b2de746f4c0a34427668eb3379\Interop.NetFwTypeLib.ni.dll
MOD - [2013/01/25 22:30:45 | 000,295,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\324504aa08dd894d6fcbc1288b2abc65\PCGCatalogItemFootprint.ni.dll
MOD - [2013/01/25 22:30:44 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\d1c3fff5ca7b6984f2813356395b9460\PCGBrowsersProbe.ni.dll
MOD - [2013/01/25 22:30:43 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\b7ffb1db04e5c25f69195285145102b3\PCGSAProbe.ni.dll
MOD - [2013/01/25 22:30:42 | 000,087,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\f5c8bdcc4b6d1bcb4854c677d75b1dbf\PCGCatalogItemCache.ni.dll
MOD - [2013/01/25 22:30:42 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\25b4b05f3611cb0f83ee288e91a888b5\PCGEntities.ni.dll
MOD - [2013/01/25 22:30:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\f407b1a910fedc713a6b844835b90900\PCGClientCommunication.ni.dll
MOD - [2013/01/25 22:30:39 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\00776f9637ef2b01424c9ae44af55a43\PCGUpgrader.ni.dll
MOD - [2013/01/25 22:30:39 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\5d0f966d27eb030ad1144bf7313165b1\SolutoUpdateService.ni.dll
MOD - [2013/01/25 22:30:38 | 002,044,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\49aed0293596cb41b3b9383c3bf54548\SolutoService.ni.exe
MOD - [2013/01/25 22:30:28 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\ec81ad124f2887749a29bf67d72e47c1\PCGPostBootResources.ni.dll
MOD - [2013/01/25 22:30:28 | 000,052,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\ea6ef3d32d5e28268377ff81fed27395\PCGHIDProbe.ni.dll
MOD - [2013/01/25 22:30:27 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\32937b6110f36171106fc3a9bc4b397e\Community.CsharpSqlite.ni.dll
MOD - [2013/01/25 22:30:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\1ff918080005699a4427ae446d120182\PCGRSPProbe.ni.dll
MOD - [2013/01/25 22:30:25 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\35c49945a5328be7e77060795d7ba080\PCGWuInfo.ni.dll
MOD - [2013/01/25 22:30:25 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\9e0ee4ac48824decaf0cd3ac91bcf8dc\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/01/25 22:30:25 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\a178291dc42211f27ccb0269049e2bcb\PCGUsersCenter.ni.dll
MOD - [2013/01/25 22:30:23 | 000,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\83169f5e6f353146ec154409dd7d6790\PCGAppControlPluginLoader.ni.dll
MOD - [2013/01/25 22:30:21 | 003,509,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\9ab766011f90c5409cf010140f869f37\PCGClientCommon.ni.dll
MOD - [2013/01/25 22:30:18 | 000,157,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\d3d76007ccd5a9a77c9669a66d6a58ab\PCGBootVisualizingCommon.ni.dll
MOD - [2013/01/25 22:30:17 | 000,222,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ae4cd0b5747ac822681efb22bda4bb79\PCGDriverProbe.ni.dll
MOD - [2013/01/25 22:30:15 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\391d5b3caf3cf0c71211ea165940949f\PCGConfiguration.ni.dll
MOD - [2013/01/25 22:30:14 | 002,617,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\68fa02e189ba72c91b4a13ffcf8fbab9\PCGDatabase.ni.dll
MOD - [2013/01/25 22:30:14 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\90d790910714eac292348c0c844d8a74\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/25 22:30:11 | 001,538,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\d0055ecdbb5ca8e75ddb4926d14f7a84\PCGAzureShared.ni.dll
MOD - [2013/01/25 22:30:11 | 000,048,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\fbd0db0b6165668a622cc8c38e904144\PCGAzureEntityFramework.ni.dll
MOD - [2013/01/25 22:30:10 | 001,196,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\c19bb8498c051b00555763e3a38d56bc\PCGCommunication.ni.dll
MOD - [2013/01/25 22:30:08 | 001,707,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\fdbcaf85353f2c586634f7b575893baa\PCGPreCompiled.ni.dll
MOD - [2013/01/25 22:29:48 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\5e6ee9397825b25e4543c094f400c859\Ionic.Zip.Reduced.ni.dll
MOD - [2013/01/25 22:29:48 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\d6afbc7f7cba70db9b20564440f44622\PCGPrestoSerializer.ni.dll
MOD - [2013/01/25 22:29:46 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2013/01/25 22:29:45 | 002,128,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\7071c2f7ad720d29b2a539184a94fc12\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/01/25 22:29:44 | 002,727,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\6af740b77febde5f102725c19f6cc107\PCGFramework.ni.dll
MOD - [2013/01/25 22:29:40 | 001,620,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\3523ca400bc7eef91481b1577d3cbf6c\Soluto.ni.exe
MOD - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2013/01/10 10:33:28 | 000,077,880 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2013/01/10 10:33:28 | 000,049,720 | R--- | M] () -- C:\Program Files\Soluto\PCGDeviceScanLib.dll
MOD - [2012/12/12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:33 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:05:01 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:01:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/11/27 09:00:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/27 07:20:13 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 10:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/01/10 10:33:28 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/23 21:54:04 | 002,033,400 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Program Files\ultravnc\winvnc.exe -- (uvnc_service)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/30 23:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\timntr.sys -- (timounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swvnic.sys -- (SWVNIC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/12/16 03:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/18 01:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 01:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 01:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/09/10 22:50:22 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/05/17 08:14:29 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/13 10:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Firefox\components [2013/01/25 21:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/01/18 17:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2012/12/31 16:00:02 | 000,000,162 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [atr.exe] File not found
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe (Individual Software, Inc.)
O4 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk = C:\Program Files\SpyTheSpy\SpyTheSpy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.micr...dd/clearadj.CAB (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/01/27 15:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
[2013/01/26 22:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\TortoiseSVN
[2013/01/26 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\TSVNCache
[2013/01/26 22:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2013/01/26 22:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TortoiseSVN
[2013/01/26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2013/01/26 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2013/01/26 14:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC_1.1.8
[2013/01/26 08:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime Alternative
[2013/01/26 08:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/01/26 08:34:38 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QTCF.dll
[2013/01/26 08:34:38 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013/01/26 08:34:38 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2013/01/26 08:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013/01/26 08:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\Logishrd
[2013/01/26 08:20:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/25 23:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/25 23:11:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/25 23:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/25 22:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2013/01/25 22:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/01/25 22:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013/01/25 22:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2013/01/25 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/25 22:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/01/25 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/01/25 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/25 21:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2013/01/25 21:38:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2013/01/18 06:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/01/17 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpyTheSpy
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyTheSpy
[2013/01/17 11:19:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/17 11:19:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/17 11:19:07 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/10 15:07:24 | 000,013,432 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/08 10:15:01 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/01/08 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/02 15:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2013/01/02 15:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\NCH Software Suite
[2013/01/02 15:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\NCH Software
[2012/12/31 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\WO Mic Client
[2012/12/31 20:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\WOMic
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe

========== Files - Modified Within 30 Days ==========

[2013/01/29 13:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/29 08:01:45 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/28 14:16:55 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/28 14:16:49 | 002,555,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/28 14:16:18 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/01/28 14:15:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/28 14:15:04 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 15:22:50 | 000,002,992 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/01/26 19:48:29 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/26 08:21:45 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/01/25 23:17:20 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/01/25 23:04:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/25 22:44:45 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2013/01/25 22:44:04 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:31:04 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/25 22:28:48 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/25 22:14:21 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/25 21:58:39 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/25 21:26:55 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/25 21:26:55 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/25 21:24:02 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/25 21:24:02 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 09:51:38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/18 09:33:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/01/18 06:52:01 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 17:46:22 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/01/17 12:50:57 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/10 15:07:24 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/10 15:05:56 | 000,054,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2013/01/08 10:14:14 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/01/08 10:14:14 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/01/03 17:55:18 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2013/01/02 15:47:54 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/31 16:00:02 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2013/01/26 08:02:53 | 001,120,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/25 22:44:04 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:44:04 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/01/25 22:36:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Update Checker.lnk
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 21:58:39 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2013/01/18 06:52:01 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 12:50:57 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 16:16:37 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/10 15:05:56 | 000,054,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/08 10:10:42 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #2.lnk
[2013/01/08 10:10:33 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #3.lnk
[2013/01/08 10:10:30 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #4.lnk
[2013/01/08 10:10:27 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #5.lnk
[2013/01/02 15:44:34 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2013/01/02 15:44:34 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0404.dll
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0404.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0C0A.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0410.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0409.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0407.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0C0A.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0419.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0410.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0407.dll
[2012/12/05 08:28:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0411.dll
[2012/12/05 08:28:44 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0419.dll
[2012/12/05 08:28:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0804.dll
[2012/12/05 08:28:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0409.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0412.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0411.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0804.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0412.dll
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/09/24 07:21:03 | 000,197,659 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498655.bdinstall.bin
[2012/09/24 06:52:44 | 000,060,826 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498180.bdinstall.bin
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/13 10:13:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DDF800369E.sys
[2012/06/12 16:36:03 | 000,313,900 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1339543597.bdinstall.bin
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/06/01 10:12:21 | 000,369,332 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338566755.bdinstall.bin
[2012/06/01 07:04:50 | 000,098,465 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338562424.bdinstall.bin
[2012/06/01 06:31:24 | 000,366,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338559386.bdinstall.bin
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 16:46:01 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F96E50C605.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/24 16:51:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0DF62F3DE1.sys
[2012/04/20 21:05:05 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9D3D1C15A6.sys
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/29 19:53:44 | 000,444,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330569044.bdinstall.bin
[2012/02/29 17:35:50 | 000,139,870 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330559400.bdinstall.bin
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/27 19:02:35 | 000,171,164 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327718518.bdinstall.bin
[2012/01/27 16:23:43 | 000,302,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327708936.bdinstall.bin
[2012/01/27 09:20:01 | 000,617,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327682970.bdinstall.bin
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/12/17 09:15:18 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0782A18B0A.sys
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/25 13:17:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A4DABE9A09.sys
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/31 08:31:08 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\587E447A25.sys
[2011/08/26 08:54:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\51B05C58E0.sys
[2011/08/23 21:38:41 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1617EC5C27.sys
[2011/08/22 08:46:49 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\215AFABA7D.sys
[2011/08/15 11:31:05 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B21765FADC.sys
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/06/16 06:14:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D09F512B2C.sys
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/12 21:24:48 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/12 21:24:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ECB69BB7BF.sys
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\Ÿ9Ÿ9
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/13 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bitdefender
[2008/07/09 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Individual Software
[2008/08/11 07:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Locktime
[2008/08/19 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\r2 Studios
[2013/01/27 16:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2008/07/09 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\URSoft
[2008/07/09 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/01/29 08:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/25 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/11/28 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2012/10/29 07:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2012/11/20 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ASPNET\Application Data\VERITAS
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2008/07/09 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/25 22:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/01/29 09:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2013/01/26 22:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2012/10/29 07:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon
[2011/05/12 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2008/07/09 14:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Interactive Studios
[2008/07/09 06:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Spearit
[2013/01/17 15:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBPOSDBSrvUser\Application Data\Spearit
[2008/07/09 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBPOSDBSrvUser\Application Data\VERITAS
[2011/12/17 09:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Foxit Software
[2011/12/17 08:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Lenovo
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Spearit
[2008/07/09 14:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\VERITAS

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) -- C:\AUTOCHK.EXE

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/07/03 16:15:12 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=D999CF40BD4EEB69FAB32069CA9D65B1 -- C:\Program Files\UpdatePack-Files\SP3QFE\explorer.exe

< MD5 for: SERVICES >
[2001/08/18 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
[2012/11/28 10:54:04 | 002,525,272 | ---- | M] () MD5=EA8F282BEAC3ECDAEC1076C76C677685 -- C:\Program Files\Wireshark\services

< MD5 for: SERVICES._ >
[2004/08/12 05:05:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES._
[2001/08/18 04:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.CSS >
[2009/08/31 15:07:44 | 000,011,359 | ---- | M] () MD5=7A8415047C36FC8CB9137D6280E5305E -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\Help\services.css
[2011/08/19 20:25:04 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\QuickBooks 2012\Components\Services\services.css

< MD5 for: SERVICES.DLL >
[2006/11/24 15:19:24 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\WINDOWS\system32\tvia\local\collect\services.dll

< MD5 for: SERVICES.EX_ >
[2001/08/18 04:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\I386\SERVICES.EX_
[2008/04/14 01:42:36 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/12/24 04:35:14 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=357F8FBE36D514F1FFF7D731CB61A9AB -- C:\Program Files\UpdatePack-Files\SP3QFE\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.HTML >
[2012/05/30 19:34:56 | 000,109,895 | ---- | M] () MD5=27C527CBCA5F2A406A8705400A044C5C -- C:\Program Files\Android\android-sdk\docs\guide\topics\fundamentals\services.html
[2004/04/05 10:08:46 | 000,001,469 | ---- | M] () MD5=946647C766B08D2393EE47837D676181 -- C:\Program Files\TuneXP\docs\services.html

< MD5 for: SERVICES.JAVA >
[2012/05/30 19:50:45 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\Program Files\Android\android-sdk\sources\android-15\org\apache\harmony\security\fortress\Services.java

< MD5 for: SERVICES.LNK >
[2012/05/07 12:43:15 | 000,001,612 | ---- | M] () MD5=EBB4C737C277C6FCAE0310FF4BD77F82 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.LST >
[2005/08/10 15:28:07 | 000,076,632 | ---- | M] () MD5=64107E3C030A2AE5BA2F9119C61E8A32 -- C:\Program Files\IP-Tools\SERVICES.LST

< MD5 for: SERVICES.MS_ >
[2004/08/12 05:05:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES.MS_
[2001/08/18 04:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2001/08/23 04:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.MSC.LNK >
[2012/10/10 08:37:43 | 000,001,455 | ---- | M] () MD5=B83543A01C747EE66A9D108442A15510 -- C:\Documents and Settings\Gary\Desktop\services.msc.lnk

< MD5 for: SERVICES.PLT >
[2009/09/01 13:25:10 | 000,000,097 | ---- | M] () MD5=F6BF633EA2A36B743B47163F9E78B8B3 -- C:\Program Files\NetView\Portlist\TCP\services.plt

< MD5 for: SERVICES.RDB >
[2012/08/13 09:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 09:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 14:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2008/10/03 11:54:32 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\Program Files\UpdatePack-Files\SP3QFE\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/24 13:50:16 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\Program Files\UpdatePack-Files\SP3QFE\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9500420AS
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 70.00GB
Starting Offset: 215033978880
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 195.00GB
Starting Offset: 290373763072
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
  • 0

#9
docfxit
Posted 29 January 2013 - 05:08 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL Extras logfile created on: 1/29/2013 1:55:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 52.72% Memory free
3.77 Gb Paging File | 2.71 Gb Available in Paging File | 71.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.17 Gb Free Space | 61.00% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Value error.
htmlfile [print] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [Command Prompt] -- cmd.exe /k "cd\" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [opennew] -- explorer.exe /e, %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9220:TCP" = 9220:TCP:*:Enabled:HP 9220
"9500:TCP" = 9500:TCP:*:Enabled:Hp 9500
"9290:TCP" = 9290:TCP:*:Enabled:HP 9290
"161:UDP" = 161:UDP:*:Enabled:Hp 161
"427:UDP" = 427:UDP:*:Enabled:Hp 427
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
"5901:TCP" = 5901:TCP:*:Enabled:UltraVNCTCP5901
"5902:TCP" = 5902:TCP:*:Enabled:UltraVNCTCP5902
"5903:TCP" = 5903:TCP:*:Enabled:UltraVNCTCP5903
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"5500:TCP" = 5500:TCP:*:Enabled:vnc5500
"8000:UDP" = 8000:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8004:UDP" = 8004:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8005:UDP" = 8005:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8006:UDP" = 8006:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8007:UDP" = 8007:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8008:UDP" = 8008:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8009:UDP" = 8009:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"5060:UDP" = 5060:UDP:*:Enabled:Express Talk Sip Incoming Calls (UDP)
"8585:TCP" = 8585:TCP:*:Enabled:Port Tester 8585
"5060:TCP" = 5060:TCP:*:Enabled:Express Talk 5060 tcp
"5070:UDP" = 5070:UDP:*:Enabled:Express Talk Sip Incoming Calls (UDP) 5070
"8010:UDP" = 8010:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8010
"8011:UDP" = 8011:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8011
"8012:UDP" = 8012:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8012
"8013:UDP" = 8013:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8013
"8014:UDP" = 8014:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8014
"8015:UDP" = 8015:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8015
"8016:UDP" = 8016:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8016
"8017:UDP" = 8017:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8017
"8018:UDP" = 8018:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8018
"8019:UDP" = 8019:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8019
"8020:UDP" = 8020:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP) 8020
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\NCH Swift Sound\Talk\talk.exe" = C:\Program Files\NCH Swift Sound\Talk\talk.exe:*:Enabled:Express Talk -- (NCH Software)
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\AboutTime\AboutTime.exe" = C:\Program Files\AboutTime\AboutTime.exe:*:Enabled:AboutTime cient/server -- ()
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Port Detective\PBDClient.exe" = C:\Program Files\Port Detective\PBDClient.exe:*:Enabled:PBDClient -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\WebDrive\webdrive.exe" = C:\Program Files\WebDrive\webdrive.exe:*:Enabled:WebDrive Application -- (South River Technologies, LLC)
"C:\Program Files\WebDrive\wdService.exe" = C:\Program Files\WebDrive\wdService.exe:*:Enabled:WebDrive Service -- (South River Technologies, LLC)
"C:\Program Files\PCmover\pcmover.exe" = C:\Program Files\PCmover\pcmover.exe:*:Enabled:PCmover -- (Laplink Software Inc.)
"C:\Program Files\MyLanViewer\MyLanViewer.exe" = C:\Program Files\MyLanViewer\MyLanViewer.exe:*:Enabled:MyLanViewer -- (S.K. Software)
"C:\Excursion9.5\mIRC.ExCurSioN.exe" = C:\Excursion9.5\mIRC.ExCurSioN.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Pumpkin\PumpKIN.exe" = C:\Program Files\Pumpkin\PumpKIN.exe:*:Enabled:PumpKIN, tftp client/daemon -- (Klever Group (http://www.klever.net/))
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\EftSvr.exe" = C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\EftSvr.exe:LocalSubNet:Enabled:EFT server for QBPOS 9.0 -- (Intuit Inc.)
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe" = C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe:LocalSubNet:Enabled:Image Server for QBPOS 9.0 -- (Intuit Inc.)
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe" = C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgrN10.exe:LocalSubNet:Enabled:Database manager for QBPOS 9.0 -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgr10.exe" = C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBDBMgr10.exe:LocalSubNet:Enabled:Database manager for QBPOS 9.0 -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\QuickBooks 2012\QBDBMgrN.exe" = C:\Program Files\QuickBooks 2012\QBDBMgrN.exe:*:Enabled:QuickBooks 2012 Data Manager -- (Intuit, Inc.)
"C:\Program Files\OmniPage18\OmniPage18.exe" = C:\Program Files\OmniPage18\OmniPage18.exe:*:Enabled:Nuance OmniPage 18 Application -- (Nuance Communications, Inc.)
"C:\Program Files\OmniPage18\PPMV.exe" = C:\Program Files\OmniPage18\PPMV.exe:*:Enabled:Nuance Activation -- (Nuance Communications, Inc.)
"C:\Program Files\OmniPage18\Ereg\Ereg.exe" = C:\Program Files\OmniPage18\Ereg\Ereg.exe:*:Enabled:Nuance Electronic Registration -- (Nuance Communications, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Dnload\solutoinstaller-_wGf57ZsCa4g.exe" = C:\Dnload\solutoinstaller-_wGf57ZsCa4g.exe:*:Enabled:SolutoInstaller -- (Soluto Inc)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe" = C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe:LocalSubNet:Enabled:Intuit Entitlement Service v6.0 -- (Intuit, Inc.)
"C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe" = C:\Program Files\DirecTV\DirecTV\DIRECTV2PC™.exe:*:Enabled:DIRECTV2PC™ -- (DIRECTV Corp.)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\Gary\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Gary\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\UltraVNC_1.0.9.6.2\vncviewer.exe" = C:\Program Files\UltraVNC_1.0.9.6.2\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\RPM\RpmSrv.exe" = C:\Program Files\RPM\RpmSrv.exe:*:Enabled:RPM Remote Print Manager -- (Brooks Internet Software, Inc.)
"C:\Dnload\SpywareRemovers\Soluto 1.3.1122.0solutoinstaller.exe" = C:\Dnload\SpywareRemovers\Soluto 1.3.1122.0solutoinstaller.exe:*:Enabled:SolutoInstaller -- (Soluto Inc)
"C:\Program Files\Soluto\SolutoCleanup.exe" = C:\Program Files\Soluto\SolutoCleanup.exe:*:Enabled:Soluto Cleanup -- (Soluto)
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\UltraVNC_1.1.8\vncviewer.exe" = C:\Program Files\UltraVNC_1.1.8\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6
"_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = Corel WinDVD Pro 11
"{{59CC9AFB-B09E-4EAB-9254-58F40C3C3B42}}" = HP LaserJet Enterprise 600 M601, M602 & M603 printer series
"{}_is1" = Ares 3.1.5.3033
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04EB530D-EFBE-4624-BC83-611E557B9F03}" = STM TPM Driver 1.0.4.15 - 32 bits
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{069793F3-E123-47B9-88DB-5DE76FF32ADB}" = WordPerfect Office X6 - Quattro Pro Files
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086026D0-B765-4C19-8654-43D0E110F5E5}" = VersaCheck Platinum 2010
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09D0C408-70CE-4740-9DC0-C5AD931350EA}" = MyLanViewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}" = FreeUndelete 2.1.36867.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}" = WordPerfect Office X6 - WT
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F940225-6B4F-4CD6-BC82-9D317E6FB875}" = UEStudio v6.60
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}" = WordPerfect Office X6 - Quattro Pro Files English
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{12D6B000-AF62-481C-8F6A-A000C8408A11}" = Microsoft Tool Web Package : XCACLS.EXE
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19E22296-D4A5-4C71-9BBD-597A3CBAB9A8}" = QB Desktop Repair Utility
"{1B69C960-0ACF-4CC4-B17A-782C7C06CCEA}" = Lantronix CPR 4.3.0.1 (x86)
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = WordPerfect Office IFilter 32-bit
"{1E772CEC-0B8C-4FCC-8D5D-8FB0F40882C8}" = NetBIOS Browsing Console
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{1F9EB8D8-D9EA-4F94-8272-614B9EF1A00B}" = Device Manager
"{1FAF4E00-1546-4EE2-AC15-2B355311D847}" = reVue
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{22AEBB42-0993-11D4-B43D-00A0C9E3CFC3}_is1" = RPM Select 5.0.70.3
"{230100D9-27B4-49A3-A30F-D44B51EF56AA}" = WordPerfect Office X6 - IPM
"{242365CD-80F2-11D2-989A-00C04F7978A9}" = Windows 2000 Support Tools
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{26D6D2A4-F08A-4212-86E7-7F1F75033610}" = WordPerfect Office X6 - Setup Files
"{29A5CB55-3657-412D-A56A-6AE557AC686D}" = SyncSquare
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{29D3773E-54F4-23C2-D523-236A4453B845}_is1" = FileAlyzer 2
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012
"{2E5C5BC1-9285-45DA-8885-29AFEA541C52}" = Setup
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{30D81BE6-916F-4B57-9EB5-87C1868D9489}" = SciTE Text Editor
"{30EFFF0C-573D-46FB-8AD5-20040829261A}" = Auth Diagnostics 1.0 (x86)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{315FE707-7A15-4B1B-8C5A-955428AAA01D}" = WordPerfect Office X6 - Common Files
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" = Leawo Video Converter version 5.2.0.1
"{349CCD80-9501-11D5-9DDE-0050049AEDF1}" = ReplayTV Photo Transfer 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36820BCA-FC55-452E-9085-6E6F1F55508D}" = VIMICRO USB2.0 PC Camera (VC0323)
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D6A9515-F1B3-4581-BB37-65CD7328BF99}" = PCmover Professional
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.82
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4218F0E1-CBAF-4D68-B6FE-B3504770829F}" = AutoStreamer
"{4255CB85-BD13-48F4-B19F-CEE148C25814}" = TortoiseSVN 1.7.11.23600 (32 bit)
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{440F51A9-8CA3-41D7-AFD5-F47820895949}" = WordPerfect Office X6 - Lightning Files
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}" = tsWebEditor 2x
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49D9EC38-D9F2-45EB-B0D2-BC0A16D10CF6}" = Intel® PROSet/Wireless WiFi Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{52098B97-6309-43F4-9C16-1A7524FE9AFA}" = Microsoft Group Policy Management Console with SP1
"{5248DF85-F55D-4F84-A08F-3B323DB036B8}" = ThinkVantage Fingerprint Software
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54BED071-DC6A-4968-9ADD-A59229EA4722}" = Mobile Net Switch
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{560C6F9C-8D5E-4EAF-B408-98850E5DF49C}" = Nuance OmniPage 18
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5849AFE4-802B-4C4D-A79F-F988C2BB7A7F}" = Corel WinDVD
"{58D97B2A-2C1E-4828-8747-09E791B30A64}" = Scanner Utility for Microsoft Windows V10L21
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5F63FCC9-6D5B-4604-A3E0-545005B157AC}" = HomeSeer 2.1
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{6015BBBE-1CF7-414B-B910-379A1DE4B475}" = CT-S310 x32 v1581
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = Active@ UNDELETE
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MergeModules
"{70C4E840-DAB4-11DF-5F90-014727066952}" = CommView
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{74916048-E806-4840-A92E-BAE10CBC7353}" = SecureZIP for Windows 12.10.0011
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7AD55FAD-1247-462B-8BA4-31550728E7D4}" = XMLValidator4UE
"{7ADFB43D-DA70-44AB-877A-4A4CAE63F706}" = IBM High Rate Wireless LAN MiniPCI Card
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7E9BFFEE-F30A-4151-84F9-6D1652E97608}" = EZPrint 400
"{80D9FFC9-40D4-4D79-90A9-18C3B3373267}" = Acom Solutions File Transfer Utility
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}" = WordPerfect Office X6 - System Files
"{82A34D1B-A36C-4B53-BFC8-2F3FDB32CFD9}" = IPM
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{853D931D-43CF-4E4B-B018-E003A7F6EDE1}" = QuickBooks Point of Sale 9.0
"{8679D366-D73F-4303-92F7-853B13C1F424}" = Microangelo On Display
"{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}" = WordPerfect Office X6 - Presentations Files English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87BB4097-8385-4DF9-8350-74EA7F3D696E}" = update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{88E7FC62-7948-4262-93E2-1D0B1E992C84}" = PowerAlert Network Management Software
"{890EB1AC-E88D-4E74-B0B6-66A0FF05C929}" = Remark Office OMR 7.0.3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8959569B-D9BA-43A9-972A-D509EE7D4BA9}" = WordPerfect Office X6 - Oxford
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C4592C6-29CC-11D5-95C7-0004ACFE3ABF}" = IBM ThinkPad Access Support
"{8C9DCE36-A270-4740-8084-A27B48C2F83E}" = MX-850 Editor
"{8D1AA5F7-CF6B-40F1-A783-2E19E384E1B0}" = Microsoft Tool Web Package:Diruse.exe
"{8EFD2704-C390-4C2D-8D94-E28B707FF691}" = Soluto
"{8F3F769D-E9C4-42E5-9B35-82DDCE0790C1}" = Virtual Serial Ports Emulator
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95392E65-0900-0001-3030-1EEC2624019E}" = InterVideo Promotion Agent
"{98FE7A01-F441-46A6-BCDF-097FC2DCDB98}" = UltraVnc
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}" = ICA
"{9A9ED54A-0FAB-4D34-A3B9-F6C659E1F898}" = CopyProfile
"{9B58AA53-6EB9-405E-AB6B-6B83C16235F1}" = American Greetings CreataCard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = EnGenius 11n USB Wireless LAN Driver and Utility
"{9E87B846-1F6A-49D0-9216-3135A654403E}" = iDo Wedding Couple Edition
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F2FBE99-AD71-4E0C-ACB1-2B681A5D83BF}_is1" = LookDisk version 5.5
"{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1" = MPEG Video Wizard DVD 5.0.0.109 (08/2010)
"{A0A9B9F5-541F-4F41-9F45-91E855D61FBE}" = TV Translator Configuration Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35F88E5-A813-400C-AB99-09F5F5CDD2EC}" = PTDD Partition Table Doctor 3.5
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1" = Pegasus Mail HTML Renderer 2.4.7.2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2011 Home Edition
"{AC2B5E76-1D1C-4A62-87C2-82AA8925CFC8}_is1" = MiniTool Partition Wizard Professional Edition 7.1
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.86
"{B0816C25-1B71-4276-A1AB-72116652906C}" = Codec Install
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
"{B27CF766-C0B4-4591-9E7C-832CD1CE7466}" = Redirector
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.35
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.35
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access ThinkPad
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB6F2DF7-EB91-4FFE-844E-174A25C655CE}" = Image Rescue
"{BCD2FF98-7DF2-4FE2-B7E3-9593C5D66A4E}_is1" = Iconoid version 3.8.6
"{BD4C5764-0DAF-4721-AF6E-6E556EA6E60A}" = ScanTool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2924E73-F1A6-47D6-8630-7CC210197B07}" = WordPerfect Office X6
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.42
"{C4D92146-95DE-415A-99CC-51FBFF7C10CF}" = WordPerfect Office X6 - Lightning Files English
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FIRE GL driver for 3D Studio MAX/VIZ
"{C71067FC-288F-4E0B-88C6-44DFDA8311E2}" = System Requirements Lab for Intel
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C9601EF7-606D-4873-94BD-8B149D5D1666}" = Mobile Net Switch
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.0.7.7076
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC148AD3-E83E-4408-9461-ADB336D60B2B}" = Remark Office OMR 8.4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC7CBA47-302D-4677-A2D0-2597364F68BE}" = BillSerialAnalyser
"{CCADD122-70A5-47A6-8722-1BD5267B85F5}" = WordPerfect Office X6 - WordPerfect Files
"{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}" = WordPerfect Office X6 - WordPerfect Files English
"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0A8011B-9697-4EC5-A2FB-9750D4508FC2}" = Access IBM and Access ThinkPad Customization Tool 3.5
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1F90B49-0660-4F8B-9671-113FFF304C00}" = AsaLogViewer
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D8803C57-E348-11D1-B2B4-00805F367152}" = Hand Held Products Visual Menu
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{DB8604B1-E716-4825-9CE4-D04505FF19CA}" = Macrium Reflect Free Edition
"{DC1D37EC-34AA-42C5-AFA9-C3CA98952D76}" = Diagnostic Tool for the Microsoft VM
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E1AF3785-AA77-471E-ABC5-4C2B459B877A}" = WordPerfect Office X6 - Common Files English
"{E268ADBD-A002-4684-AEDF-EA0F83F7E00B}" = WOL Magic Packet Sender
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E8DA0DB7-51C7-4D47-A9FC-51F206ED0045}" = MapSource - City Select North America v7
"{E925148C-4B26-41A5-A323-4BCC877E871E}" = Indecka Software Currency Converter
"{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}" = WordPerfect Office X6 - Presentations Files
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.4.1.0
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EEF130E5-FC17-4EA8-8796-2F422AC7D7D8}" = NMapWin
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel® PROSet
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{EF96C08B-0734-4320-80C9-022E807C4596}" = Remark Office OMR 7.0.3 HotFix
"{EFE4D343-324E-4402-A5F9-46139CB87CC1}" = PromiScan ver.3.0
"{F08E87FD-F62B-4BAC-A2D6-A94755653F30}" = WebDrive
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4CCAADE-11E7-4ADB-8A9F-4C4CD82F9FC0}" = ezCheckPrintingBiz
"{F62C8188-DA37-41C5-A565-2056F33A3FFB}_is1" = UltraVNC v1.0
"{F665C0D9-D110-4E21-A073-952057C7ADB1}" = PTDD Super Fdisk 1.0
"{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}" = FUJITSU Scanner USB HotFix
"{F85902DB-38E0-4360-A5A2-9CD66EDDECBA}_is1" = WebCopier Pro 5.0
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{FA169886-39E7-4E82-8A4B-7BFF831E702B}" = FLScan
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FBD6E8F5-2D14-40A8-BFD6-275DBC3688BB}" = AutoIt Debugger GUI
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"7-Zip" = 7-Zip 9.22beta
"A2E63BDAC649E514867CB43CE0B4F9DB111206C2" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"AboutTime_is1" = AboutTime
"Active Ports" = Active Ports
"Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"Altap Salamander 2.52" = Altap Salamander 2.52
"Altap Salamander 2.54" = Altap Salamander 2.54
"American Airlines PocketFly (sm) Timetable_is1" = American Airlines PocketFly (sm) Timetable
"Android SDK Tools" = Android SDK Tools
"AnyTime Organizer" = AnyTime Organizer
"ATI Display Driver" = ATI Display Driver
"AutoIt Debugger" = AutoIt Debugger 0.45.1
"AutoItv3" = AutoIt v3.3.8.1
"AutoItv3beta" = AutoIt v3.3.9.4 (Beta)
"AVIcodec" = AVIcodec (remove only)
"BeeLineGPS" = BeeLineGPS
"Belarc Advisor" = Belarc Advisor 8.3
"BHODemon_is1" = BHODemon 2.0.0.23
"Bitdefender" = Bitdefender Antivirus Plus 2012
"BitTornado" = BitTornado 0.3.18
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCE SP Trial Version" = CCE SP Trial Version
"CCleaner" = CCleaner
"ClientAccessExpress" = IBM AS/400 Client Access Express for Windows
"ClipX" = ClipX
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Colasoft Capsa Professional_is1" = Colasoft Capsa Professional
"Corpscon for Windows" = Corpscon for Windows
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.20
"CSEHTMLVALIDATOR80_is1" = CSE HTML Validator Professional v8.04 Trial
"CyberTweak_is1" = CyberTweak Version 1.3 Final
"DAZzle" = DAZzle
"dBpowerAMP Windows Media Audio 9 Codec" = dBpowerAMP Windows Media Audio 9 Codec
"Digital Media Converter_is1" = Digital Media Converter 2.72
"docXConverter3_is1" = docXConverter 3.1.3
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DSL Speed V7.1_is1" = DSL Speed V7.1
"DUMeter3_is1" = DU Meter
"DVD2SVCD Software Bundle_is1" = DVD2SVCD 1.2.3 Build 1
"DVDGenie" = DVD Genie (remove only)
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"EasyBCD" = EasyBCD 2.1.2
"ERUNT_is1" = ERUNT 1.1j
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.3.926
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Excursion 9.5" = Excursion 9.5
"EZWebCon" = EZWebCon
"EZWebCon V1.1/6" = EZWebCon V1.1/6
"File Audit_is1" = File Audit Version 1
"File Recover_is1" = File Recover 7.5
"filehippo.com" = FileHippo.com Update Checker
"FlashGet" = FlashGet 1.9.6.1073
"FlashGet(JetCar)" = FlashGet(JetCar)
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Phantom" = Foxit Phantom
"Foxit Reader_is1" = Foxit Reader
"FreePOPs" = NSIS FreePOPs (remove only)
"FTD2XX" = FTDI FTD2XX USB Drivers
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GSAK" = GSAK 6.5.2 Build 16
"GSAK_is1" = GSAK 7.7.1.34 (Final)
"GSmartControl" = GSmartControl
"GTK2-Runtime" = GTK2-Runtime
"Hardware sensors monitor 4.4_is1" = Hardware sensors monitor 4.4
"Hardware sensors monitor 4.5_is1" = Hardware sensors monitor 4.5
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HotFax MessageCenter" = HotFax MessageCenter
"HotKeyBind_is1" = HotKeyBind 1.2
"HotKeyz_is1" = HotKeyz 2.8.3
"HP LaserJet 9000 Uninstaller" = HP LaserJet 8150 Uninstaller
"IconSaver" = IconSaver
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InCtrl5" = InCtrl5
"InfoRapid Search & Replace" = InfoRapid Search & Replace
"InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}" = DIRECTV2PC Playback Advisor
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{7ADFB43D-DA70-44AB-877A-4A4CAE63F706}" = IBM High Rate Wireless LAN MiniPCI Card
"InstallShield_{890EB1AC-E88D-4E74-B0B6-66A0FF05C929}" = Remark Office OMR 7.0.3
"InstallShield_{CC148AD3-E83E-4408-9461-ADB336D60B2B}" = Remark Office OMR 8.4
"InstallShield_{E8DA0DB7-51C7-4D47-A9FC-51F206ED0045}" = MapSource - City Select North America v7
"InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}" = DIRECTV2PC™
"InstallShield_{EEF130E5-FC17-4EA8-8796-2F422AC7D7D8}" = NMapWin
"InstallShield_{EF96C08B-0734-4320-80C9-022E807C4596}" = Remark Office OMR 7.0.3 HotFix
"IrfanView" = IrfanView (remove only)
"JBidwatcher_0" = JBidwatcher 2
"JBidwatcher_1" = JBidwatcher 2.1.3
"JetBlue Electronic Timetable" = JetBlue Electronic Timetable
"Jetsoft Art-Copy 7.6 - Business" = Jetsoft Art-Copy 7.6 - Business
"jv16 PowerTools 2011" = jv16 PowerTools 2012
"Karen's WhoIs" = Karen's WhoIs
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.4 (Full)
"Legacy 7.5" = Legacy 7.5
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LookDisk" = LookDisk
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaInfo" = MediaInfo 0.7.7.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"MoffCalc2_is1" = Moffsoft Calculator 2
"Moonlight MPEG-2 Decoder Pack 2.1.4316" = Moonlight MPEG-2 Decoder Pack
"Moonlight MPEG-2 Encoder Std 3.2.1" = Moonlight MPEG-2 Encoder Std
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MPEG Video Wizard 2003" = MPEG Video Wizard 2003
"Mpeg Video Wizard DVD 5.0" = MPEG Video Wizard DVD 5.0.0.109 (08/2010)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"MyPorts_is1" = MyPorts - build 2.01.03 - If an older version of MyPorts is alr
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"NeoTrace Pro 3.25" = NeoTrace Pro 3.25
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NewsBin5" = NewsBin Pro V5
"NirSoft ShellExView" = NirSoft ShellExView
"nLite_is1" = nLite 1.4.9.1
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"N-View3.x" = Network Monitor N-View 3.x
"OnScreenDisplay" = On Screen Display
"OpenSSL Light (32-bit)_is1" = OpenSSL 1.0.1b Light (32-bit)
"Parse-O-Matic_is1" = POMPT 4.03.07
"PC Viewer" = PC Viewer 4CH ENG 2.6.9.0.1
"pdfFactory Pro" = pdfFactory Pro
"pdfFactory Pro (3.x)" = pdfFactory Pro (3.x)
"PE Builder_is1" = PE Builder 3.1.10a
"Pegasus Mail" = Pegasus Mail
"PerfectCuts (Preview)_is1" = PerfectCuts 5.1.2 (Preview)
"PerfectCuts_is1" = PerfectCuts 5.1.2
"Port" = Port Detective
"PortInfo and the CTS Serial Port Utilities (Trial Version)" = PortInfo and the CTS Serial Port Utilities (Trial Version)
"Power Management Driver" = ThinkPad Power Management Driver
"PowerISO" = PowerISO
"PowerZip_is1" = PowerZip 7.21
"Privoxy" = Privoxy 3.0.6
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PROSet" = Intel® Network Connections Drivers
"Que - Americas Basemap" = Que - Americas Basemap
"Quick Info Version 1.8" = Quick Info Version 1.8
"Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RADVideo" = RAD Video Tools
"Remind-Me" = Remind-Me
"Repeat Dialer" = Repeat Dialer
"Sandboxie" = Sandboxie 3.76 (32-bit)
"Savings Bond Wizard" = Savings Bond Wizard
"SciTE4AutoIt3" = SciTE4AutoIt3 6/10/2012
"SEF4_is1" = SizeExplorer Free 4.1
"ShellExView" = ShellExView
"Shortcuts Map" = Shortcuts Map 2.3
"SmartDraw 7" = SmartDraw 7
"smartmontools" = smartmontools
"Software Informer_is1" = Software Informer 1.2
"Software Operation Panel" = Software Operation Panel
"SoundTaxi_is1" = SoundTaxi 4.1.5
"sp6" = Logitech SetPoint 6.51
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"Spell Catcher Plus" = Spell Catcher Plus 3.10.2a9 Build #2174
"SpyTheSpy_is1" = SpyTheSpy
"Startup Delayer" = Startup Delayer v3.0 (build 326)
"STMediaSuite" = SoundTaxi Media Suite 4.1.5
"stunnel" = stunnel
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"System Commander" = System Commander
"System Stability Tester" = System Stability Tester 0.9.0
"Talk" = Express Talk
"TamoSoft CommView 6" = TamoSoft CommView
"The JPEG Wizard2" = Pegasus Imaging Corp. "The JPEG Wizard2"
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"TheBook 4.1" = TheBook 4.1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TJPingPro" = TJPingPro 1.2.1
"ToolBox" = NCH Toolbox
"ToolTipFixer" = ToolTipFixer 2.0
"Total Uninstall 6_is1" = Total Uninstall 6.2.2
"TrackPoint" = IBM TrackPoint Support
"Trillian" = Trillian
"TuneXP_1.5" = TuneXP 1.5
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"tvMobili" = tvMobili
"Ultr@Vnc SCWIZ (Wizard)" = Ultr@Vnc SCWIZ (Wizard)
"Ultravnc2_is1" = UltraVnc
"United EasySchedule for Pocket PC_is1" = United EasySchedule for Pocket PC
"Unknown Device Identifier_is1" = Unknown Device Identifier 8.00
"Unlocker" = Unlocker 1.9.1
"Unrestrict PDF" = Unrestrict PDF
"VideoPerformer" = VideoPerformer
"VLC media player" = VLC media player 1.1.11
"VMidi" = vanBasco's Karaoke Player
"vTuner Plus" = vTuner Plus
"VuePrint" = VuePrint
"VueScan" = VueScan
"WavePad" = WavePad Sound Editor
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WhoCrashed_is1" = WhoCrashed 2.10
"WildPackets EtherPeek NX 2.1 Demo" = WildPackets EtherPeek NX 2.1 Demo
"WindowFX" = WindowFX
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-3
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WinSnap" = WinSnap
"Wireshark" = Wireshark 1.8.4 (32-bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WOMic" = WO Mic Client
"WoodCalc Version 2.0" = WoodCalc Version 2.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoiper" = Zoiper
"ZoneLog Analyser_is1" = ZoneLog 1.19

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a894f106efa22a0b" = Code Compare - 1
"JoinMe" = join.me
"magicJack" = magicJack
"Puzzle Pirates" = Puzzle Pirates
"WinImage" = WinImage

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 1/28/2013 6:07:29 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description =

Error - 1/28/2013 6:07:29 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description = Printer VersaCheck Printer failed to initialize because a suitable
Apple Color LaserWriter 12/600 driver could not be found.

Error - 1/28/2013 6:15:45 PM | Computer Name = DOCFXITLT | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 1/28/2013 6:15:45 PM | Computer Name = DOCFXITLT | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 1/28/2013 6:16:05 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description = Printer \\ATU1277\OFFICEPRT failed to initialize because a suitable
HP LaserJet 4050 Series PCL6 driver could not be found.

Error - 1/28/2013 6:16:05 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description = Printer AnyTime PDF Creator failed to initialize because a suitable
Amyuni Document Converter 2.50 driver could not be found.

Error - 1/28/2013 6:16:05 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description = Printer Auto HP LaserJet 4050 Series on ATUUSER4 failed to initialize
because a suitable HP LaserJet 4050 Series PCL driver could not be found.

Error - 1/28/2013 6:16:05 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description = Printer Auto HP LaserJet 8150 Series on ATUUSER4 failed to initialize
because a suitable HP LaserJet 8150 Series PS driver could not be found.

Error - 1/28/2013 6:16:06 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description =

Error - 1/28/2013 6:16:06 PM | Computer Name = DOCFXITLT | Source = Print | ID = 23
Description = Printer VersaCheck Printer failed to initialize because a suitable
Apple Color LaserWriter 12/600 driver could not be found.


< End of report >
  • 0

#10
docfxit
Posted 29 January 2013 - 05:17 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 01/27/2013 16:09:03
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService ("C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe" /SERVICE) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D} : NameServer (66.51.205.100,66.51.206.100) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A} : NameServer (66.51.205.100,66.51.206.100) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D} : NameServer (66.51.205.100,66.51.206.100) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A} : NameServer (66.51.205.100,66.51.206.100) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7FB2)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B8A76)
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BB972)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BA1F2)
SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B9740)
SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BA8EA)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B8CCC)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B8D82)
SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B906A)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7922)
SSDT[66] : NtDeviceIoControlFile @ 0x80579268 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BAA5A)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BED3A)
SSDT[84] : NtFsControlFile @ 0x8057929C -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BAD12)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B8428)
SSDT[105] : NtMakeTemporaryObject @ 0x805BC5DC -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BB70E)
SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B9538)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BE792)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B8E3C)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BEA42)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7E36)
SSDT[180] : NtQueueApcThread @ 0x805D2756 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B8B9E)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BB55C)
SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BA360)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B9CF4)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BB5E6)
SSDT[210] : NtSecureConnectPort @ 0x805A3D6C -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BA77A)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7A92)
SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BB4B6)
SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B8618)
SSDT[249] : NtShutdownSystem @ 0x80612FAE -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BB678)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7D0E)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7BE8)
SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B89A8)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BE68A)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BEF2C)
SSDT[262] : NtUnloadDriver @ 0x80584306 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42BB7A4)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B77A6)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B738E)
S_SSDT[322] : NtUserCallNoParam -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7596)
S_SSDT[323] : NtUserCallOneParam -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B74E8)
S_SSDT[347] : NtUserDdeSetQualityOfService -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B72F4)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7290)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B7122)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B70BE)
S_SSDT[460] : NtUserMessageCall -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B6DC8)
S_SSDT[475] : NtUserPostMessage -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B6BCE)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B6C4E)
S_SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B6E50)
S_SSDT[502] : NtUserSendInput -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B6B7C)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B6252)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (\??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys @ 0xB42B66E0)
_INLINE_ : NtOpenKey -> HOOKED (\??\C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xB17EEAB9)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xB86B3C50)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

75.79.156.56 atu1277.com
75.79.6.149 theoffice.la


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 1cd29ca3d699ec0c136d62add7757f54
[BSP] d99343246a1bb87c7af2f8abfa32a72b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 205072 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419988240 | Size: 71849 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 567136256 | Size: 200017 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01272013_02d1609.txt >>
RKreport[1]_S_01272013_02d1609.txt
  • 0

Advertisements

#11
docfxit
Posted 29 January 2013 - 05:30 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Thank you for helping resolve this issue.

I'm sorry I posted the wrong report. The only thing I can think of is the last time this happened in 2010 when I ran OTL I'm guessing I didn't run the cleanup to remove the old files and reset it back to run 1.

I see a number of things that need cleaning up. I will not do it on my own per your instructions. When you are ready for me to I'd be happy to clean them up.

Thank you for your time.

Docfxit
  • 0

#12
godawgs
Posted 30 January 2013 - 02:58 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

The aswMBR and TDSSKiller scans are clean. So I don't see anything wrong with the master boot record and TDSSKiller doesn't show any rootkit infection.

You have the following Peer-to-Peer program(s) installed:

BitTornado 0.3.18

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in red.


Step-1.

Optional Removals

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

BitTornado 0.3.18

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\BitTornado
C:\Documents and Settings\Gary\Application Data\.BitTornado

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.micr...dd/clearadj.CAB (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us...nfo/webscan.cab (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0404.dll
[2012/12/05 08:28:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0404.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0C0A.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0410.dll
[2012/12/05 08:28:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\filx4ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0409.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0407.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0C0A.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0419.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0416.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0410.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex040C.dll
[2012/12/05 08:28:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0407.dll
[2012/12/05 08:28:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0411.dll
[2012/12/05 08:28:44 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0419.dll
[2012/12/05 08:28:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0804.dll
[2012/12/05 08:28:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0409.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0412.dll
[2012/12/05 08:28:44 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0411.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\filx4ex0804.dll
[2012/12/05 08:28:44 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\fi6110ex0412.dll
[2012/06/13 10:13:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\DDF800369E.sys
[2012/04/27 16:46:01 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\F96E50C605.sys
[2012/04/24 16:51:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0DF62F3DE1.sys
[2012/04/20 21:05:05 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9D3D1C15A6.sys
[2011/12/17 09:15:18 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0782A18B0A.sys
[2011/09/25 13:17:39 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A4DABE9A09.sys
[2011/08/31 08:31:08 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\587E447A25.sys
[2011/08/26 08:54:51 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\51B05C58E0.sys
[2011/08/23 21:38:41 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1617EC5C27.sys
[2011/08/22 08:46:49 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\215AFABA7D.sys
[2011/08/15 11:31:05 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B21765FADC.sys
[2011/06/16 06:14:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D09F512B2C.sys
[2010/11/12 21:24:48 | 000,003,140 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/12 21:24:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\ECB69BB7BF.sys
[2012/10/29 07:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

:FILES
ipconfig /flushdns /c

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = DWORD:0

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Virustotal File Upload:

We need to have some files scanned.

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Program Files\RemindMe\RemindMe.exE
    C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe
    C:\Program Files\Photo Album 6.7z
    C:\WINDOWS\System32\smfaxmon.dll
    C:\WINDOWS\is-PPJSS.exe
    C:\Documents and Settings\Gary\abbrev.properties
    C:\Documents and Settings\Gary\au3UserAbbrev.properties
    C:\WINDOWS\90C7D912BE2316.sys
    C:\Documents and Settings\Gary\.deskmetrics
    C:\Program Files\Logger Pro 3
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 6 for each file listed.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
3. The VirusTotal results or links
4. How is the computer running now?
  • 0

#13
docfxit
Posted 30 January 2013 - 11:34 AM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
All processes killed
========== COMMANDS ==========
Error creating restore point.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {43E3F87D-DE7F-4087-BD4F-0DC854981158}
C:\WINDOWS\Downloaded Program Files\ClearAdjust2.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ not found.
Starting removal of ActiveX control {44990301-3C9D-426D-81DF-AAB636FA4345}
C:\WINDOWS\Downloaded Program Files\tgctlsr.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control {7B297BFD-85E4-4092-B2AF-16A91B2EA103}
C:\WINDOWS\Downloaded Program Files\webscan.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B297BFD-85E4-4092-B2AF-16A91B2EA103}\ not found.
Starting removal of ActiveX control {DE22A7AB-A739-4C58-AD52-21F9CD6306B7}
C:\WINDOWS\Downloaded Program Files\clearadj.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled\ deleted successfully.
File Protocol\Handler\AutorunsDisabled - No CLSID value found not found.
C:\WINDOWS\system32\filx4ex0404.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0404.dll moved successfully.
C:\WINDOWS\system32\filx4ex0C0A.dll moved successfully.
C:\WINDOWS\system32\filx4ex0410.dll moved successfully.
C:\WINDOWS\system32\filx4ex040C.dll moved successfully.
C:\WINDOWS\system32\filx4ex0416.dll moved successfully.
C:\WINDOWS\system32\filx4ex0409.dll moved successfully.
C:\WINDOWS\system32\filx4ex0407.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0C0A.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0419.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0416.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0410.dll moved successfully.
C:\WINDOWS\system32\fi6110ex040C.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0407.dll moved successfully.
C:\WINDOWS\system32\filx4ex0411.dll moved successfully.
C:\WINDOWS\system32\filx4ex0419.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0804.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0409.dll moved successfully.
C:\WINDOWS\system32\filx4ex0412.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0411.dll moved successfully.
C:\WINDOWS\system32\filx4ex0804.dll moved successfully.
C:\WINDOWS\system32\fi6110ex0412.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\DDF800369E.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\F96E50C605.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\0DF62F3DE1.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\9D3D1C15A6.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\0782A18B0A.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\A4DABE9A09.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\587E447A25.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\51B05C58E0.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\1617EC5C27.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\215AFABA7D.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\B21765FADC.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\D09F512B2C.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\ECB69BB7BF.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A303874F deleted successfully.
ADS C:\WINDOWS\system32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD} deleted successfully.
ADS C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\cmd.bat deleted successfully.
C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\"DisableSR" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr\\"Start" | DWORD:0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1048576 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 5606132 bytes
->Flash cache emptied: 1465 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: ASPNET
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Gary
->Temp folder emptied: 175675 bytes
->Temporary Internet Files folder emptied: 1203812 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100614613 bytes
->Flash cache emptied: 57719 bytes

User: GaryT
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 1279 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: QBPOSDBSrvUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: scans
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 344511 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 66016 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 68494824 bytes

Total Files Cleaned = 170.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01302013_090943

Files\Folders moved on Reboot...
C:\Documents and Settings\Gary\Local Settings\Temp\WCESLog.log moved successfully.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#14
docfxit
Posted 30 January 2013 - 11:35 AM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL logfile created on: 1/30/2013 9:20:43 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 50.49% Memory free
3.77 Gb Paging File | 2.75 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.21 Gb Free Space | 61.02% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 15:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe
PRC - [2013/01/10 11:08:58 | 001,229,296 | ---- | M] (Soluto) -- c:\Program Files\Soluto\Soluto.exe
PRC - [2013/01/09 04:10:54 | 006,326,272 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2012/12/16 03:25:20 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/12/12 20:30:26 | 000,278,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/04 09:43:30 | 001,851,192 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2012/09/30 23:23:54 | 000,150,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/08/03 12:49:34 | 000,036,864 | ---- | M] (Individual Software, Inc.) -- C:\Program Files\AnyTime Deluxe\AtDem.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/25 22:30:50 | 000,706,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\7113d7b0d1ab8e22518f1eee04bd79dc\SolutoCleanup.ni.dll
MOD - [2013/01/25 22:30:49 | 000,681,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\a510bee3c1e6633374c7e0457a9c2afb\PCGDataAggregation.ni.dll
MOD - [2013/01/25 22:30:47 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5900fea26dfbf076656a76a6ec415ceb\PCGBootVisualizingCore.ni.dll
MOD - [2013/01/25 22:30:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\7b20a2b2de746f4c0a34427668eb3379\Interop.NetFwTypeLib.ni.dll
MOD - [2013/01/25 22:30:45 | 000,295,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\324504aa08dd894d6fcbc1288b2abc65\PCGCatalogItemFootprint.ni.dll
MOD - [2013/01/25 22:30:44 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\d1c3fff5ca7b6984f2813356395b9460\PCGBrowsersProbe.ni.dll
MOD - [2013/01/25 22:30:43 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\b7ffb1db04e5c25f69195285145102b3\PCGSAProbe.ni.dll
MOD - [2013/01/25 22:30:42 | 000,087,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\f5c8bdcc4b6d1bcb4854c677d75b1dbf\PCGCatalogItemCache.ni.dll
MOD - [2013/01/25 22:30:42 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\25b4b05f3611cb0f83ee288e91a888b5\PCGEntities.ni.dll
MOD - [2013/01/25 22:30:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\f407b1a910fedc713a6b844835b90900\PCGClientCommunication.ni.dll
MOD - [2013/01/25 22:30:39 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\00776f9637ef2b01424c9ae44af55a43\PCGUpgrader.ni.dll
MOD - [2013/01/25 22:30:39 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\5d0f966d27eb030ad1144bf7313165b1\SolutoUpdateService.ni.dll
MOD - [2013/01/25 22:30:38 | 002,044,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\49aed0293596cb41b3b9383c3bf54548\SolutoService.ni.exe
MOD - [2013/01/25 22:30:28 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\ec81ad124f2887749a29bf67d72e47c1\PCGPostBootResources.ni.dll
MOD - [2013/01/25 22:30:28 | 000,052,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\ea6ef3d32d5e28268377ff81fed27395\PCGHIDProbe.ni.dll
MOD - [2013/01/25 22:30:27 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\32937b6110f36171106fc3a9bc4b397e\Community.CsharpSqlite.ni.dll
MOD - [2013/01/25 22:30:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\1ff918080005699a4427ae446d120182\PCGRSPProbe.ni.dll
MOD - [2013/01/25 22:30:25 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\35c49945a5328be7e77060795d7ba080\PCGWuInfo.ni.dll
MOD - [2013/01/25 22:30:25 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\9e0ee4ac48824decaf0cd3ac91bcf8dc\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/01/25 22:30:25 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\a178291dc42211f27ccb0269049e2bcb\PCGUsersCenter.ni.dll
MOD - [2013/01/25 22:30:23 | 000,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\83169f5e6f353146ec154409dd7d6790\PCGAppControlPluginLoader.ni.dll
MOD - [2013/01/25 22:30:21 | 003,509,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\9ab766011f90c5409cf010140f869f37\PCGClientCommon.ni.dll
MOD - [2013/01/25 22:30:18 | 000,157,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\d3d76007ccd5a9a77c9669a66d6a58ab\PCGBootVisualizingCommon.ni.dll
MOD - [2013/01/25 22:30:17 | 000,222,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ae4cd0b5747ac822681efb22bda4bb79\PCGDriverProbe.ni.dll
MOD - [2013/01/25 22:30:15 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\391d5b3caf3cf0c71211ea165940949f\PCGConfiguration.ni.dll
MOD - [2013/01/25 22:30:14 | 002,617,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\68fa02e189ba72c91b4a13ffcf8fbab9\PCGDatabase.ni.dll
MOD - [2013/01/25 22:30:14 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\90d790910714eac292348c0c844d8a74\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/25 22:30:11 | 001,538,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\d0055ecdbb5ca8e75ddb4926d14f7a84\PCGAzureShared.ni.dll
MOD - [2013/01/25 22:30:11 | 000,048,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\fbd0db0b6165668a622cc8c38e904144\PCGAzureEntityFramework.ni.dll
MOD - [2013/01/25 22:30:10 | 001,196,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\c19bb8498c051b00555763e3a38d56bc\PCGCommunication.ni.dll
MOD - [2013/01/25 22:30:08 | 001,707,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\fdbcaf85353f2c586634f7b575893baa\PCGPreCompiled.ni.dll
MOD - [2013/01/25 22:29:48 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\5e6ee9397825b25e4543c094f400c859\Ionic.Zip.Reduced.ni.dll
MOD - [2013/01/25 22:29:48 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\d6afbc7f7cba70db9b20564440f44622\PCGPrestoSerializer.ni.dll
MOD - [2013/01/25 22:29:46 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2013/01/25 22:29:45 | 002,128,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\7071c2f7ad720d29b2a539184a94fc12\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/01/25 22:29:44 | 002,727,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\6af740b77febde5f102725c19f6cc107\PCGFramework.ni.dll
MOD - [2013/01/25 22:29:40 | 001,620,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\3523ca400bc7eef91481b1577d3cbf6c\Soluto.ni.exe
MOD - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2013/01/10 10:33:28 | 000,077,880 | ---- | M] () -- c:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2012/12/12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:33 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 10:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/01/10 10:33:28 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/23 21:54:04 | 002,033,400 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Program Files\ultravnc\winvnc.exe -- (uvnc_service)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/30 23:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\timntr.sys -- (timounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swvnic.sys -- (SWVNIC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/12/16 03:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/18 01:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 01:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 01:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/09/10 22:50:22 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/05/17 08:14:29 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/13 10:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKCU\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Firefox\components [2013/01/25 21:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/01/18 17:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2012/12/31 16:00:02 | 000,000,162 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [atr.exe] File not found
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe (Individual Software, Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk = C:\Program Files\SpyTheSpy\SpyTheSpy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 09:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/27 15:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
[2013/01/26 22:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\TortoiseSVN
[2013/01/26 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\TSVNCache
[2013/01/26 22:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2013/01/26 22:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TortoiseSVN
[2013/01/26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2013/01/26 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2013/01/26 14:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC_1.1.8
[2013/01/26 08:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime Alternative
[2013/01/26 08:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/01/26 08:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013/01/26 08:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\Logishrd
[2013/01/26 08:20:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/25 23:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/25 23:11:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/25 23:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/25 22:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2013/01/25 22:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/01/25 22:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013/01/25 22:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2013/01/25 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/25 22:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/01/25 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/01/25 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/25 21:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2013/01/25 21:38:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2013/01/18 06:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/01/17 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpyTheSpy
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyTheSpy
[2013/01/10 15:07:24 | 000,013,432 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/08 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/02 15:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2013/01/02 15:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\NCH Software Suite
[2013/01/02 15:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2013/01/02 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\NCH Software
[2012/12/31 20:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\WO Mic Client
[2012/12/31 20:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\WOMic
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe

========== Files - Modified Within 30 Days ==========

[2013/01/30 09:15:38 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/01/30 09:14:06 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/01/30 09:13:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 09:13:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/30 09:12:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/30 09:12:49 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/30 09:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/28 14:16:49 | 002,555,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/27 15:22:50 | 000,002,992 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/01/26 19:48:29 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/25 23:17:20 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/01/25 22:44:45 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2013/01/25 22:44:04 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:31:04 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/25 22:28:48 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/25 22:14:21 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/25 21:58:39 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/25 21:24:02 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/25 21:24:02 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 09:51:38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/18 09:33:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/01/18 06:52:01 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 17:46:22 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/01/17 12:50:57 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 15:07:24 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/10 15:05:56 | 000,054,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2013/01/03 17:55:18 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2013/01/02 15:47:54 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/31 16:00:02 | 000,000,162 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2013/01/26 08:02:53 | 001,492,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/25 22:44:04 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:44:04 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/01/25 22:36:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Update Checker.lnk
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 21:58:39 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2013/01/18 06:52:01 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 12:50:57 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 16:16:37 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/10 15:05:56 | 000,054,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/08 10:10:42 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #2.lnk
[2013/01/08 10:10:33 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #3.lnk
[2013/01/08 10:10:30 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #4.lnk
[2013/01/08 10:10:27 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #5.lnk
[2013/01/02 15:44:34 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2013/01/02 15:44:34 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
[2012/12/31 20:23:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\WO Mic Client.lnk
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/09/24 07:21:03 | 000,197,659 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498655.bdinstall.bin
[2012/09/24 06:52:44 | 000,060,826 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1348498180.bdinstall.bin
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/12 16:36:03 | 000,313,900 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1339543597.bdinstall.bin
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/06/01 10:12:21 | 000,369,332 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338566755.bdinstall.bin
[2012/06/01 07:04:50 | 000,098,465 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338562424.bdinstall.bin
[2012/06/01 06:31:24 | 000,366,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338559386.bdinstall.bin
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/29 19:53:44 | 000,444,564 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330569044.bdinstall.bin
[2012/02/29 17:35:50 | 000,139,870 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1330559400.bdinstall.bin
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/27 19:02:35 | 000,171,164 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327718518.bdinstall.bin
[2012/01/27 16:23:43 | 000,302,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327708936.bdinstall.bin
[2012/01/27 09:20:01 | 000,617,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327682970.bdinstall.bin
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\Ÿ9Ÿ9
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/01/30 08:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/25 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/11/28 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2012/11/20 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/25 22:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/01/30 08:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2013/01/26 22:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2012/10/29 07:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon

========== Purity Check ==========



< End of report >
  • 0

#15
docfxit
Posted 30 January 2013 - 12:43 PM

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Virus Total results

RemindMe.exE
https://www.virustot...sis/1359567492/
RemindMe is a program that keeps a calendar of events

RemarkFTPUtility13.exe
https://www.virustot...sis/1359567930/
Remark is a program that scans and scores test mostly for schools. I use it to count ballots for elections.

Photo Album 6.7z
Photo Album is too large to be scanned. The file is an old backup I created of the folder Photo Album when I was having a problem with it.

smfaxmon.dll
https://www.virustot...sis/1359568723/
I have no idea what it does or if I need it.

is-PPJSS.exe
https://www.virustot...sis/1359569125/
This file is part of K-Lite Codec Pack 8.7.0 (Basic)

abbrev.properties
https://www.virustot...sis/1359569373/
This is the contents of the file:
import au3abbrev
import au3UserAbbrev

It's used with the AutoIt editor I use Global abbreviations file for SciTE

au3UserAbbrev.properties
https://www.virustot...sis/1359569758/
This is what is in the file:
# AutoIt3 User properties

It is also used with the SciTE editor I use for AutoIt

90C7D912BE2316.sys
https://www.virustot...sis/1359570008/
This is the contents of the file:
[2253]
2253=41128

I have no idea what it is or what it is used for. It looks very suspicious to me.

.deskmetrics
https://www.virustot...sis/1359570242/
This is the contents of the file:
eaec1390a11394a091907f215653b2ac

I have no idea what it is or what it is used for. It looks very suspicious to me. I think it should be deleted.

Logger Pro 3
https://www.virustot...sis/1359570531/

I have no idea what it is or what it is used for. It looks very suspicious to me. I think it should be deleted.

BitTornado
My company uses it to share Technical Bulletins . I have Uninstalled it. I use it very rarely and don't need it right now.


The problem has not gone away. The next time it writes the files that Bitdefender catches I will save the log and post it here.

Thank you for helping me clean up this PC.

Docfxit
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP