Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

for rkinner


  • Please log in to reply

#1
noluv

noluv

    Member

  • Member
  • PipPipPip
  • 123 posts
Thanks in advance i will post the logs you requested

OTL logfile created on: 1/19/2013 10:12:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 71.22% Memory free
11.74 Gb Paging File | 9.95 Gb Available in Paging File | 84.78% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 34.81 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 14:58:25 | 000,348,160 | ---- | M] () -- C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe
PRC - [2013/01/19 09:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raw from Noluv\Downloads\OTL.exe
PRC - [2013/01/13 13:55:34 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/01/13 13:55:34 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/04 18:51:21 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/10 09:02:46 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/05 10:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/04/20 08:39:04 | 000,265,952 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/04 08:29:24 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/23 15:00:10 | 000,946,176 | ---- | M] () -- c:\Program Files (x86)\SoftQuick\sprotector.dll
MOD - [2013/01/23 15:00:10 | 000,946,176 | ---- | M] () -- c:\Program Files (x86)\ContinueToSave\sprotector.dll
MOD - [2013/01/13 13:55:34 | 001,101,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/01/13 13:55:34 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/01/04 18:51:21 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/09/11 19:32:55 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/01/13 13:55:34 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/04 18:51:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/05 10:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 08:39:04 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/13 13:55:34 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/25 21:23:14 | 000,438,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 08:38:28 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/02/28 08:38:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/20 10:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/20 22:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/06/20 22:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/06/20 22:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/20 22:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/05/12 05:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
IE - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.oovoostar...=201&country=US
IE - HKCU\..\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-04-24 12:39:01&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AA8D6475-50E6-0FAB-D17A-2CE8EC5002F9}: "URL" = http://www.startnow....ion=6.1-x64-SP1
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
IE - HKCU\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D2B1EE8F-3646-466A-8407-78DA4AAE7B32}: "URL" = http://www.google.co...1I7ADFA_enUS422
IE - HKCU\..\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.sof...k.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.sof...ft-quick.info/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.6
FF - prefs.js..extensions.enabledAddons: [email protected]:3.8.28
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.19.2
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1
FF - prefs.js..keyword.URL: "http://websearch.sof...k.info/?l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Raw from Noluv\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/08/09 20:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/13 13:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 19:32:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/09 20:54:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]

[2011/08/29 17:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Extensions
[2013/01/14 01:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions
[2012/12/23 03:39:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/01/14 01:27:12 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/01/14 01:38:21 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/20 20:13:18 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2013/01/19 09:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/21 16:45:29 | 000,000,000 | ---D | M] ("Boounce") -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/04/30 10:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions
[2012/04/30 10:58:14 | 000,000,000 | ---D | M] (@@[email protected]@) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions\[email protected]
[2012/09/20 16:45:50 | 000,005,370 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/09/25 07:23:39 | 000,005,362 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/12/07 20:20:59 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/22 12:39:48 | 000,004,728 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/22 12:39:48 | 000,004,728 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions\[email protected]
[2013/01/14 01:37:56 | 000,000,553 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\searchplugins\WebSearch.xml
[2012/08/21 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/11 19:32:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/26 22:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/26 22:47:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/11 19:32:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/11 19:32:55 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/01/13 13:55:56 | 000,003,593 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/11 19:32:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/11 19:32:55 | 000,001,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/09/11 19:32:55 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/09/11 19:32:55 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/09/11 19:32:55 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/11 19:32:55 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - homepage: http://websearch.soft-quick.info/
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaiganokmhcbflohljmpfjojfonlkijk\1\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/26 15:03:38 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (continuetosave) - {46CA5227-907A-65FB-E166-A5A2890FAA30} - C:\ProgramData\continuetosave\5100f93defeb8.dll ()
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000003] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH3A.EXE /EPT "EPLTarget\P0000000000000003" /M "WP-4530 Series" File not found
O4 - HKCU..\Run: [EPSON Artisan 50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Users\RAWFRO~1\AppData\Local\Temp\E_S4D2.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Artisan 50 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Users\RAWFRO~1\AppData\Local\Temp\E_S291.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Google Update] C:\Users\Raw from Noluv\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson printer Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: bdsripcab https://media.bdsrea...s/bdsripcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A522D6-3EB1-4214-92E4-66EC7F125DEE}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D235AA25-4B56-4A1B-A6B5-2B4EF4597E21}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\Program Files (x86)\ContinueToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\softqu~1\sprote~1.dll) - c:\Program Files (x86)\SoftQuick\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe /s
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com -- "%1" %*
O37:64bit: - HKLM\...exe -- "%1" %*
O37 - HKLM\...com -- "%1" %*
O37 - HKLM\...exe -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2013/01/15 08:27:56 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/01/15 08:25:58 | 000,245,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2013/01/15 08:25:56 | 000,422,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll
[2013/01/15 07:33:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013/01/15 07:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013/01/15 07:28:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2013/01/14 15:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/01/14 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/14 07:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/01/14 07:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 07:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/14 02:45:37 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/14 01:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftQuick
[2013/01/14 01:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BetterSoft
[2013/01/14 01:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave
[2013/01/14 01:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
[2013/01/14 01:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave
[2013/01/14 01:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/14 01:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013/01/14 01:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013/01/14 00:49:38 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2013/01/13 23:54:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 18:05:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/01/13 18:05:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/01/13 18:05:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/01/13 18:05:29 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/01/13 18:05:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/01/13 18:05:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/01/13 18:05:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/01/13 18:05:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/01/13 18:05:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/01/13 18:05:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/01/13 18:05:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/01/13 18:05:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/01/13 18:05:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/01/13 18:05:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/01/13 18:05:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/01/13 18:05:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/01/13 18:05:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/01/13 18:05:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/01/13 18:05:27 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/01/13 18:05:27 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/01/13 18:05:26 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/01/13 18:05:25 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/01/13 18:02:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/01/13 18:02:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/01/13 18:02:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/01/13 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\ABBYY
[2013/01/13 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/01/13 14:19:10 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2013/01/13 14:19:10 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2013/01/13 14:19:10 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2013/01/13 14:19:10 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2013/01/13 14:19:10 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2013/01/13 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/01/13 14:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/01/13 14:10:38 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2013/01/13 14:10:38 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2013/01/13 14:10:37 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2013/01/13 14:10:37 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2013/01/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/01/13 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/01/13 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/01/13 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/01/13 14:04:50 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2013/01/13 14:04:50 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2013/01/13 14:04:50 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2013/01/13 09:03:20 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2013/01/11 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Unizeal_Corp
[2013/01/11 21:16:56 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2013/01/11 21:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTCM Client
[2013/01/11 21:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2013/01/11 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/01/11 21:03:21 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2013/01/11 21:03:21 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2013/01/11 21:03:21 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2013/01/11 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\InstallShield
[2013/01/11 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/01/11 21:03:02 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMFFA.DLL
[2013/01/11 21:02:59 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBFFA.DLL
[2013/01/11 21:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/01/11 21:00:38 | 000,615,984 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8n.ocx
[2013/01/11 21:00:37 | 000,847,872 | ---- | C] (Arcadia Software Development) -- C:\Windows\SysWow64\PowerButton.ocx
[2013/01/11 21:00:37 | 000,497,488 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Publisher Pro
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Publisher Pro
[2013/01/11 20:57:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013/01/11 20:52:06 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys
[2013/01/05 00:47:04 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\The Walking Dead Season 3 Complete(Ep 1-8) HDTV x264 [VectoR]
[2013/01/04 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Seven.Psychopaths.2012.DVDSCR.XviD-AbSurdiTy
[2013/01/04 20:19:05 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Django Unchained[2012]REPACK DVDScr XviD-ETRG
[2013/01/04 20:16:28 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Flight.2012.DVDSCR.x264.AAC-BiGKATS
[2013/01/04 20:16:24 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Lincoln.2012.DVDSCR.XViD.AC3-FooKaS
[2013/01/04 20:15:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Killing.Them.Softly.2012.DVDRip.XviD.AC3-nLiBRA
[2013/01/04 20:12:42 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Django Unchained 2012 DVDSCR X264 AAC-P2P
[2013/01/04 19:12:28 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/04 19:12:28 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/04 19:12:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/04 19:12:01 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/04 19:11:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/04 19:11:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/04 19:11:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/04 19:11:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/04 19:11:36 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/04 19:11:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/04 19:11:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/04 19:11:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/04 19:11:36 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/04 19:11:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/04 19:11:36 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/04 19:11:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/04 19:11:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/04 19:11:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/04 19:11:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/04 19:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/04 19:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/04 19:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/04 19:11:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/04 19:11:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/04 19:11:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/04 19:11:35 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/04 19:11:35 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/04 19:11:35 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/04 19:11:34 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/04 19:11:34 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/04 19:11:34 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/04 19:11:34 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/04 19:11:34 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/04 19:11:34 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/04 19:11:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/04 19:11:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/04 19:11:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/04 19:11:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/04 19:11:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/04 19:11:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/04 19:11:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/04 19:11:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/04 19:11:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/04 19:11:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/04 19:11:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/04 19:11:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/04 19:11:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/04 19:11:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/04 19:11:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/04 19:11:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/04 19:11:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/04 19:11:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/04 19:11:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/04 19:11:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/04 19:11:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/04 19:11:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/04 19:11:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/04 19:11:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/04 19:11:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/04 19:11:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/04 19:10:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012/12/27 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Kidz Bop Kids
[2012/12/27 09:26:39 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Kidz Bop Kids 17
[2012/12/27 09:26:36 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Kidz Bop Kids- 15 (2009)
[2012/12/27 09:25:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Victorious
[2012/12/24 04:02:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/24 04:02:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/24 04:02:35 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/24 04:02:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/22 08:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/12/22 08:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/11/14 18:15:46 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Raw from Noluv\taskmgr.exe

========== Files - Modified Within 30 Days ==========

[2013/01/19 09:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/19 09:40:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job
[2013/01/19 09:39:54 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job
[2013/01/19 09:34:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/19 09:33:09 | 000,924,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/19 09:33:09 | 000,212,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/19 09:33:09 | 000,005,800 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/19 09:30:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job
[2013/01/19 09:29:37 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job
[2013/01/19 09:29:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/18 06:16:43 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 06:16:43 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 06:10:53 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/18 06:10:53 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/18 06:10:47 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013/01/18 06:10:43 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\schedule!1143840799.job
[2013/01/18 06:10:00 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 02:17:54 | 000,230,665 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/15 08:52:29 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaw from Noluv.job
[2013/01/15 07:33:13 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 08:37:39 | 005,057,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/14 02:47:44 | 000,000,106 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/01/14 02:43:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/14 02:41:23 | 000,120,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:17:28 | 000,001,102 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 20:16:43 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 20:10:37 | 000,026,674 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2013/01/13 20:10:22 | 000,001,955 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2013/01/13 18:39:34 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/13 18:12:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/13 14:51:45 | 000,001,210 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/01/13 14:42:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:03:20 | 000,083,968 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/13 13:55:34 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/11 22:08:11 | 000,002,374 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 22:07:30 | 000,229,714 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:17:15 | 000,000,848 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson printer Registration.lnk
[2013/01/11 21:16:46 | 000,000,044 | ---- | M] () -- C:\Windows\EPART50.ini
[2013/01/11 21:13:54 | 000,000,185 | ---- | M] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:13 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:00:10 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:56 | 000,007,962 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/11 20:58:52 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:14 | 000,792,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/05 14:34:40 | 1396,346,733 | ---- | M] () -- C:\Users\Raw from Noluv\Adobe Photoshop CS6 Extended.exe
[2013/01/04 18:51:21 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/04 18:51:21 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/27 09:45:36 | 1964,290,048 | ---- | M] () -- C:\Users\Raw from Noluv\650 WWE THEME SONGS.iso

========== Files Created - No Company Name ==========

[2013/01/15 07:33:13 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 01:37:44 | 000,000,446 | -H-- | C] () -- C:\Windows\tasks\schedule!1143840799.job
[2013/01/14 01:17:28 | 000,001,102 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 18:12:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/13 18:11:53 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/13 16:35:55 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 14:51:45 | 000,001,210 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/01/13 14:42:20 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:04:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/13 13:58:04 | 000,000,106 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/01/13 13:56:13 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/11 22:07:44 | 000,230,665 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/11 22:07:30 | 000,229,714 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:35:00 | 000,002,374 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 21:17:15 | 000,000,848 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson printer Registration.lnk
[2013/01/11 21:13:54 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:36 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2013/01/11 21:13:13 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:03:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/01/11 21:03:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/01/11 21:03:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/01/11 21:03:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/01/11 21:03:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/01/11 21:03:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/01/11 21:03:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/01/11 21:03:21 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2013/01/11 21:03:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2013/01/11 21:03:21 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2013/01/11 21:03:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/11 21:03:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/11 21:03:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/11 21:03:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/01/11 21:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\EPART50.ini
[2013/01/11 21:00:10 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:52 | 000,007,962 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/11 20:52:06 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2013/01/05 14:04:06 | 1396,346,733 | ---- | C] () -- C:\Users\Raw from Noluv\Adobe Photoshop CS6 Extended.exe
[2012/12/27 09:10:57 | 1964,290,048 | ---- | C] () -- C:\Users\Raw from Noluv\650 WWE THEME SONGS.iso
[2012/10/06 09:59:31 | 000,011,230 | ---- | C] () -- C:\Users\Raw from Noluv\NFO.NFO
[2012/05/09 19:19:35 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/05/03 07:48:30 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/05/03 07:48:30 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/04/28 18:48:11 | 000,000,184 | ---- | C] () -- C:\ProgramData\-9pSYAHmNEx0jLqr
[2012/04/28 18:48:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\-9pSYAHmNEx0jLq
[2012/04/28 18:48:07 | 000,000,256 | ---- | C] () -- C:\ProgramData\9pSYAHmNEx0jLq
[2012/04/25 12:21:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/25 12:21:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/24 13:27:34 | 000,000,176 | ---- | C] () -- C:\ProgramData\-atqxvWPC3jw4xlr
[2012/04/24 13:27:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\-atqxvWPC3jw4xl
[2012/04/24 13:27:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\atqxvWPC3jw4xl
[2012/04/24 08:06:17 | 000,026,674 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2012/04/22 16:29:42 | 000,000,184 | ---- | C] () -- C:\ProgramData\-rdw4GDn50Ccmrhr
[2012/04/22 16:29:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\-rdw4GDn50Ccmrh
[2012/04/22 16:29:33 | 000,000,256 | ---- | C] () -- C:\ProgramData\rdw4GDn50Ccmrh
[2012/04/22 10:18:15 | 000,026,197 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp38.html
[2012/04/22 10:14:48 | 000,001,955 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2012/04/20 18:02:25 | 000,000,184 | ---- | C] () -- C:\ProgramData\-RhbgLUQMpZunh7r
[2012/04/20 18:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\-RhbgLUQMpZunh7
[2012/04/20 18:01:57 | 000,000,256 | ---- | C] () -- C:\ProgramData\RhbgLUQMpZunh7
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/09 16:35:17 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/08 23:31:25 | 000,010,176 | -HS- | C] () -- C:\Users\Raw from Noluv\AppData\Local\ht4164hs5gks51q28e755xw6o2i4paseq081ucrj1d22of
[2012/01/08 23:31:25 | 000,010,176 | -HS- | C] () -- C:\ProgramData\ht4164hs5gks51q28e755xw6o2i4paseq081ucrj1d22of
[2011/12/25 20:30:57 | 000,709,968 | ---- | C] () -- C:\Windows\is-FR598.exe
[2011/11/14 18:15:46 | 000,005,632 | -HS- | C] () -- C:\Users\Raw from Noluv\wevtapi.dll
[2011/10/13 20:30:01 | 000,200,517 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:30:01 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/10/13 19:22:40 | 000,200,305 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 19:22:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/05/16 17:08:01 | 000,001,854 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\GhostObjGAFix.xml
[2011/04/29 23:21:48 | 000,005,120 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:12:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/27 21:07:42 | 000,000,082 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[2011/01/14 18:21:54 | 000,001,024 | ---- | C] () -- C:\Users\Raw from Noluv\.rnd

========== ZeroAccess Check ==========

[2012/08/09 17:28:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: USBHUB.SYS >
[2011/03/24 22:29:26 | 000,343,040 | -H-- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\SysNative\drivers\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | -H-- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\system64\drivers\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\system64\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\system64\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_28d4bd852548d3f5\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbhub.sys
[2011/03/24 22:24:56 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=8B892002D7B79312821169A14317AB86 -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_294f893c3e722a54\usbhub.sys
[2011/03/24 22:24:56 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=8B892002D7B79312821169A14317AB86 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\system64\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\system64\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_291e6c652511ddb0\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbhub.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 967 bytes -> C:\ProgramData\Microsoft:hcfqGO7nVrnVSu187SwX2a8
@Alternate Data Stream - 917 bytes -> C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D:H7Cyqplf3icAKo7cs
@Alternate Data Stream - 887 bytes -> C:\ProgramData\Microsoft:flLLyhoItKfP7Uz2dKIZU10t
@Alternate Data Stream - 1022 bytes -> C:\Program Files\Common Files\Microsoft Shared:HkMU3n23M8jYFU9moM6Kgc5nB
@Alternate Data Stream - 1010 bytes -> C:\Program Files\Common Files\System:6u218lLYV3H5GQlyWixKZbXLLh

< End of report >




heres the other log



OTL Extras logfile created on: 1/19/2013 10:12:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 71.22% Memory free
11.74 Gb Paging File | 9.95 Gb Available in Paging File | 84.78% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 34.81 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat -- "%1" %*
.chm -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd -- "%1" %*
.com -- "%1" %*
.cpl -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe -- "%1" %*
.hlp -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif -- "%1" %*
.reg -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr -- "%1" /S
.txt -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\SysWow64\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\SysWow64\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Windows\system32\svchost.exe" = C:\Windows\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Windows\system32\svchost.exe" = C:\Windows\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17884248-F9A0-441F-9311-51E336E753DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{358ECCCC-A18B-438E-BC0C-EE40E9E9FD3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F5FEE9C-EDD4-4454-98F5-F1BEA59AB61E}" = lport=138 | protocol=17 | dir=in | app=system |
"{468E925D-A0AC-4FC0-AC7E-8221E3EA7AF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{5AFB5BCE-F0D9-4031-8C80-D4AEFA79C4D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F0E9512-D2CE-433F-92B7-2928A825199F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D79BB43-68A4-47BD-8A6F-1F49F7A7D8DE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7F6ED1BA-DF1A-4407-B313-DFFC0EE0008A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{87EB6CD1-BC2B-44F6-A16C-D897C87B04C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D9402C5-ADF3-46BF-8575-325145B2DDAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{924E0254-AFF1-4E09-B14A-756BEEE256A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A50F8892-444F-4D5D-A41F-2D23B89AF4B0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A72FCD18-45D9-4E7D-BB17-EEBB0E1249DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A7C605FA-026A-42FD-8115-EF9040A3F428}" = rport=445 | protocol=6 | dir=out | app=system |
"{AED7E11D-8520-48B3-971F-29D31B888AC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B18C0A5D-E37D-4451-BCEB-FB494B945791}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B194FE32-24CF-4471-9F35-DAF70CF8F8C4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C56B3FC4-9D92-41B9-908B-EA84B17FD33C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CACE2A3F-94D0-4A90-9C85-DE45A5BB75A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0C3D301-A5E5-436D-8506-324D89535986}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D19B609A-6CA9-4B30-8524-5C0DD78C554B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D85D392A-99A5-4190-A9C3-5EEDAC2A7C32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E35E8A07-44EA-4D7D-8C9A-279F4898AB1F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E45458F3-38CC-4E0C-ACA6-6B7C40B57351}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EFD7D516-F4E3-475A-AB01-54ED54C7F66E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F36F3B33-F00F-41C4-BC4F-F1E6A92761F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8C26164-0524-4171-B2BD-ED264DF98969}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A0B9B6-37AC-44AC-B2CA-63B746BEB4B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0426BA6A-B061-40B1-8696-9CB5B4CCD467}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{0AF075FD-2B51-4FEC-80C5-7E9922103DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1744A51D-6318-45AA-95E0-E2FE7CB7237C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{1744C9FA-A5B8-4EE8-997E-C82BE150FEEF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{21AA5D2B-EF96-4505-A561-FC4FCBEB14DE}" = protocol=58 | dir=out | [email protected],-28546 |
"{21C7A9B5-5F21-423B-BCE1-465BB151783F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{22B433A9-EEB5-4DC7-8C23-127B3B718C05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{252B39E8-6925-43DC-8227-6A3A57ED8223}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{27FC23F0-59F9-437C-B4F9-A725F98DE44C}" = protocol=58 | dir=in | [email protected],-148 |
"{28945957-ADF8-4160-8BE4-622666F0A35F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2AEE7F58-6786-40E9-BB0D-BADB10573BC2}" = protocol=1 | dir=out | [email protected],-28544 |
"{2F63BCA1-77E1-43CB-AF2E-11AD19ACCC4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FD18DD4-08D1-44F4-90D1-0C71DB9B0B85}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3AC4DFC9-4285-440F-BA85-CC43FCFF9759}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{44A16188-B662-40F5-9AD5-92514CC1279C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47386422-61AC-4347-A69D-2443C7C5F2A7}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{4D478F47-7B54-45F3-A1AF-F7DD469A4AF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{50AF1995-511D-4B58-A90E-A05F70B63AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{58DC8AFD-57A9-4D8F-AB2B-6359ACE73593}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5CE69A5B-A0A6-48E7-B111-32DC87C3D686}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D5FB36D-AA60-4C8D-B0A4-18B76C47B00A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{6E2A430E-41B8-4970-9896-E5137A06EF68}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7857951A-A28A-4F2D-AADC-0AAEC0BA335A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{78BF4A59-6688-4C31-88D2-E71202D9F7F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7EEBAF2B-A881-4EDC-806D-E64DF23F6ADC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{7F72FBC8-5C28-4357-8A80-546D5E560D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7FA49A01-956C-485D-B541-770F67A65ADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81A08614-943B-4D64-BEF5-88FE579D0126}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{87801043-A665-4077-BC4C-A722621F4589}" = dir=in | app=c:\users\raw from noluv\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8DA04844-D168-42A0-AB78-5DA4EDE9A84A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{9026E000-566C-4DFE-B43E-EBB014AF730D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{94091789-1212-43F2-8F90-6351D7CB7D53}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{9C195E25-2F01-4283-BF4F-A5BBC7712E18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FBA261C-245F-46C8-82F0-464FE6919941}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A2C68EC7-5A3F-47CD-BDA0-A8644C85D914}" = protocol=1 | dir=in | [email protected],-28543 |
"{A305632E-BE9D-4429-AFAA-C88B26D58951}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{AA79FED2-E795-48F3-9CE8-E41E7BE4FD72}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF4191D3-44C2-4FA7-9F96-C6C9A9A10A66}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{B6E1D671-E7B3-45C7-8A79-6D542A98166B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B755A04D-825C-4CFE-84EC-E0E8711042F9}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{BB25593E-4548-4DA6-B77C-B63D1C2C80C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{BBF69A78-A604-4136-9696-F742B7AE4778}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFB31FE3-6E18-47AC-98A6-3600537B3FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{CB8AEB65-965C-400F-BC03-79CC860C101A}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{CE66726E-A628-4351-A979-3290573B204A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{CF014D1F-D054-430B-AB40-4AD308487A4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D0238489-03E0-489F-AF3B-4B368DEB9A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{DA408509-87C4-4B35-83A0-8D596B80C5E9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DDCA507D-B9C8-4428-B06B-CB654F55FA69}" = protocol=58 | dir=in | [email protected],-28545 |
"{DE2D20DC-0C35-4ECF-9242-6BED5277656D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{E7944C9B-BFA8-4AC0-8273-4D05163F97A2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{EAEAB54C-5978-445D-9CA4-F209731623F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EB0A0066-CDD8-4C69-B15D-EB58DFF3DCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{EFE391F6-ED28-445B-A0AD-9189A6B6354A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{F86FC563-680E-4571-8FF4-08B834A3D44E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FB7E4F57-0B36-4F1A-9C35-5A56B6152606}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{225DE5BF-DDDC-4EA2-9019-F6C8D591DDAA}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{24C443B1-240E-4105-828B-76F2DD0B439A}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{3D77A33F-2F7F-49BE-869C-72F9F0EF0DA8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{3D7D3074-E112-4008-A427-5CA794F483CF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{44506D77-46CB-41BF-B104-6DFA4CAFBFB1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{4F05FD6C-470E-4449-9636-1D990B1024BC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{503B3223-5D68-4B3B-81DD-B55B3F6A45C5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{50FFB52D-9750-4954-9874-D3FB22805053}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{8BD3D22F-FE78-4C6E-A5E1-48E96BA17463}C:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe |
"TCP Query User{A58AF966-99F3-4135-8A5B-A36F1876452B}C:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe |
"TCP Query User{AA4210BC-3D01-481C-BDEF-77CF0E230F10}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{D3209E98-0FDA-4713-AF87-A00B05795D4C}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{DBE0A617-4D70-4C83-9F04-A05C1BE9F3E2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{EEE4D474-6714-475D-A072-D8125309FB2B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{1633D582-6CB0-42BB-B692-5D55520A6965}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{4BBDAD8D-DB92-48B1-BB4D-ADC273E2AA14}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{4DA86CE5-9352-44E5-A39B-B1FCF8284D79}C:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe |
"UDP Query User{605806B6-7C96-459E-A0C4-059DAA9C6F51}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6D948A03-2D0F-472E-8418-836E3BEEFEE1}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{770941D8-606C-44BE-BB7C-860216CEC32E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{95656DEB-E1A9-436F-BCB7-3B9BAB87C9CC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{963B5DD9-7191-4474-9005-A91144F9B21B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{A840DFCD-FE67-4137-98B6-C1208FB48B96}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B99CA8FB-C7FE-49A1-9A37-BC0AD58EAF5F}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{BCE5B5DF-177E-40E0-BB51-9CD57A444E4C}C:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe |
"UDP Query User{C3A1F3E4-A837-4E07-BC84-97BE5ADF773F}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{DD1667B4-8E95-4474-AE3B-73613292587B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{E04E0D45-581C-4DE8-92CB-6EFBB8E34B1B}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F2B8F3E-70FA-AA71-4526-3BFDEDE502EF}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F69E48F2-94B0-4272-845C-5F21F2A9815F}" = HP Photosmart Printer Driver Software 13.0 Rel. 2
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ContinueToSave" = ContinueToSave
"EPSON Artisan 50 Series" = EPSON Artisan 50 Series Printer Uninstall
"EPSON WP-4530 Series" = EPSON WP-4530 Series Printer Uninstall
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WhoCrashed_is1" = WhoCrashed 4.01
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{154F0971-04E6-49DB-9E9D-EE0108EC213A}" = PS_SF_02_ProductContext
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{73CDA9BC-DE4D-4D01-A036-BB7B4BB4E9DF}" = Final Publisher Pro
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8232F780-08F1-4894-AA3E-76529901E391}" = PS_SF_02_Software
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = ooVoo toolbar, powered by Ask.com
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B38E9B55-7136-4E66-A084-320512FF3F6F}" = LTCM Client
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = continuetosave
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C64A995B-1A93-48CE-B93B-1EEDB096CBD7}" = PS_SF_02_Software_Min
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E797E7D2-D68C-4cb1-80D2-16049A8FBFB8}" = D5300_Help
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F306C5B6-70C5-4FDC-8C22-BEC5957579E4}" = D5300
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cinema Craft Encoder SP3" = Cinema Craft Encoder SP3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"oovootoolbar" = ooVoo Toolbar
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Raptr" = Raptr
"RealAlt_is1" = Real Alternative 1.9.0
"Search Toolbar" = Search Toolbar
"SP_a8235b05" = Search Assistant SoftQuick 1.74
"SP_e14dcdfa" = ContinueToSave 1.74
"StartNow Toolbar" = StartNow Toolbar
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"Video Convert Master_is1" = Video Convert Master 11.0.11.27
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6
"Xilisoft CD Ripper 6" = Xilisoft CD Ripper 6
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6
"Xilisoft DVD Ripper Platinum 6" = Xilisoft DVD Ripper Platinum 6
"Xilisoft Video Converter Standard 6" = Xilisoft Video Converter Standard 6
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2013 1:34:51 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/18/2013 1:34:51 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/18/2013 2:02:52 AM | Computer Name = MMG | Source = MsiInstaller | ID = 11704
Description = Product: LTCM Client -- Error 1704.An installation for HP Support
Assistant is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 1/18/2013 7:18:37 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/18/2013 7:18:37 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/18/2013 2:11:01 PM | Computer Name = MMG | Source = ContinueToSaveUpdater | ID = 0
Description =

Error - 1/19/2013 10:29:36 AM | Computer Name = MMG | Source = ContinueToSaveUpdater | ID = 0
Description =

Error - 1/19/2013 10:29:48 AM | Computer Name = MMG | Source = ContinueToSaveUpdater | ID = 0
Description =

Error - 1/19/2013 10:33:06 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/19/2013 10:33:06 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ Hewlett-Packard Events ]
Error - 4/30/2012 5:20:54 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 5/26/2012 9:31:56 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 5/26/2012 11:40:24 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 7/1/2012 3:53:09 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5882 Ram Utilization: 20 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 7/26/2012 9:27:58 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 10/26/2012 11:49:30 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 7:06:26 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 7:06:40 PM | Computer Name = MMG | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088HPSF.exe at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5882
Ram
Utilization: 30 TargetSite: Void loadXML()

Error - 11/20/2012 7:07:19 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 12/26/2012 5:49:58 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 4/30/2012 7:22:37 AM | Computer Name = MMG | Source = HP WA Application | ID = 0
Description =

Error - 5/3/2012 6:31:31 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC
server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()

Error - 5/7/2012 7:35:56 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2012 7:35:57 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2012 7:35:59 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/8/2012 5:30:46 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/8/2012 5:30:48 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/26/2012 4:01:51 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Threading.ThreadAbortException Thread was being aborted. at
System.Management.IEnumWbemClassObject.Next_(Int32 lTimeout, UInt32 uCount, IWbemClassObject_DoNotMarshal[]
apObjects, UInt32& puReturned) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/26/2012 4:01:52 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x80010108): The object
invoked has disconnected from its clients. (Exception from HRESULT: 0x80010108
(RPC_E_DISCONNECTED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()

Error - 12/1/2012 6:06:16 AM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 1/17/2013 10:50:59 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 1/17/2013 11:05:24 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 1/17/2013 11:07:47 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 1/18/2013 1:53:24 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 1/18/2013 1:55:49 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 1/18/2013 7:10:22 AM | Computer Name = MMG | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:24:10 AM on ?1/?18/?2013 was unexpected.

Error - 1/18/2013 7:11:28 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 1/18/2013 7:12:30 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 1/18/2013 7:12:32 AM | Computer Name = MMG | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80070420'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.

Error - 1/18/2013 2:10:47 PM | Computer Name = MMG | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >


the third log

OTL Extras logfile created on: 1/19/2013 9:42:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 71.25% Memory free
11.74 Gb Paging File | 9.77 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 34.34 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Windows\system32\svchost.exe" = C:\Windows\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Windows\system32\svchost.exe" = C:\Windows\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17884248-F9A0-441F-9311-51E336E753DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{358ECCCC-A18B-438E-BC0C-EE40E9E9FD3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F5FEE9C-EDD4-4454-98F5-F1BEA59AB61E}" = lport=138 | protocol=17 | dir=in | app=system |
"{468E925D-A0AC-4FC0-AC7E-8221E3EA7AF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{5AFB5BCE-F0D9-4031-8C80-D4AEFA79C4D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F0E9512-D2CE-433F-92B7-2928A825199F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D79BB43-68A4-47BD-8A6F-1F49F7A7D8DE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7F6ED1BA-DF1A-4407-B313-DFFC0EE0008A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{87EB6CD1-BC2B-44F6-A16C-D897C87B04C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D9402C5-ADF3-46BF-8575-325145B2DDAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{924E0254-AFF1-4E09-B14A-756BEEE256A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A50F8892-444F-4D5D-A41F-2D23B89AF4B0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A72FCD18-45D9-4E7D-BB17-EEBB0E1249DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A7C605FA-026A-42FD-8115-EF9040A3F428}" = rport=445 | protocol=6 | dir=out | app=system |
"{AED7E11D-8520-48B3-971F-29D31B888AC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B18C0A5D-E37D-4451-BCEB-FB494B945791}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B194FE32-24CF-4471-9F35-DAF70CF8F8C4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C56B3FC4-9D92-41B9-908B-EA84B17FD33C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CACE2A3F-94D0-4A90-9C85-DE45A5BB75A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0C3D301-A5E5-436D-8506-324D89535986}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D19B609A-6CA9-4B30-8524-5C0DD78C554B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D85D392A-99A5-4190-A9C3-5EEDAC2A7C32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E35E8A07-44EA-4D7D-8C9A-279F4898AB1F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E45458F3-38CC-4E0C-ACA6-6B7C40B57351}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EFD7D516-F4E3-475A-AB01-54ED54C7F66E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F36F3B33-F00F-41C4-BC4F-F1E6A92761F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8C26164-0524-4171-B2BD-ED264DF98969}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A0B9B6-37AC-44AC-B2CA-63B746BEB4B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0426BA6A-B061-40B1-8696-9CB5B4CCD467}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{0AF075FD-2B51-4FEC-80C5-7E9922103DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1744A51D-6318-45AA-95E0-E2FE7CB7237C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{1744C9FA-A5B8-4EE8-997E-C82BE150FEEF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{21AA5D2B-EF96-4505-A561-FC4FCBEB14DE}" = protocol=58 | dir=out | [email protected],-28546 |
"{21C7A9B5-5F21-423B-BCE1-465BB151783F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{22B433A9-EEB5-4DC7-8C23-127B3B718C05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{252B39E8-6925-43DC-8227-6A3A57ED8223}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{27FC23F0-59F9-437C-B4F9-A725F98DE44C}" = protocol=58 | dir=in | [email protected],-148 |
"{28945957-ADF8-4160-8BE4-622666F0A35F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2AEE7F58-6786-40E9-BB0D-BADB10573BC2}" = protocol=1 | dir=out | [email protected],-28544 |
"{2F63BCA1-77E1-43CB-AF2E-11AD19ACCC4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FD18DD4-08D1-44F4-90D1-0C71DB9B0B85}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3AC4DFC9-4285-440F-BA85-CC43FCFF9759}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{44A16188-B662-40F5-9AD5-92514CC1279C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47386422-61AC-4347-A69D-2443C7C5F2A7}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{4D478F47-7B54-45F3-A1AF-F7DD469A4AF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{50AF1995-511D-4B58-A90E-A05F70B63AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{58DC8AFD-57A9-4D8F-AB2B-6359ACE73593}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5CE69A5B-A0A6-48E7-B111-32DC87C3D686}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D5FB36D-AA60-4C8D-B0A4-18B76C47B00A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{6E2A430E-41B8-4970-9896-E5137A06EF68}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7857951A-A28A-4F2D-AADC-0AAEC0BA335A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{78BF4A59-6688-4C31-88D2-E71202D9F7F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7EEBAF2B-A881-4EDC-806D-E64DF23F6ADC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{7F72FBC8-5C28-4357-8A80-546D5E560D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7FA49A01-956C-485D-B541-770F67A65ADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81A08614-943B-4D64-BEF5-88FE579D0126}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{87801043-A665-4077-BC4C-A722621F4589}" = dir=in | app=c:\users\raw from noluv\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8DA04844-D168-42A0-AB78-5DA4EDE9A84A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{9026E000-566C-4DFE-B43E-EBB014AF730D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{94091789-1212-43F2-8F90-6351D7CB7D53}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{9C195E25-2F01-4283-BF4F-A5BBC7712E18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FBA261C-245F-46C8-82F0-464FE6919941}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A2C68EC7-5A3F-47CD-BDA0-A8644C85D914}" = protocol=1 | dir=in | [email protected],-28543 |
"{A305632E-BE9D-4429-AFAA-C88B26D58951}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{AA79FED2-E795-48F3-9CE8-E41E7BE4FD72}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF4191D3-44C2-4FA7-9F96-C6C9A9A10A66}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{B6E1D671-E7B3-45C7-8A79-6D542A98166B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B755A04D-825C-4CFE-84EC-E0E8711042F9}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{BB25593E-4548-4DA6-B77C-B63D1C2C80C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{BBF69A78-A604-4136-9696-F742B7AE4778}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFB31FE3-6E18-47AC-98A6-3600537B3FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{CB8AEB65-965C-400F-BC03-79CC860C101A}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{CE66726E-A628-4351-A979-3290573B204A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{CF014D1F-D054-430B-AB40-4AD308487A4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D0238489-03E0-489F-AF3B-4B368DEB9A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{DA408509-87C4-4B35-83A0-8D596B80C5E9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DDCA507D-B9C8-4428-B06B-CB654F55FA69}" = protocol=58 | dir=in | [email protected],-28545 |
"{DE2D20DC-0C35-4ECF-9242-6BED5277656D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{E7944C9B-BFA8-4AC0-8273-4D05163F97A2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{EAEAB54C-5978-445D-9CA4-F209731623F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EB0A0066-CDD8-4C69-B15D-EB58DFF3DCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{EFE391F6-ED28-445B-A0AD-9189A6B6354A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{F86FC563-680E-4571-8FF4-08B834A3D44E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FB7E4F57-0B36-4F1A-9C35-5A56B6152606}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{225DE5BF-DDDC-4EA2-9019-F6C8D591DDAA}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{24C443B1-240E-4105-828B-76F2DD0B439A}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{3D77A33F-2F7F-49BE-869C-72F9F0EF0DA8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{3D7D3074-E112-4008-A427-5CA794F483CF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{44506D77-46CB-41BF-B104-6DFA4CAFBFB1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{4F05FD6C-470E-4449-9636-1D990B1024BC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{503B3223-5D68-4B3B-81DD-B55B3F6A45C5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{50FFB52D-9750-4954-9874-D3FB22805053}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{8BD3D22F-FE78-4C6E-A5E1-48E96BA17463}C:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe |
"TCP Query User{A58AF966-99F3-4135-8A5B-A36F1876452B}C:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe |
"TCP Query User{AA4210BC-3D01-481C-BDEF-77CF0E230F10}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{D3209E98-0FDA-4713-AF87-A00B05795D4C}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{DBE0A617-4D70-4C83-9F04-A05C1BE9F3E2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{EEE4D474-6714-475D-A072-D8125309FB2B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{1633D582-6CB0-42BB-B692-5D55520A6965}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{4BBDAD8D-DB92-48B1-BB4D-ADC273E2AA14}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{4DA86CE5-9352-44E5-A39B-B1FCF8284D79}C:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe |
"UDP Query User{605806B6-7C96-459E-A0C4-059DAA9C6F51}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6D948A03-2D0F-472E-8418-836E3BEEFEE1}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{770941D8-606C-44BE-BB7C-860216CEC32E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{95656DEB-E1A9-436F-BCB7-3B9BAB87C9CC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{963B5DD9-7191-4474-9005-A91144F9B21B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{A840DFCD-FE67-4137-98B6-C1208FB48B96}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B99CA8FB-C7FE-49A1-9A37-BC0AD58EAF5F}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{BCE5B5DF-177E-40E0-BB51-9CD57A444E4C}C:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe |
"UDP Query User{C3A1F3E4-A837-4E07-BC84-97BE5ADF773F}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{DD1667B4-8E95-4474-AE3B-73613292587B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{E04E0D45-581C-4DE8-92CB-6EFBB8E34B1B}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F2B8F3E-70FA-AA71-4526-3BFDEDE502EF}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F69E48F2-94B0-4272-845C-5F21F2A9815F}" = HP Photosmart Printer Driver Software 13.0 Rel. 2
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ContinueToSave" = ContinueToSave
"EPSON Artisan 50 Series" = EPSON Artisan 50 Series Printer Uninstall
"EPSON WP-4530 Series" = EPSON WP-4530 Series Printer Uninstall
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WhoCrashed_is1" = WhoCrashed 4.01
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{154F0971-04E6-49DB-9E9D-EE0108EC213A}" = PS_SF_02_ProductContext
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{73CDA9BC-DE4D-4D01-A036-BB7B4BB4E9DF}" = Final Publisher Pro
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8232F780-08F1-4894-AA3E-76529901E391}" = PS_SF_02_Software
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = ooVoo toolbar, powered by Ask.com
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B38E9B55-7136-4E66-A084-320512FF3F6F}" = LTCM Client
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = continuetosave
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C64A995B-1A93-48CE-B93B-1EEDB096CBD7}" = PS_SF_02_Software_Min
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E797E7D2-D68C-4cb1-80D2-16049A8FBFB8}" = D5300_Help
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F306C5B6-70C5-4FDC-8C22-BEC5957579E4}" = D5300
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cinema Craft Encoder SP3" = Cinema Craft Encoder SP3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"oovootoolbar" = ooVoo Toolbar
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Raptr" = Raptr
"RealAlt_is1" = Real Alternative 1.9.0
"Search Toolbar" = Search Toolbar
"SP_a8235b05" = Search Assistant SoftQuick 1.74
"SP_e14dcdfa" = ContinueToSave 1.74
"StartNow Toolbar" = StartNow Toolbar
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"Video Convert Master_is1" = Video Convert Master 11.0.11.27
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6
"Xilisoft CD Ripper 6" = Xilisoft CD Ripper 6
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6
"Xilisoft DVD Ripper Platinum 6" = Xilisoft DVD Ripper Platinum 6
"Xilisoft Video Converter Standard 6" = Xilisoft Video Converter Standard 6
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ooVoo toolbar, powered by Ask.com Updater
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2013 1:34:51 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/18/2013 1:34:51 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/18/2013 2:02:52 AM | Computer Name = MMG | Source = MsiInstaller | ID = 11704
Description = Product: LTCM Client -- Error 1704.An installation for HP Support
Assistant is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 1/18/2013 7:18:37 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/18/2013 7:18:37 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/18/2013 2:11:01 PM | Computer Name = MMG | Source = ContinueToSaveUpdater | ID = 0
Description =

Error - 1/19/2013 10:29:36 AM | Computer Name = MMG | Source = ContinueToSaveUpdater | ID = 0
Description =

Error - 1/19/2013 10:29:48 AM | Computer Name = MMG | Source = ContinueToSaveUpdater | ID = 0
Description =

Error - 1/19/2013 10:33:06 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/19/2013 10:33:06 AM | Computer Name = MMG | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ Hewlett-Packard Events ]
Error - 4/30/2012 5:20:54 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 5/26/2012 9:31:56 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 5/26/2012 11:40:24 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 7/1/2012 3:53:09 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5882 Ram Utilization: 20 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 7/26/2012 9:27:58 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 10/26/2012 11:49:30 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 7:06:26 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 7:06:40 PM | Computer Name = MMG | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088HPSF.exe at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5882
Ram
Utilization: 30 TargetSite: Void loadXML()

Error - 11/20/2012 7:07:19 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 12/26/2012 5:49:58 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 4/30/2012 7:22:37 AM | Computer Name = MMG | Source = HP WA Application | ID = 0
Description =

Error - 5/3/2012 6:31:31 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC
server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()

Error - 5/7/2012 7:35:56 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2012 7:35:57 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2012 7:35:59 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/8/2012 5:30:46 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/8/2012 5:30:48 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/26/2012 4:01:51 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Threading.ThreadAbortException Thread was being aborted. at
System.Management.IEnumWbemClassObject.Next_(Int32 lTimeout, UInt32 uCount, IWbemClassObject_DoNotMarshal[]
apObjects, UInt32& puReturned) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/26/2012 4:01:52 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x80010108): The object
invoked has disconnected from its clients. (Exception from HRESULT: 0x80010108
(RPC_E_DISCONNECTED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()

Error - 12/1/2012 6:06:16 AM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 1/17/2013 10:50:59 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 1/17/2013 11:05:24 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 1/17/2013 11:07:47 PM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 1/18/2013 1:53:24 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 1/18/2013 1:55:49 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

Error - 1/18/2013 7:10:22 AM | Computer Name = MMG | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:24:10 AM on ?1/?18/?2013 was unexpected.

Error - 1/18/2013 7:11:28 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 1/18/2013 7:12:30 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 1/18/2013 7:12:32 AM | Computer Name = MMG | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80070420'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.

Error - 1/18/2013 2:10:47 PM | Computer Name = MMG | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >
======================================================================
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Got it. Will get back to you in a little while.

Ron
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
You will probably find it easier to post each log as you get it. If something doesn't work, skip to the next step.

Uninstall
Java™ 6 Update 20 (64-bit)
ContinueToSave
ooVoo toolbar, powered by Ask.com
ooVoo Toolbar
Search Toolbar
Search Assistant SoftQuick 1.74
ContinueToSave 1.74
StartNow Toolbar
Uniblue RegistryBooster
ooVoo toolbar, powered by Ask.com Updater

Copy the text in the code box by highlighting (Click once at the start then scroll to the end of the code box and hold down the shift key and click again) and Ctrl + c

:processes
killallprocesses 

:OTL
IE:64bit: - HKLM\..\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
IE - HKLM\..\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.oovoostar...=201&country=US
IE - HKCU\..\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{AA8D6475-50E6-0FAB-D17A-2CE8EC5002F9}: "URL" = http://www.startnow....ion=6.1-x64-SP1
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
IE - HKCU\..\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}: "URL" = http://search.yahoo....psg&type=HPNTDF
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.soft-quick.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.soft-quick.info/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.6
FF - prefs.js..extensions.enabledAddons: [email protected]:3.8.28
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..keyword.URL: "http://websearch.soft-quick.info/?l=1&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Raw from Noluv\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/08/09 20:54:05 | 000,000,000 | ---D | M]
[2012/12/23 03:39:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/01/14 01:27:12 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/01/14 01:38:21 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/20 20:13:18 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2013/01/19 09:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/21 16:45:29 | 000,000,000 | ---D | M] ("Boounce") -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/30 10:58:14 | 000,000,000 | ---D | M] (@@[email protected]@) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions\[email protected]
[2012/09/20 16:45:50 | 000,005,370 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/09/25 07:23:39 | 000,005,362 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/12/07 20:20:59 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/22 12:39:48 | 000,004,728 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]
[2012/03/22 12:39:48 | 000,004,728 | ---- | M] () (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions\[email protected]
[2013/01/14 01:37:56 | 000,000,553 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\searchplugins\WebSearch.xml
O2 - BHO: (continuetosave) - {46CA5227-907A-65FB-E166-A5A2890FAA30} - C:\ProgramData\continuetosave\5100f93defeb8.dll ()
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000003] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIH3A.EXE /EPT "EPLTarget\P0000000000000003" /M "WP-4530 Series" File not found
O4 - HKCU..\Run: [EPSON Artisan 50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Users\RAWFRO~1\AppData\Local\Temp\E_S4D2.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Artisan 50 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Users\RAWFRO~1\AppData\Local\Temp\E_S291.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Google Update] C:\Users\Raw from Noluv\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson printer Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: bdsripcab https://media.bdsrea...s/bdsripcab.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\Program Files (x86)\ContinueToSave\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\softqu~1\sprote~1.dll) - c:\Program Files (x86)\SoftQuick\sprotector.dll ()
O33 - MountPoints2\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe /s
[2013/01/14 01:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftQuick
[2013/01/14 01:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BetterSoft
[2013/01/14 01:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave
[2013/01/14 01:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
[2013/01/14 01:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave
[2013/01/14 01:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/19 09:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/19 09:40:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job
[2013/01/19 09:39:54 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job
[2013/01/19 09:34:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/19 09:30:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job
[2013/01/19 09:29:37 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job
[2013/01/18 06:10:53 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/18 06:10:53 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/18 06:10:47 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013/01/18 06:10:43 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\schedule!1143840799.job
[2013/01/13 13:55:34 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/04/28 18:48:11 | 000,000,184 | ---- | C] () -- C:\ProgramData\-9pSYAHmNEx0jLqr
[2012/04/28 18:48:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\-9pSYAHmNEx0jLq
[2012/04/28 18:48:07 | 000,000,256 | ---- | C] () -- C:\ProgramData\9pSYAHmNEx0jLq
[2012/04/24 13:27:34 | 000,000,176 | ---- | C] () -- C:\ProgramData\-atqxvWPC3jw4xlr
[2012/04/24 13:27:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\-atqxvWPC3jw4xl
[2012/04/24 13:27:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\atqxvWPC3jw4xl
[2012/04/22 16:29:42 | 000,000,184 | ---- | C] () -- C:\ProgramData\-rdw4GDn50Ccmrhr
[2012/04/22 16:29:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\-rdw4GDn50Ccmrh
[2012/04/22 16:29:33 | 000,000,256 | ---- | C] () -- C:\ProgramData\rdw4GDn50Ccmrh
[2012/04/20 18:02:25 | 000,000,184 | ---- | C] () -- C:\ProgramData\-RhbgLUQMpZunh7r
[2012/04/20 18:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\-RhbgLUQMpZunh7
[2012/04/20 18:01:57 | 000,000,256 | ---- | C] () -- C:\ProgramData\RhbgLUQMpZunh7
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 23:31:25 | 000,010,176 | -HS- | C] () -- C:\Users\Raw from Noluv\AppData\Local\ht4164hs5gks51q28e755xw6o2i4paseq081ucrj1d22of
[2012/01/08 23:31:25 | 000,010,176 | -HS- | C] () -- C:\ProgramData\ht4164hs5gks51q28e755xw6o2i4paseq081ucrj1d22of
@Alternate Data Stream - 967 bytes -> C:\ProgramData\Microsoft:hcfqGO7nVrnVSu187SwX2a8
@Alternate Data Stream - 917 bytes -> C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D:H7Cyqplf3icAKo7cs
@Alternate Data Stream - 887 bytes -> C:\ProgramData\Microsoft:flLLyhoItKfP7Uz2dKIZU10t
@Alternate Data Stream - 1022 bytes -> C:\Program Files\Common Files\Microsoft Shared:HkMU3n23M8jYFU9moM6Kgc5nB
@Alternate Data Stream - 1010 bytes -> C:\Program Files\Common Files\System:6u218lLYV3H5GQlyWixKZbXLLh


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
sc config avgtp start= disabled /c
sc delete avgtp /c
sc config "Updater Service for StartNow Toolbar" start= disabled /c
sc delete "Updater Service for StartNow Toolbar" /c
sc config avgtp start= disabled /c
sc delete avgtp /c
C:\Windows\SysNative\drivers\avgtpx64.sys 
C:\Program Files (x86)\StartNow Toolbar
c:\Program Files (x86)\SoftQuick
c:\Program Files (x86)\ContinueToSave
C:\ProgramData\BetterSoft

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01302013-some number.log so look there if you don't see it.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
IEFRAME.DLL
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#4
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
ok uninstalled everything except
oovoo powered by ask.com (wouldnt let me)
and search asst soft quick ...didnt show up on the uinstall list but its there when i open my web browser

========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55374643-DF3E-499B-AC72-E64597EA5A58}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55374643-DF3E-499B-AC72-E64597EA5A58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ deleted successfully.
C:\Windows\SysWOW64\ieframe.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55374643-DF3E-499B-AC72-E64597EA5A58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55374643-DF3E-499B-AC72-E64597EA5A58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA8D6475-50E6-0FAB-D17A-2CE8EC5002F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA8D6475-50E6-0FAB-D17A-2CE8EC5002F9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE030976-CCC9-47D5-BD8E-B74EF1D4827A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
C:\Users\Raw from Noluv\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}\ not found.
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\content folder moved successfully.
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components folder moved successfully.
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-speedfox-tests folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-speedfox-lib folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-speedfox-data folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib\windows folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib\utils folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\jid1-u[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib\traits folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib\tabs folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib\events folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib\dom folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib\content folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-lib folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-api-utils-data folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-addon-kit-lib folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources\jid1-uabu5a9hduqzcw-at-jetpack-addon-kit-data folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\resources folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] folder moved successfully.
Folder C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\ not found.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\modules folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\includes folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\icons folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Folder C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions\[email protected]\ not found.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions\[email protected] moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\searchplugins\WebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46CA5227-907A-65FB-E166-A5A2890FAA30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46CA5227-907A-65FB-E166-A5A2890FAA30}\ not found.
C:\ProgramData\continuetosave\5100f93defeb8.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c6f12b-f004-43e5-9997-08f2123119b6}\ deleted successfully.
File C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\ deleted successfully.
C:\Program Files (x86)\Windows Live\Companion\companioncore.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
File C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{59c6f12b-f004-43e5-9997-08f2123119b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c6f12b-f004-43e5-9997-08f2123119b6}\ not found.
File C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000003 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Artisan 50 Series deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Artisan 50 Series (Copy 1) deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
C:\Users\Raw from Noluv\AppData\Local\Google\Update\GoogleUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Program Files (x86)\uTorrent\uTorrent.exe moved successfully.
C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson printer Registration.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control bdsripcab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\bdsripcab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\bdsripcab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\bdsripcab\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\contin~1\sprote~1.dll deleted successfully.
File c:\Program Files (x86)\ContinueToSave\sprotector.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\softqu~1\sprote~1.dll deleted successfully.
File c:\Program Files (x86)\SoftQuick\sprotector.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c8a1de1-9622-11e1-bb52-806e6f6e6963}\ not found.
File G:\AutoRun.exe /s not found.
Folder C:\Program Files (x86)\SoftQuick\ not found.
Folder C:\ProgramData\BetterSoft\ not found.
C:\Program Files (x86)\ContinueToSave folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave\ not found.
C:\ProgramData\continuetosave\data folder moved successfully.
C:\ProgramData\continuetosave folder moved successfully.
C:\ProgramData\InstallMate\{CEFD1FB9-D71A-4084-A26F-9F38151E3D4F} folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job moved successfully.
File C:\Windows\tasks\RegistryBooster.job not found.
File C:\Windows\tasks\schedule!1143840799.job not found.
File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
C:\ProgramData\-9pSYAHmNEx0jLqr moved successfully.
C:\ProgramData\-9pSYAHmNEx0jLq moved successfully.
C:\ProgramData\9pSYAHmNEx0jLq moved successfully.
C:\ProgramData\-atqxvWPC3jw4xlr moved successfully.
C:\ProgramData\-atqxvWPC3jw4xl moved successfully.
C:\ProgramData\atqxvWPC3jw4xl moved successfully.
C:\ProgramData\-rdw4GDn50Ccmrhr moved successfully.
C:\ProgramData\-rdw4GDn50Ccmrh moved successfully.
C:\ProgramData\rdw4GDn50Ccmrh moved successfully.
C:\ProgramData\-RhbgLUQMpZunh7r moved successfully.
C:\ProgramData\-RhbgLUQMpZunh7 moved successfully.
C:\ProgramData\RhbgLUQMpZunh7 moved successfully.
C:\Windows\SysWOW64\kdbsdk32.dll moved successfully.
C:\Users\Raw from Noluv\AppData\Local\ht4164hs5gks51q28e755xw6o2i4paseq081ucrj1d22of moved successfully.
C:\ProgramData\ht4164hs5gks51q28e755xw6o2i4paseq081ucrj1d22of moved successfully.
ADS C:\ProgramData\Microsoft:hcfqGO7nVrnVSu187SwX2a8 deleted successfully.
ADS C:\Users\Raw from Noluv\AppData\Local\w2SIeQcTKAhYe4D:H7Cyqplf3icAKo7cs deleted successfully.
ADS C:\ProgramData\Microsoft:flLLyhoItKfP7Uz2dKIZU10t deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:HkMU3n23M8jYFU9moM6Kgc5nB deleted successfully.
ADS C:\Program Files\Common Files\System:6u218lLYV3H5GQlyWixKZbXLLh deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< at /c >
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
File\Folder C:\Windows\assembly\GAC\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
< sc config avgtp start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< sc delete avgtp /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< sc config "Updater Service for StartNow Toolbar" start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< sc delete "Updater Service for StartNow Toolbar" /c >
[SC] DeleteService SUCCESS
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< sc config avgtp start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
< sc delete avgtp /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Raw from Noluv\Downloads\cmd.bat deleted successfully.
C:\Users\Raw from Noluv\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\SysNative\drivers\avgtpx64.sys not found.
C:\Program Files (x86)\StartNow Toolbar folder moved successfully.
File\Folder c:\Program Files (x86)\SoftQuick not found.
File\Folder c:\Program Files (x86)\ContinueToSave not found.
File\Folder C:\ProgramData\BetterSoft not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Raw from Noluv
->Flash cache emptied: 2058 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Raw from Noluv
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01212013_122359

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
# AdwCleaner v2.109 - Logfile created 01/21/2013 at 12:38:10
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Raw from Noluv - MMG
# Boot Mode : Normal
# Running from : C:\Users\Raw from Noluv\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\RAWFRO~1\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Users\Raw from Noluv\AppData\Local\Conduit
Folder Deleted : C:\Users\Raw from Noluv\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Raw from Noluv\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Raw from Noluv\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\prefs.js

C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q=");
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.soft-quick.info/");
Deleted : user_pref("extensions.505b8f49f1b2f.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.5061a32a469f4.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"apps_promo_counter":11,"autofill":{"negative_upload_rate":1.0,"positive_upload_rate":1.0},"backup"[...]

*************************

AdwCleaner[S1].txt - [5874 octets] - [21/01/2013 12:38:10]

########## EOF - C:\AdwCleaner[S1].txt - [5934 octets] ##########
  • 0

#6
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-21 12:49:26
-----------------------------
12:49:26.995 OS Version: Windows x64 6.1.7601 Service Pack 1
12:49:26.995 Number of processors: 2 586 0x603
12:49:27.011 ComputerName: MMG UserName:
12:49:32.206 Initialize success
12:50:45.916 AVAST engine defs: 13013100
12:51:23.122 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
12:51:23.122 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
12:51:23.154 Disk 0 MBR read successfully
12:51:23.169 Disk 0 MBR scan
12:51:23.200 Disk 0 unknown MBR code
12:51:23.216 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:51:23.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
12:51:23.450 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
12:51:23.575 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
12:51:24.292 Disk 0 scanning C:\Windows\system32\drivers
12:52:33.884 Service scanning
12:54:05.846 Modules scanning
12:54:07.640 AVAST engine scan C:\Windows
12:54:27.936 AVAST engine scan C:\Windows\system32
13:06:10.296 AVAST engine scan C:\Windows\system32\drivers
13:06:45.006 AVAST engine scan C:\Users\Raw from Noluv
13:13:46.052 Disk 0 MBR has been saved successfully to "C:\Users\Raw from Noluv\Downloads\MBR.dat"
13:13:46.067 The log file has been saved successfully to "C:\Users\Raw from Noluv\Downloads\aswMBR.txt"
  • 0

#7
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-21 12:49:26
-----------------------------
12:49:26.995 OS Version: Windows x64 6.1.7601 Service Pack 1
12:49:26.995 Number of processors: 2 586 0x603
12:49:27.011 ComputerName: MMG UserName:
12:49:32.206 Initialize success
12:50:45.916 AVAST engine defs: 13013100
12:51:23.122 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
12:51:23.122 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
12:51:23.154 Disk 0 MBR read successfully
12:51:23.169 Disk 0 MBR scan
12:51:23.200 Disk 0 unknown MBR code
12:51:23.216 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:51:23.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
12:51:23.450 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
12:51:23.575 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
12:51:24.292 Disk 0 scanning C:\Windows\system32\drivers
12:52:33.884 Service scanning
12:54:05.846 Modules scanning
12:54:07.640 AVAST engine scan C:\Windows
12:54:27.936 AVAST engine scan C:\Windows\system32
13:06:10.296 AVAST engine scan C:\Windows\system32\drivers
13:06:45.006 AVAST engine scan C:\Users\Raw from Noluv
13:13:46.052 Disk 0 MBR has been saved successfully to "C:\Users\Raw from Noluv\Downloads\MBR.dat"
13:13:46.067 The log file has been saved successfully to "C:\Users\Raw from Noluv\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-21 12:49:26
-----------------------------
12:49:26.995 OS Version: Windows x64 6.1.7601 Service Pack 1
12:49:26.995 Number of processors: 2 586 0x603
12:49:27.011 ComputerName: MMG UserName:
12:49:32.206 Initialize success
12:50:45.916 AVAST engine defs: 13013100
12:51:23.122 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
12:51:23.122 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
12:51:23.154 Disk 0 MBR read successfully
12:51:23.169 Disk 0 MBR scan
12:51:23.200 Disk 0 unknown MBR code
12:51:23.216 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:51:23.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
12:51:23.450 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
12:51:23.575 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
12:51:24.292 Disk 0 scanning C:\Windows\system32\drivers
12:52:33.884 Service scanning
12:54:05.846 Modules scanning
12:54:07.640 AVAST engine scan C:\Windows
12:54:27.936 AVAST engine scan C:\Windows\system32
13:06:10.296 AVAST engine scan C:\Windows\system32\drivers
13:06:45.006 AVAST engine scan C:\Users\Raw from Noluv
13:13:46.052 Disk 0 MBR has been saved successfully to "C:\Users\Raw from Noluv\Downloads\MBR.dat"
13:13:46.067 The log file has been saved successfully to "C:\Users\Raw from Noluv\Downloads\aswMBR.txt"
13:27:58.669 File: C:\Users\Raw from Noluv\Downloads\setup.exe **INFECTED** Win32:Adware-AJN [Adw]
13:36:03.236 AVAST engine scan C:\ProgramData
13:45:59.125 Scan finished successfully
13:47:51.976 Disk 0 MBR has been saved successfully to "C:\Users\Raw from Noluv\Downloads\MBR.dat"
13:47:52.163 The log file has been saved successfully to "C:\Users\Raw from Noluv\Downloads\aswMBR.txt"
  • 0

#8
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
ComboFix 13-01-31.03 - Raw from Noluv 01/21/2013 14:28:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5883.4589 [GMT -5:00]
Running from: c:\users\Raw from Noluv\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Raw from Noluv\Adobe Photoshop CS6 Extended.exe
c:\users\Raw from Noluv\Taskmgr.exe
c:\users\Raw from Noluv\wevtapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-21 19:46 . 2013-01-21 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-21 19:46 . 2013-01-21 19:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-21 17:37 . 2013-01-21 19:24 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91694B70-484B-421B-B5B0-7EA081D0DDD7}\offreg.dll
2013-01-21 17:23 . 2013-01-21 17:23 -------- d-----w- C:\_OTL
2013-01-21 09:32 . 2013-01-21 09:32 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2013-01-18 06:04 . 2013-01-18 06:04 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Acer
2013-01-18 03:01 . 2013-01-18 03:01 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5F46323-F1B1-4B24-8FB0-86E2FBBE304D}\gapaengine.dll
2013-01-18 03:01 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91694B70-484B-421B-B5B0-7EA081D0DDD7}\mpengine.dll
2013-01-15 13:27 . 2011-03-01 20:30 443040 ----a-w- c:\windows\system32\athihvs.dll
2013-01-15 13:25 . 2010-05-07 16:19 245792 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2013-01-15 13:25 . 2010-03-04 21:30 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2013-01-15 12:33 . 2013-01-15 12:33 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2013-01-15 12:28 . 2013-01-15 12:28 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\WinBatch
2013-01-14 07:45 . 2013-01-14 07:41 120320 ----a-w- c:\windows\system32\E_YLMH3A.DLL
2013-01-14 06:37 . 2013-01-14 06:37 -------- d-----w- c:\programdata\CLSoft LTD
2013-01-14 06:17 . 2013-01-14 06:17 -------- d-----w- c:\program files (x86)\Lavalys
2013-01-14 05:52 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-14 05:49 . 2013-01-14 05:49 -------- d-----we c:\windows\system64
2013-01-13 23:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-13 23:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-13 23:02 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-13 23:02 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-13 23:02 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-13 23:02 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-13 23:02 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-13 23:02 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-13 23:02 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-13 19:45 . 2013-01-13 19:45 -------- d-----w- c:\users\Raw from Noluv\AppData\Local\ABBYY
2013-01-13 19:44 . 2013-01-13 19:46 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2013-01-13 19:44 . 2013-01-13 19:44 -------- d-----w- c:\programdata\ABBYY
2013-01-13 19:44 . 2013-01-13 19:44 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2013-01-13 19:19 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2013-01-13 19:19 . 2007-03-28 23:26 65536 ----a-w- c:\windows\SysWow64\EEBUtil.dll
2013-01-13 19:08 . 2013-01-13 19:08 -------- d-----w- c:\program files (x86)\Epson America Inc
2013-01-13 19:04 . 2009-12-09 05:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2013-01-13 19:04 . 2009-10-16 05:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2013-01-13 19:04 . 2009-10-16 05:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2013-01-13 14:03 . 2013-01-13 19:03 83968 ----a-w- c:\windows\system32\E_YD4BH3A.DLL
2013-01-12 03:51 . 2013-01-12 03:51 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Leader Technologies
2013-01-12 02:37 . 2013-01-14 07:49 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Epson
2013-01-12 02:17 . 2013-01-12 02:17 -------- d-----w- c:\users\Raw from Noluv\AppData\Local\Unizeal_Corp
2013-01-12 02:16 . 2013-01-12 02:16 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Leadertech
2013-01-12 02:13 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-01-12 02:13 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-01-12 02:13 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-01-12 02:13 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-01-12 02:13 . 2004-03-16 18:05 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-01-12 02:13 . 2013-01-18 06:03 -------- d-----w- c:\program files (x86)\LTCM Client
2013-01-12 02:13 . 2013-01-12 02:13 -------- d-----w- c:\programdata\UDL
2013-01-12 02:07 . 2013-01-13 19:07 -------- d-----w- c:\program files (x86)\epson
2013-01-12 02:06 . 2013-01-13 19:51 -------- d-----w- c:\program files (x86)\Epson Software
2013-01-12 02:03 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2013-01-12 02:03 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2013-01-12 02:03 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2013-01-12 02:03 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2013-01-12 02:03 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2013-01-12 02:03 . 2013-01-12 02:03 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\InstallShield
2013-01-12 02:03 . 2008-08-08 03:09 108032 ----a-w- c:\windows\system32\E_ILMFFA.DLL
2013-01-12 02:02 . 2007-12-07 02:01 81408 ----a-w- c:\windows\system32\E_IBCBFFA.DLL
2013-01-12 02:02 . 2013-01-13 19:23 -------- d-----w- c:\programdata\EPSON
2013-01-12 02:00 . 2006-05-09 13:58 615984 ----a-w- c:\windows\SysWow64\vsflex8n.ocx
2013-01-12 02:00 . 2007-07-30 16:28 847872 ----a-w- c:\windows\SysWow64\PowerButton.ocx
2013-01-12 02:00 . 2006-09-20 20:21 497488 ----a-w- c:\windows\SysWow64\XceedZip.dll
2013-01-12 02:00 . 2013-01-12 02:00 -------- d-----w- c:\program files (x86)\Final Publisher Pro
2013-01-12 01:58 . 2013-01-12 01:58 709719 ----a-w- c:\windows\unins000.exe
2013-01-12 01:57 . 2013-01-14 05:48 -------- d-----w- c:\windows\SysWow64\URTTEMP
2013-01-12 01:52 . 2005-08-03 21:05 35892 ----a-w- c:\windows\SysWow64\SER9PL.sys
2013-01-12 01:52 . 2005-08-03 21:04 26719 ----a-w- c:\windows\SysWow64\SERSPL.VXD
2013-01-05 05:47 . 2013-01-05 05:53 -------- d-----w- c:\users\Raw from Noluv\The Walking Dead Season 3 Complete(Ep 1-8) HDTV x264 [VectoR]
2013-01-05 02:03 . 2013-01-05 02:31 -------- d-----w- c:\users\Raw from Noluv\Seven.Psychopaths.2012.DVDSCR.XviD-AbSurdiTy
2013-01-05 01:19 . 2013-01-05 01:19 -------- d-----w- c:\users\Raw from Noluv\Django Unchained[2012]REPACK DVDScr XviD-ETRG
2013-01-05 01:16 . 2013-01-05 01:17 -------- d-----w- c:\users\Raw from Noluv\Flight.2012.DVDSCR.x264.AAC-BiGKATS
2013-01-05 01:16 . 2013-01-05 01:20 -------- d-----w- c:\users\Raw from Noluv\Lincoln.2012.DVDSCR.XViD.AC3-FooKaS
2013-01-05 01:15 . 2013-01-05 01:20 -------- d-----w- c:\users\Raw from Noluv\Killing.Them.Softly.2012.DVDRip.XviD.AC3-nLiBRA
2013-01-05 01:12 . 2013-01-05 01:12 -------- d-----w- c:\users\Raw from Noluv\Django Unchained 2012 DVDSCR X264 AAC-P2P
2013-01-05 00:12 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-05 00:12 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-05 00:12 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-05 00:12 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-05 00:12 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-05 00:12 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-05 00:12 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-05 00:12 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-05 00:12 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-05 00:12 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-05 00:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-05 00:10 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-27 14:26 . 2012-12-27 14:29 -------- d-----w- c:\users\Raw from Noluv\Kidz Bop Kids
2012-12-27 14:26 . 2012-12-29 22:25 -------- d-----w- c:\users\Raw from Noluv\Kidz Bop Kids 17
2012-12-27 14:26 . 2012-12-27 14:52 -------- d-----w- c:\users\Raw from Noluv\Kidz Bop Kids- 15 (2009)
2012-12-27 14:25 . 2012-12-27 14:26 -------- d-----w- c:\users\Raw from Noluv\Victorious
2012-12-24 09:02 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-24 09:02 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-24 09:02 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-24 09:02 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 23:51 . 2012-04-21 04:48 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-04 23:51 . 2011-06-11 09:10 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 22:31 . 2010-12-26 18:51 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-05 00:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-26 20:07 . 2012-05-01 15:47 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-14 07:06 . 2012-12-13 08:23 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 08:23 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 08:23 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 08:23 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 08:23 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 08:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 08:23 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 08:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 08:23 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 08:23 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 08:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 08:23 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 08:23 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 08:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 08:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 08:23 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 08:23 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 08:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 08:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 08:40 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 08:40 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [BU]
.
c:\users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - c:\users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe [2011-3-26 2561024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 fhwdlbbb;fhwdlbbb;c:\windows\system32\drivers\fhwdlbbb.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [2010-03-27 359040]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-03-27 62976]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2012-05-26 438376]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-12 126952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEMSD0227;ZTE Dummy MSD Device 0227;c:\windows\system32\Drivers\ZTEMSD0227.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-02-28 82560]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-02-28 42624]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\HPCeeScheduleForRaw from Noluv.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-23 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\
FF - ExtSQL: !HIDDEN! 2011-01-19 09:24; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\standard_1.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-21 14:50:39
ComboFix-quarantined-files.txt 2013-01-21 19:50
ComboFix2.txt 2013-01-14 05:34
.
Pre-Run: 38,239,158,272 bytes free
Post-Run: 39,768,633,344 bytes free
.
- - End Of File - - 030325672AD84FC58FCAB37717ED14E8
  • 0

#9
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
14:54:03.0579 1044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:54:04.0047 1044 ============================================================
14:54:04.0047 1044 Current date / time: 2013/01/21 14:54:04.0047
14:54:04.0047 1044 SystemInfo:
14:54:04.0047 1044
14:54:04.0047 1044 OS Version: 6.1.7601 ServicePack: 1.0
14:54:04.0047 1044 Product type: Workstation
14:54:04.0047 1044 ComputerName: MMG
14:54:04.0047 1044 UserName: Raw from Noluv
14:54:04.0047 1044 Windows directory: C:\Windows
14:54:04.0047 1044 System windows directory: C:\Windows
14:54:04.0047 1044 Running under WOW64
14:54:04.0047 1044 Processor architecture: Intel x64
14:54:04.0047 1044 Number of processors: 2
14:54:04.0047 1044 Page size: 0x1000
14:54:04.0047 1044 Boot type: Normal boot
14:54:04.0047 1044 ============================================================
14:54:05.0217 1044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:54:05.0232 1044 ============================================================
14:54:05.0232 1044 \Device\Harddisk0\DR0:
14:54:05.0232 1044 MBR partitions:
14:54:05.0232 1044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:54:05.0232 1044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x230E6000
14:54:05.0232 1044 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2314A000, BlocksNum 0x22B0800
14:54:05.0232 1044 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
14:54:05.0232 1044 ============================================================
14:54:05.0279 1044 C: <-> \Device\Harddisk0\DR0\Partition2
14:54:05.0326 1044 D: <-> \Device\Harddisk0\DR0\Partition3
14:54:05.0326 1044 F: <-> \Device\Harddisk0\DR0\Partition4
14:54:05.0326 1044 ============================================================
14:54:05.0326 1044 Initialize success
14:54:05.0326 1044 ============================================================
14:54:08.0774 2300 ============================================================
14:54:08.0774 2300 Scan started
14:54:08.0774 2300 Mode: Manual;
14:54:08.0774 2300 ============================================================
14:54:09.0928 2300 ================ Scan system memory ========================
14:54:09.0928 2300 System memory - ok
14:54:09.0928 2300 ================ Scan services =============================
14:54:10.0240 2300 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:54:10.0240 2300 1394ohci - ok
14:54:10.0396 2300 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:54:10.0412 2300 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:54:10.0458 2300 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:54:10.0474 2300 ACPI - ok
14:54:10.0521 2300 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:54:10.0521 2300 AcpiPmi - ok
14:54:10.0770 2300 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:54:10.0770 2300 AdobeFlashPlayerUpdateSvc - ok
14:54:10.0817 2300 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:54:10.0833 2300 adp94xx - ok
14:54:10.0895 2300 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:54:10.0895 2300 adpahci - ok
14:54:10.0926 2300 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:54:10.0942 2300 adpu320 - ok
14:54:10.0989 2300 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:54:10.0989 2300 AeLookupSvc - ok
14:54:11.0160 2300 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:54:11.0160 2300 AERTFilters - ok
14:54:11.0254 2300 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:54:11.0254 2300 AFD - ok
14:54:11.0316 2300 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:54:11.0316 2300 agp440 - ok
14:54:11.0394 2300 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:54:11.0394 2300 ALG - ok
14:54:11.0426 2300 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:54:11.0426 2300 aliide - ok
14:54:11.0472 2300 [ 29C151492510640343B00B63996E4070 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:54:11.0472 2300 AMD External Events Utility - ok
14:54:11.0550 2300 AMD FUEL Service - ok
14:54:11.0566 2300 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:54:11.0566 2300 amdide - ok
14:54:11.0613 2300 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
14:54:11.0613 2300 amdiox64 - ok
14:54:11.0660 2300 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:54:11.0660 2300 AmdK8 - ok
14:54:11.0940 2300 [ 2C9C4824664C61351FF1E0169262D026 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:54:12.0065 2300 amdkmdag - ok
14:54:12.0112 2300 [ EF7382689D3B17AC2983202E7A40AB45 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:54:12.0112 2300 amdkmdap - ok
14:54:12.0143 2300 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:54:12.0143 2300 AmdPPM - ok
14:54:12.0174 2300 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:54:12.0174 2300 amdsata - ok
14:54:12.0206 2300 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:54:12.0206 2300 amdsbs - ok
14:54:12.0221 2300 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
14:54:12.0221 2300 amdxata - ok
14:54:12.0252 2300 [ A4947E035B441D946422BD9A5D411C98 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
14:54:12.0268 2300 amd_sata - ok
14:54:12.0346 2300 [ 7A0E0CE7AECEE3F175CB2DAC81694499 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
14:54:12.0346 2300 amd_xata - ok
14:54:12.0408 2300 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
14:54:12.0424 2300 androidusb - ok
14:54:12.0486 2300 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:54:12.0486 2300 AODDriver4.1 - ok
14:54:12.0533 2300 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:54:12.0533 2300 AppID - ok
14:54:12.0611 2300 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:54:12.0611 2300 AppIDSvc - ok
14:54:12.0627 2300 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:54:12.0627 2300 Appinfo - ok
14:54:12.0674 2300 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:54:12.0674 2300 arc - ok
14:54:12.0720 2300 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:54:12.0720 2300 arcsas - ok
14:54:12.0845 2300 aspnet_state - ok
14:54:12.0876 2300 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:54:12.0876 2300 AsyncMac - ok
14:54:12.0939 2300 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:54:12.0939 2300 atapi - ok
14:54:13.0313 2300 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:54:13.0360 2300 athr - ok
14:54:13.0438 2300 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:54:13.0438 2300 AtiHDAudioService - ok
14:54:13.0485 2300 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
14:54:13.0500 2300 AtiHdmiService - ok
14:54:13.0516 2300 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:54:13.0516 2300 AtiPcie - ok
14:54:13.0578 2300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:54:13.0594 2300 AudioEndpointBuilder - ok
14:54:13.0625 2300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:54:13.0641 2300 AudioSrv - ok
14:54:13.0656 2300 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:54:13.0672 2300 AxInstSV - ok
14:54:13.0719 2300 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:54:13.0719 2300 b06bdrv - ok
14:54:13.0750 2300 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:54:13.0750 2300 b57nd60a - ok
14:54:13.0812 2300 [ D1BA00D7CB6C1FBF29DC8935D8525D22 ] bcm C:\Windows\system32\DRIVERS\drxvi314_64.sys
14:54:13.0812 2300 bcm - ok
14:54:13.0844 2300 [ 5CCD19E7FA04DB87ADF171FA702A4169 ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
14:54:13.0844 2300 bcmbusctr - ok
14:54:13.0906 2300 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:54:13.0906 2300 BDESVC - ok
14:54:13.0953 2300 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:54:13.0953 2300 Beep - ok
14:54:14.0062 2300 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:54:14.0062 2300 BFE - ok
14:54:14.0156 2300 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:54:14.0171 2300 BITS - ok
14:54:14.0218 2300 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:54:14.0218 2300 blbdrive - ok
14:54:14.0249 2300 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:54:14.0265 2300 bowser - ok
14:54:14.0296 2300 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:54:14.0296 2300 BrFiltLo - ok
14:54:14.0312 2300 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:54:14.0312 2300 BrFiltUp - ok
14:54:14.0327 2300 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:54:14.0343 2300 BridgeMP - ok
14:54:14.0421 2300 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:54:14.0421 2300 Browser - ok
14:54:14.0452 2300 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:54:14.0468 2300 Brserid - ok
14:54:14.0483 2300 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:54:14.0483 2300 BrSerWdm - ok
14:54:14.0499 2300 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:54:14.0499 2300 BrUsbMdm - ok
14:54:14.0530 2300 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:54:14.0530 2300 BrUsbSer - ok
14:54:14.0546 2300 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:54:14.0546 2300 BTHMODEM - ok
14:54:14.0608 2300 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:54:14.0608 2300 bthserv - ok
14:54:14.0655 2300 catchme - ok
14:54:14.0733 2300 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:54:14.0733 2300 cdfs - ok
14:54:14.0795 2300 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:54:14.0795 2300 cdrom - ok
14:54:14.0842 2300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:54:14.0842 2300 CertPropSvc - ok
14:54:14.0951 2300 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
14:54:14.0951 2300 CinemaNow Service - ok
14:54:14.0998 2300 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:54:14.0998 2300 circlass - ok
14:54:15.0060 2300 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:54:15.0076 2300 CLFS - ok
14:54:15.0123 2300 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:54:15.0123 2300 clr_optimization_v2.0.50727_32 - ok
14:54:15.0232 2300 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:54:15.0232 2300 clr_optimization_v2.0.50727_64 - ok
14:54:15.0388 2300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:54:15.0388 2300 clr_optimization_v4.0.30319_32 - ok
14:54:15.0482 2300 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:54:15.0497 2300 clr_optimization_v4.0.30319_64 - ok
14:54:15.0528 2300 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:54:15.0528 2300 CmBatt - ok
14:54:15.0544 2300 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:54:15.0544 2300 cmdide - ok
14:54:15.0606 2300 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:54:15.0606 2300 CNG - ok
14:54:15.0638 2300 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:54:15.0638 2300 Compbatt - ok
14:54:15.0669 2300 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:54:15.0669 2300 CompositeBus - ok
14:54:15.0669 2300 COMSysApp - ok
14:54:15.0684 2300 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:54:15.0684 2300 crcdisk - ok
14:54:15.0747 2300 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:54:15.0762 2300 CryptSvc - ok
14:54:15.0887 2300 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:54:15.0903 2300 cvhsvc - ok
14:54:15.0965 2300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:54:15.0981 2300 DcomLaunch - ok
14:54:16.0043 2300 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:54:16.0059 2300 defragsvc - ok
14:54:16.0074 2300 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:54:16.0074 2300 DfsC - ok
14:54:16.0106 2300 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:54:16.0106 2300 Dhcp - ok
14:54:16.0121 2300 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:54:16.0121 2300 discache - ok
14:54:16.0137 2300 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:54:16.0137 2300 Disk - ok
14:54:16.0199 2300 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:54:16.0199 2300 Dnscache - ok
14:54:16.0230 2300 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:54:16.0230 2300 dot3svc - ok
14:54:16.0277 2300 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:54:16.0277 2300 Dot4 - ok
14:54:16.0293 2300 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:54:16.0308 2300 Dot4Print - ok
14:54:16.0324 2300 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:54:16.0324 2300 dot4usb - ok
14:54:16.0386 2300 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:54:16.0386 2300 DPS - ok
14:54:16.0418 2300 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:54:16.0418 2300 drmkaud - ok
14:54:16.0496 2300 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:54:16.0511 2300 DXGKrnl - ok
14:54:16.0574 2300 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:54:16.0574 2300 EapHost - ok
14:54:16.0714 2300 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:54:16.0761 2300 ebdrv - ok
14:54:16.0808 2300 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:54:16.0808 2300 EFS - ok
14:54:16.0917 2300 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:54:16.0917 2300 ehRecvr - ok
14:54:16.0948 2300 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:54:16.0948 2300 ehSched - ok
14:54:16.0995 2300 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:54:17.0010 2300 elxstor - ok
14:54:17.0135 2300 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
14:54:17.0135 2300 EpsonBidirectionalService - ok
14:54:17.0229 2300 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
14:54:17.0244 2300 EpsonCustomerParticipation - ok
14:54:17.0276 2300 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:54:17.0276 2300 ErrDev - ok
14:54:17.0369 2300 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:54:17.0385 2300 EventSystem - ok
14:54:17.0463 2300 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:54:17.0463 2300 exfat - ok
14:54:17.0478 2300 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:54:17.0478 2300 fastfat - ok
14:54:17.0572 2300 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:54:17.0588 2300 Fax - ok
14:54:17.0634 2300 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:54:17.0634 2300 fdc - ok
14:54:17.0681 2300 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:54:17.0681 2300 fdPHost - ok
14:54:17.0697 2300 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:54:17.0697 2300 FDResPub - ok
14:54:17.0775 2300 fhwdlbbb - ok
14:54:17.0822 2300 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:54:17.0822 2300 FileInfo - ok
14:54:17.0884 2300 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:54:17.0884 2300 Filetrace - ok
14:54:17.0915 2300 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:54:17.0915 2300 flpydisk - ok
14:54:17.0946 2300 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:54:17.0946 2300 FltMgr - ok
14:54:18.0024 2300 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:54:18.0056 2300 FontCache - ok
14:54:18.0134 2300 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:54:18.0134 2300 FontCache3.0.0.0 - ok
14:54:18.0180 2300 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:54:18.0180 2300 FsDepends - ok
14:54:18.0227 2300 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:54:18.0243 2300 fssfltr - ok
14:54:18.0383 2300 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:54:18.0399 2300 fsssvc - ok
14:54:18.0430 2300 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:54:18.0430 2300 Fs_Rec - ok
14:54:18.0477 2300 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:54:18.0477 2300 fvevol - ok
14:54:18.0524 2300 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:54:18.0524 2300 gagp30kx - ok
14:54:18.0617 2300 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:54:18.0617 2300 GameConsoleService - ok
14:54:18.0711 2300 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:54:18.0711 2300 gpsvc - ok
14:54:18.0836 2300 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:54:18.0851 2300 gupdate - ok
14:54:18.0898 2300 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:54:18.0898 2300 gupdatem - ok
14:54:18.0992 2300 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:54:18.0992 2300 gusvc - ok
14:54:19.0007 2300 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:54:19.0007 2300 hcw85cir - ok
14:54:19.0054 2300 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:54:19.0070 2300 HdAudAddService - ok
14:54:19.0085 2300 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:54:19.0085 2300 HDAudBus - ok
14:54:19.0116 2300 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:54:19.0116 2300 HidBatt - ok
14:54:19.0148 2300 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:54:19.0148 2300 HidBth - ok
14:54:19.0163 2300 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:54:19.0179 2300 HidIr - ok
14:54:19.0226 2300 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:54:19.0226 2300 hidserv - ok
14:54:19.0272 2300 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:54:19.0272 2300 HidUsb - ok
14:54:19.0335 2300 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:54:19.0335 2300 hkmsvc - ok
14:54:19.0397 2300 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:54:19.0413 2300 HomeGroupListener - ok
14:54:19.0475 2300 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:54:19.0475 2300 HomeGroupProvider - ok
14:54:19.0600 2300 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:54:19.0600 2300 HP Support Assistant Service - ok
14:54:19.0678 2300 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:54:19.0678 2300 HP Wireless Assistant Service - ok
14:54:19.0818 2300 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:54:19.0818 2300 hpqcxs08 - ok
14:54:19.0834 2300 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:54:19.0850 2300 hpqddsvc - ok
14:54:19.0943 2300 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:54:19.0959 2300 hpqwmiex - ok
14:54:19.0990 2300 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:54:20.0006 2300 HpSAMD - ok
14:54:20.0068 2300 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:54:20.0084 2300 HPSLPSVC - ok
14:54:20.0193 2300 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:54:20.0193 2300 HPWMISVC - ok
14:54:20.0271 2300 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:54:20.0286 2300 HTTP - ok
14:54:20.0302 2300 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:54:20.0302 2300 hwpolicy - ok
14:54:20.0318 2300 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:54:20.0318 2300 i8042prt - ok
14:54:20.0380 2300 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:54:20.0396 2300 iaStorV - ok
14:54:20.0536 2300 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:54:20.0552 2300 idsvc - ok
14:54:20.0754 2300 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:54:20.0848 2300 igfx - ok
14:54:20.0879 2300 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:54:20.0879 2300 iirsp - ok
14:54:20.0973 2300 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:54:20.0988 2300 IKEEXT - ok
14:54:21.0129 2300 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:54:21.0160 2300 IntcAzAudAddService - ok
14:54:21.0207 2300 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:54:21.0207 2300 intelide - ok
14:54:21.0238 2300 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:54:21.0238 2300 intelppm - ok
14:54:21.0285 2300 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:54:21.0300 2300 IPBusEnum - ok
14:54:21.0316 2300 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:54:21.0332 2300 IpFilterDriver - ok
14:54:21.0425 2300 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:54:21.0441 2300 iphlpsvc - ok
14:54:21.0488 2300 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:54:21.0488 2300 IPMIDRV - ok
14:54:21.0534 2300 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:54:21.0534 2300 IPNAT - ok
14:54:21.0550 2300 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:54:21.0550 2300 IRENUM - ok
14:54:21.0597 2300 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:54:21.0597 2300 isapnp - ok
14:54:21.0628 2300 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:54:21.0628 2300 iScsiPrt - ok
14:54:21.0659 2300 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:54:21.0659 2300 kbdclass - ok
14:54:21.0690 2300 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:54:21.0690 2300 kbdhid - ok
14:54:21.0722 2300 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:54:21.0722 2300 KeyIso - ok
14:54:21.0768 2300 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:54:21.0784 2300 KSecDD - ok
14:54:21.0831 2300 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:54:21.0846 2300 KSecPkg - ok
14:54:21.0862 2300 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:54:21.0862 2300 ksthunk - ok
14:54:21.0924 2300 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:54:21.0924 2300 KtmRm - ok
14:54:22.0002 2300 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:54:22.0018 2300 LanmanServer - ok
14:54:22.0065 2300 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:54:22.0080 2300 LanmanWorkstation - ok
14:54:22.0174 2300 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:54:22.0190 2300 LightScribeService - ok
14:54:22.0236 2300 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:54:22.0236 2300 lltdio - ok
14:54:22.0268 2300 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:54:22.0283 2300 lltdsvc - ok
14:54:22.0314 2300 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:54:22.0314 2300 lmhosts - ok
14:54:22.0408 2300 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
14:54:22.0408 2300 LPCFilter - ok
14:54:22.0470 2300 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:54:22.0486 2300 LSI_FC - ok
14:54:22.0502 2300 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:54:22.0517 2300 LSI_SAS - ok
14:54:22.0533 2300 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:54:22.0533 2300 LSI_SAS2 - ok
14:54:22.0580 2300 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:54:22.0580 2300 LSI_SCSI - ok
14:54:22.0626 2300 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:54:22.0626 2300 luafv - ok
14:54:22.0798 2300 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
14:54:22.0798 2300 McComponentHostService - ok
14:54:22.0860 2300 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:54:22.0860 2300 Mcx2Svc - ok
14:54:22.0923 2300 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:54:22.0923 2300 megasas - ok
14:54:22.0954 2300 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:54:22.0954 2300 MegaSR - ok
14:54:23.0094 2300 Microsoft SharePoint Workspace Audit Service - ok
14:54:23.0157 2300 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:54:23.0157 2300 MMCSS - ok
14:54:23.0219 2300 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:54:23.0219 2300 Modem - ok
14:54:23.0282 2300 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:54:23.0282 2300 monitor - ok
14:54:23.0344 2300 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:54:23.0344 2300 mouclass - ok
14:54:23.0375 2300 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:54:23.0375 2300 mouhid - ok
14:54:23.0391 2300 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:54:23.0391 2300 mountmgr - ok
14:54:23.0516 2300 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:54:23.0516 2300 MozillaMaintenance - ok
14:54:23.0640 2300 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:54:23.0656 2300 MpFilter - ok
14:54:23.0718 2300 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:54:23.0718 2300 mpio - ok
14:54:23.0765 2300 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:54:23.0765 2300 mpsdrv - ok
14:54:23.0921 2300 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:54:23.0937 2300 MpsSvc - ok
14:54:24.0015 2300 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:54:24.0015 2300 MRxDAV - ok
14:54:24.0030 2300 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:54:24.0046 2300 mrxsmb - ok
14:54:24.0077 2300 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:54:24.0077 2300 mrxsmb10 - ok
14:54:24.0093 2300 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:54:24.0093 2300 mrxsmb20 - ok
14:54:24.0140 2300 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:54:24.0155 2300 msahci - ok
14:54:24.0186 2300 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:54:24.0186 2300 msdsm - ok
14:54:24.0233 2300 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:54:24.0233 2300 MSDTC - ok
14:54:24.0280 2300 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:54:24.0280 2300 Msfs - ok
14:54:24.0296 2300 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:54:24.0311 2300 mshidkmdf - ok
14:54:24.0374 2300 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:54:24.0374 2300 msisadrv - ok
14:54:24.0452 2300 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:54:24.0452 2300 MSiSCSI - ok
14:54:24.0467 2300 msiserver - ok
14:54:24.0498 2300 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:54:24.0498 2300 MSKSSRV - ok
14:54:24.0608 2300 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:54:24.0608 2300 MsMpSvc - ok
14:54:24.0623 2300 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:54:24.0623 2300 MSPCLOCK - ok
14:54:24.0639 2300 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:54:24.0639 2300 MSPQM - ok
14:54:24.0670 2300 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:54:24.0686 2300 MsRPC - ok
14:54:24.0732 2300 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:54:24.0732 2300 mssmbios - ok
14:54:24.0748 2300 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:54:24.0748 2300 MSTEE - ok
14:54:24.0779 2300 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:54:24.0779 2300 MTConfig - ok
14:54:24.0810 2300 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:54:24.0810 2300 Mup - ok
14:54:24.0888 2300 [ 08835780CC6A5CFF5275101B5A9D17A4 ] MxEFUF C:\Windows\system32\DRIVERS\MxEFUF64.sys
14:54:24.0888 2300 MxEFUF - ok
14:54:24.0982 2300 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:54:24.0982 2300 napagent - ok
14:54:25.0060 2300 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:54:25.0060 2300 NativeWifiP - ok
14:54:25.0138 2300 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:54:25.0154 2300 NDIS - ok
14:54:25.0216 2300 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:54:25.0216 2300 NdisCap - ok
14:54:25.0232 2300 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:54:25.0232 2300 NdisTapi - ok
14:54:25.0247 2300 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:54:25.0263 2300 Ndisuio - ok
14:54:25.0278 2300 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:54:25.0278 2300 NdisWan - ok
14:54:25.0310 2300 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:54:25.0310 2300 NDProxy - ok
14:54:25.0528 2300 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
14:54:25.0544 2300 Nero BackItUp Scheduler 3 - ok
14:54:25.0590 2300 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:54:25.0590 2300 Net Driver HPZ12 - ok
14:54:25.0653 2300 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:54:25.0668 2300 NetBIOS - ok
14:54:25.0684 2300 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:54:25.0684 2300 NetBT - ok
14:54:25.0731 2300 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:54:25.0731 2300 Netlogon - ok
14:54:25.0793 2300 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:54:25.0793 2300 Netman - ok
14:54:25.0871 2300 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:54:25.0871 2300 netprofm - ok
14:54:25.0934 2300 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:54:25.0934 2300 NetTcpPortSharing - ok
14:54:26.0136 2300 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:54:26.0230 2300 netw5v64 - ok
14:54:26.0261 2300 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:54:26.0261 2300 nfrd960 - ok
14:54:26.0355 2300 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:54:26.0370 2300 NisDrv - ok
14:54:26.0402 2300 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:54:26.0402 2300 NisSrv - ok
14:54:26.0433 2300 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:54:26.0448 2300 NlaSvc - ok
14:54:26.0558 2300 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
14:54:26.0573 2300 NMIndexingService - ok
14:54:26.0729 2300 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:54:26.0776 2300 NOBU - ok
14:54:26.0823 2300 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:54:26.0823 2300 Npfs - ok
14:54:26.0885 2300 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:54:26.0901 2300 nsi - ok
14:54:26.0916 2300 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:54:26.0916 2300 nsiproxy - ok
14:54:27.0026 2300 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:54:27.0057 2300 Ntfs - ok
14:54:27.0088 2300 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:54:27.0088 2300 Null - ok
14:54:27.0150 2300 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:54:27.0150 2300 nvraid - ok
14:54:27.0182 2300 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:54:27.0182 2300 nvstor - ok
14:54:27.0213 2300 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:54:27.0213 2300 nv_agp - ok
14:54:27.0260 2300 [ F79633A8B7DB75CB5FAD53B02985A414 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
14:54:27.0260 2300 NWADI - ok
14:54:27.0306 2300 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:54:27.0306 2300 ohci1394 - ok
14:54:27.0369 2300 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:54:27.0384 2300 ose - ok
14:54:27.0650 2300 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:54:27.0712 2300 osppsvc - ok
14:54:27.0806 2300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:54:27.0821 2300 p2pimsvc - ok
14:54:27.0852 2300 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:54:27.0868 2300 p2psvc - ok
14:54:27.0915 2300 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:54:27.0930 2300 Parport - ok
14:54:27.0993 2300 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:54:27.0993 2300 partmgr - ok
14:54:28.0008 2300 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:54:28.0008 2300 PcaSvc - ok
14:54:28.0055 2300 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:54:28.0071 2300 pci - ok
14:54:28.0102 2300 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:54:28.0102 2300 pciide - ok
14:54:28.0149 2300 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:54:28.0149 2300 pcmcia - ok
14:54:28.0164 2300 PCTINDIS5X64 - ok
14:54:28.0196 2300 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:54:28.0196 2300 pcw - ok
14:54:28.0227 2300 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:54:28.0242 2300 PEAUTH - ok
14:54:28.0414 2300 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:54:28.0414 2300 PerfHost - ok
14:54:28.0570 2300 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:54:28.0601 2300 pla - ok
14:54:28.0648 2300 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
14:54:28.0648 2300 PLFlash DeviceIoControl Service - ok
14:54:28.0742 2300 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:54:28.0742 2300 PlugPlay - ok
14:54:28.0804 2300 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:54:28.0804 2300 Pml Driver HPZ12 - ok
14:54:28.0882 2300 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:54:28.0882 2300 PNRPAutoReg - ok
14:54:28.0913 2300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:54:28.0929 2300 PNRPsvc - ok
14:54:29.0007 2300 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:54:29.0022 2300 PolicyAgent - ok
14:54:29.0054 2300 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:54:29.0054 2300 Power - ok
14:54:29.0132 2300 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:54:29.0132 2300 PptpMiniport - ok
14:54:29.0194 2300 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:54:29.0194 2300 Processor - ok
14:54:29.0272 2300 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:54:29.0272 2300 ProfSvc - ok
14:54:29.0334 2300 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:54:29.0334 2300 ProtectedStorage - ok
14:54:29.0397 2300 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:54:29.0397 2300 Psched - ok
14:54:29.0459 2300 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:54:29.0459 2300 PxHlpa64 - ok
14:54:29.0537 2300 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:54:29.0568 2300 ql2300 - ok
14:54:29.0600 2300 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:54:29.0600 2300 ql40xx - ok
14:54:29.0693 2300 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:54:29.0693 2300 QWAVE - ok
14:54:29.0724 2300 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:54:29.0724 2300 QWAVEdrv - ok
14:54:29.0756 2300 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:54:29.0756 2300 RasAcd - ok
14:54:29.0818 2300 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:54:29.0818 2300 RasAgileVpn - ok
14:54:29.0865 2300 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:54:29.0865 2300 RasAuto - ok
14:54:29.0896 2300 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:54:29.0896 2300 Rasl2tp - ok
14:54:29.0943 2300 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:54:29.0943 2300 RasMan - ok
14:54:29.0974 2300 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:54:29.0974 2300 RasPppoe - ok
14:54:30.0021 2300 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:54:30.0021 2300 RasSstp - ok
14:54:30.0052 2300 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:54:30.0052 2300 rdbss - ok
14:54:30.0114 2300 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:54:30.0114 2300 rdpbus - ok
14:54:30.0130 2300 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:54:30.0130 2300 RDPCDD - ok
14:54:30.0177 2300 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:54:30.0177 2300 RDPENCDD - ok
14:54:30.0224 2300 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:54:30.0224 2300 RDPREFMP - ok
14:54:30.0317 2300 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:54:30.0317 2300 RdpVideoMiniport - ok
14:54:30.0333 2300 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:54:30.0348 2300 RDPWD - ok
14:54:30.0395 2300 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:54:30.0395 2300 rdyboost - ok
14:54:30.0473 2300 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:54:30.0473 2300 RemoteAccess - ok
14:54:30.0614 2300 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:54:30.0614 2300 RemoteRegistry - ok
14:54:30.0676 2300 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:54:30.0676 2300 RpcEptMapper - ok
14:54:30.0754 2300 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:54:30.0754 2300 RpcLocator - ok
14:54:30.0816 2300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
14:54:30.0832 2300 RpcSs - ok
14:54:30.0894 2300 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:54:30.0894 2300 rspndr - ok
14:54:31.0019 2300 [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:54:31.0019 2300 RSUSBSTOR - ok
14:54:31.0097 2300 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:54:31.0113 2300 RTL8167 - ok
14:54:31.0206 2300 [ 573B3EB59948A23C5FBAD48D90056817 ] RTLE8023x64 C:\Windows\system32\DRIVERS\Rtenic64.sys
14:54:31.0222 2300 RTLE8023x64 - ok
14:54:31.0362 2300 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
14:54:31.0378 2300 RtVOsdService - ok
14:54:31.0425 2300 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:54:31.0425 2300 SamSs - ok
14:54:31.0472 2300 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:54:31.0487 2300 sbp2port - ok
14:54:31.0550 2300 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:54:31.0565 2300 SCardSvr - ok
14:54:31.0612 2300 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:54:31.0612 2300 scfilter - ok
14:54:31.0706 2300 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:54:31.0737 2300 Schedule - ok
14:54:31.0784 2300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:54:31.0799 2300 SCPolicySvc - ok
14:54:31.0862 2300 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
14:54:31.0862 2300 sdbus - ok
14:54:31.0924 2300 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:54:31.0924 2300 SDRSVC - ok
14:54:31.0971 2300 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:54:31.0986 2300 secdrv - ok
14:54:32.0033 2300 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:54:32.0033 2300 seclogon - ok
14:54:32.0064 2300 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:54:32.0080 2300 SENS - ok
14:54:32.0111 2300 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:54:32.0111 2300 SensrSvc - ok
14:54:32.0205 2300 [ 052D4299E72FFFCCD9A168ADCDF5C450 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
14:54:32.0205 2300 Ser2pl - ok
14:54:32.0252 2300 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:54:32.0252 2300 Serenum - ok
14:54:32.0314 2300 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:54:32.0314 2300 Serial - ok
14:54:32.0361 2300 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:54:32.0361 2300 sermouse - ok
14:54:32.0470 2300 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:54:32.0486 2300 SessionEnv - ok
14:54:32.0517 2300 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:54:32.0532 2300 sffdisk - ok
14:54:32.0564 2300 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:54:32.0564 2300 sffp_mmc - ok
14:54:32.0595 2300 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:54:32.0595 2300 sffp_sd - ok
14:54:32.0626 2300 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:54:32.0626 2300 sfloppy - ok
14:54:32.0688 2300 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:54:32.0704 2300 Sftfs - ok
14:54:32.0844 2300 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:54:32.0844 2300 sftlist - ok
14:54:32.0907 2300 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:54:32.0907 2300 Sftplay - ok
14:54:32.0969 2300 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:54:32.0969 2300 Sftredir - ok
14:54:33.0000 2300 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:54:33.0000 2300 Sftvol - ok
14:54:33.0063 2300 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:54:33.0063 2300 sftvsa - ok
14:54:33.0156 2300 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:54:33.0172 2300 SharedAccess - ok
14:54:33.0219 2300 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:54:33.0234 2300 ShellHWDetection - ok
14:54:33.0297 2300 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:54:33.0297 2300 SiSRaid2 - ok
14:54:33.0328 2300 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:54:33.0328 2300 SiSRaid4 - ok
14:54:33.0406 2300 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:54:33.0406 2300 Smb - ok
14:54:33.0515 2300 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:54:33.0531 2300 SNMPTRAP - ok
14:54:33.0546 2300 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:54:33.0546 2300 spldr - ok
14:54:33.0624 2300 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:54:33.0640 2300 Spooler - ok
14:54:33.0827 2300 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:54:33.0874 2300 sppsvc - ok
14:54:33.0921 2300 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:54:33.0921 2300 sppuinotify - ok
14:54:33.0999 2300 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:54:34.0014 2300 srv - ok
14:54:34.0046 2300 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:54:34.0046 2300 srv2 - ok
14:54:34.0124 2300 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:54:34.0124 2300 SrvHsfHDA - ok
14:54:34.0217 2300 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:54:34.0233 2300 SrvHsfV92 - ok
14:54:34.0295 2300 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:54:34.0311 2300 SrvHsfWinac - ok
14:54:34.0342 2300 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:54:34.0342 2300 srvnet - ok
14:54:34.0404 2300 [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
14:54:34.0404 2300 ssadbus - ok
14:54:34.0436 2300 [ 73E2BA39E7EB024DC686412E2E924A74 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:54:34.0436 2300 ssadmdfl - ok
14:54:34.0482 2300 [ 74B032D6C1E36AE2F790752FDE8CE055 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
14:54:34.0482 2300 ssadmdm - ok
14:54:34.0576 2300 [ 2B44CA7DAFA820DC5756006CFCCC8D72 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
14:54:34.0576 2300 ssadserd - ok
14:54:34.0623 2300 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
14:54:34.0638 2300 sscdbus - ok
14:54:34.0670 2300 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:54:34.0670 2300 sscdmdfl - ok
14:54:34.0716 2300 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
14:54:34.0716 2300 sscdmdm - ok
14:54:34.0763 2300 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
14:54:34.0763 2300 sscdserd - ok
14:54:34.0841 2300 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:54:34.0841 2300 SSDPSRV - ok
14:54:34.0904 2300 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:54:34.0904 2300 SstpSvc - ok
14:54:35.0013 2300 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:54:35.0013 2300 stexstor - ok
14:54:35.0106 2300 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:54:35.0122 2300 stisvc - ok
14:54:35.0184 2300 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:54:35.0184 2300 swenum - ok
14:54:35.0325 2300 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:54:35.0340 2300 SwitchBoard - ok
14:54:35.0387 2300 [ A8E9E76CC2F342F205273702969C84C9 ] swmx00 C:\Windows\system32\DRIVERS\swmx00.sys
14:54:35.0387 2300 swmx00 - ok
14:54:35.0450 2300 [ B053610BB36D9BD1BFF7102727427600 ] SWNC5E00 C:\Windows\system32\DRIVERS\SWNC5E00.sys
14:54:35.0465 2300 SWNC5E00 - ok
14:54:35.0528 2300 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:54:35.0543 2300 swprv - ok
14:54:35.0637 2300 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:54:35.0637 2300 SynTP - ok
14:54:35.0730 2300 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:54:35.0762 2300 SysMain - ok
14:54:35.0808 2300 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:54:35.0808 2300 TabletInputService - ok
14:54:35.0886 2300 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:54:35.0902 2300 TapiSrv - ok
14:54:35.0949 2300 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:54:35.0964 2300 TBS - ok
14:54:36.0074 2300 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:54:36.0105 2300 Tcpip - ok
14:54:36.0198 2300 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:54:36.0214 2300 TCPIP6 - ok
14:54:36.0308 2300 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:54:36.0308 2300 tcpipreg - ok
14:54:36.0401 2300 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:54:36.0401 2300 TDPIPE - ok
14:54:36.0432 2300 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:54:36.0432 2300 TDTCP - ok
14:54:36.0510 2300 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:54:36.0510 2300 tdx - ok
14:54:36.0542 2300 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:54:36.0542 2300 TermDD - ok
14:54:36.0620 2300 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:54:36.0635 2300 TermService - ok
14:54:36.0698 2300 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:54:36.0698 2300 Themes - ok
14:54:36.0776 2300 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:54:36.0791 2300 THREADORDER - ok
14:54:36.0822 2300 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:54:36.0838 2300 TrkWks - ok
14:54:36.0932 2300 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:54:36.0932 2300 TrustedInstaller - ok
14:54:37.0025 2300 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:37.0025 2300 tssecsrv - ok
14:54:37.0103 2300 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:54:37.0103 2300 TsUsbFlt - ok
14:54:37.0119 2300 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:54:37.0134 2300 tunnel - ok
14:54:37.0197 2300 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:54:37.0197 2300 uagp35 - ok
14:54:37.0228 2300 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:54:37.0228 2300 udfs - ok
14:54:37.0337 2300 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:54:37.0337 2300 UI0Detect - ok
14:54:37.0400 2300 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:54:37.0400 2300 uliagpkx - ok
14:54:37.0431 2300 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:54:37.0446 2300 umbus - ok
14:54:37.0493 2300 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:54:37.0493 2300 UmPass - ok
14:54:37.0540 2300 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:54:37.0556 2300 upnphost - ok
14:54:37.0618 2300 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:37.0618 2300 usbccgp - ok
14:54:37.0665 2300 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:54:37.0665 2300 usbcir - ok
14:54:37.0712 2300 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:54:37.0712 2300 usbehci - ok
14:54:37.0743 2300 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:54:37.0743 2300 usbfilter - ok
14:54:37.0790 2300 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:54:37.0790 2300 usbhub - ok
14:54:37.0836 2300 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:54:37.0836 2300 usbohci - ok
14:54:37.0868 2300 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:54:37.0868 2300 usbprint - ok
14:54:37.0961 2300 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:54:37.0961 2300 usbscan - ok
14:54:38.0024 2300 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:54:38.0024 2300 USBSTOR - ok
14:54:38.0102 2300 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:54:38.0102 2300 usbuhci - ok
14:54:38.0148 2300 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:54:38.0148 2300 usbvideo - ok
14:54:38.0242 2300 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:54:38.0242 2300 usb_rndisx - ok
14:54:38.0304 2300 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:54:38.0320 2300 UxSms - ok
14:54:38.0382 2300 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:54:38.0382 2300 VaultSvc - ok
14:54:38.0445 2300 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:54:38.0445 2300 vdrvroot - ok
14:54:38.0507 2300 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:54:38.0523 2300 vds - ok
14:54:38.0570 2300 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:54:38.0570 2300 vga - ok
14:54:38.0616 2300 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:54:38.0616 2300 VgaSave - ok
14:54:38.0694 2300 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:54:38.0694 2300 vhdmp - ok
14:54:38.0741 2300 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:54:38.0757 2300 viaide - ok
14:54:38.0788 2300 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:54:38.0788 2300 volmgr - ok
14:54:38.0850 2300 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:54:38.0850 2300 volmgrx - ok
14:54:38.0897 2300 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:54:38.0897 2300 volsnap - ok
14:54:38.0960 2300 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:54:38.0960 2300 vsmraid - ok
14:54:39.0069 2300 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:54:39.0100 2300 VSS - ok
14:54:39.0131 2300 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:54:39.0147 2300 vwifibus - ok
14:54:39.0162 2300 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:54:39.0178 2300 vwififlt - ok
14:54:39.0225 2300 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:54:39.0225 2300 vwifimp - ok
14:54:39.0256 2300 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:54:39.0272 2300 W32Time - ok
14:54:39.0350 2300 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:54:39.0350 2300 WacomPen - ok
14:54:39.0381 2300 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:54:39.0381 2300 WANARP - ok
14:54:39.0412 2300 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:54:39.0428 2300 Wanarpv6 - ok
14:54:39.0506 2300 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:54:39.0537 2300 WatAdminSvc - ok
14:54:39.0646 2300 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:54:39.0677 2300 wbengine - ok
14:54:39.0708 2300 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:54:39.0724 2300 WbioSrvc - ok
14:54:39.0755 2300 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:54:39.0771 2300 wcncsvc - ok
14:54:39.0802 2300 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:54:39.0818 2300 WcsPlugInService - ok
14:54:39.0864 2300 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:54:39.0864 2300 Wd - ok
14:54:39.0958 2300 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:54:39.0974 2300 Wdf01000 - ok
14:54:40.0052 2300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:54:40.0052 2300 WdiServiceHost - ok
14:54:40.0098 2300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:54:40.0098 2300 WdiSystemHost - ok
14:54:40.0145 2300 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:54:40.0145 2300 WebClient - ok
14:54:40.0208 2300 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:54:40.0208 2300 Wecsvc - ok
14:54:40.0254 2300 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:54:40.0254 2300 wercplsupport - ok
14:54:40.0286 2300 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:54:40.0286 2300 WerSvc - ok
14:54:40.0364 2300 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:54:40.0364 2300 WfpLwf - ok
14:54:40.0395 2300 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:54:40.0395 2300 WIMMount - ok
14:54:40.0473 2300 WinDefend - ok
14:54:40.0504 2300 WinHttpAutoProxySvc - ok
14:54:40.0644 2300 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:54:40.0660 2300 Winmgmt - ok
14:54:40.0785 2300 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:54:40.0816 2300 WinRM - ok
14:54:40.0956 2300 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:54:40.0956 2300 WinUsb - ok
14:54:41.0034 2300 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:54:41.0050 2300 Wlansvc - ok
14:54:41.0175 2300 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:54:41.0175 2300 wlcrasvc - ok
14:54:41.0393 2300 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:54:41.0424 2300 wlidsvc - ok
14:54:41.0487 2300 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:54:41.0487 2300 WmiAcpi - ok
14:54:41.0596 2300 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:54:41.0596 2300 wmiApSrv - ok
14:54:41.0643 2300 WMPNetworkSvc - ok
14:54:41.0705 2300 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:54:41.0705 2300 WPCSvc - ok
14:54:41.0736 2300 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:54:41.0752 2300 WPDBusEnum - ok
14:54:41.0814 2300 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:54:41.0814 2300 ws2ifsl - ok
14:54:41.0877 2300 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:54:41.0892 2300 wscsvc - ok
14:54:41.0908 2300 WSearch - ok
14:54:42.0064 2300 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:54:42.0111 2300 wuauserv - ok
14:54:42.0173 2300 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:54:42.0189 2300 WudfPf - ok
14:54:42.0236 2300 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:54:42.0236 2300 WUDFRd - ok
14:54:42.0298 2300 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:54:42.0314 2300 wudfsvc - ok
14:54:42.0376 2300 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:54:42.0392 2300 WwanSvc - ok
14:54:42.0470 2300 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
14:54:42.0485 2300 yukonw7 - ok
14:54:42.0548 2300 ZTEMSD0227 - ok
14:54:42.0688 2300 ================ Scan global ===============================
14:54:42.0750 2300 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:54:42.0828 2300 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:54:42.0844 2300 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:54:42.0906 2300 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:54:42.0938 2300 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:54:42.0953 2300 [Global] - ok
14:54:42.0953 2300 ================ Scan MBR ==================================
14:54:42.0984 2300 [ 5B0FE4F8B89E44902B10336475518E06 ] \Device\Harddisk0\DR0
14:54:43.0312 2300 \Device\Harddisk0\DR0 - ok
14:54:43.0312 2300 ================ Scan VBR ==================================
14:54:43.0312 2300 [ 99A21F5A25140FAAC241FEE80C2404F2 ] \Device\Harddisk0\DR0\Partition1
14:54:43.0328 2300 \Device\Harddisk0\DR0\Partition1 - ok
14:54:43.0343 2300 [ CAF481E5CAB69E0C1206485F1023E10C ] \Device\Harddisk0\DR0\Partition2
14:54:43.0343 2300 \Device\Harddisk0\DR0\Partition2 - ok
14:54:43.0374 2300 [ B87AB114ABF593134227C05262F4405C ] \Device\Harddisk0\DR0\Partition3
14:54:43.0390 2300 \Device\Harddisk0\DR0\Partition3 - ok
14:54:43.0437 2300 [ C874B4BC5E63D34D7BE04FBB77B16C32 ] \Device\Harddisk0\DR0\Partition4
14:54:43.0452 2300 \Device\Harddisk0\DR0\Partition4 - ok
14:54:43.0452 2300 ============================================================
14:54:43.0452 2300 Scan finished
14:54:43.0452 2300 ============================================================
14:54:43.0468 2056 Detected object count: 0
14:54:43.0468 2056 Actual detected object count: 0
14:55:31.0266 4328 ============================================================
14:55:31.0266 4328 Scan started
14:55:31.0266 4328 Mode: Manual; SigCheck; TDLFS;
14:55:31.0266 4328 ============================================================
14:55:33.0092 4328 ================ Scan system memory ========================
14:55:33.0092 4328 System memory - ok
14:55:33.0092 4328 ================ Scan services =============================
14:55:33.0388 4328 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:55:33.0497 4328 1394ohci - ok
14:55:33.0638 4328 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:55:33.0653 4328 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:55:33.0716 4328 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:55:33.0747 4328 ACPI - ok
14:55:33.0778 4328 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:55:33.0903 4328 AcpiPmi - ok
14:55:34.0152 4328 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:55:34.0199 4328 AdobeFlashPlayerUpdateSvc - ok
14:55:34.0246 4328 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:55:34.0293 4328 adp94xx - ok
14:55:34.0340 4328 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:55:34.0386 4328 adpahci - ok
14:55:34.0402 4328 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:55:34.0433 4328 adpu320 - ok
14:55:34.0496 4328 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:55:34.0605 4328 AeLookupSvc - ok
14:55:34.0761 4328 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:55:34.0776 4328 AERTFilters - ok
14:55:34.0839 4328 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:55:34.0901 4328 AFD - ok
14:55:34.0948 4328 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:55:34.0979 4328 agp440 - ok
14:55:35.0026 4328 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:55:35.0088 4328 ALG - ok
14:55:35.0104 4328 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:55:35.0135 4328 aliide - ok
14:55:35.0182 4328 [ 29C151492510640343B00B63996E4070 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:55:35.0260 4328 AMD External Events Utility - ok
14:55:35.0307 4328 AMD FUEL Service - ok
14:55:35.0322 4328 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:55:35.0354 4328 amdide - ok
14:55:35.0400 4328 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
14:55:35.0432 4328 amdiox64 - ok
14:55:35.0463 4328 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:55:35.0510 4328 AmdK8 - ok
14:55:35.0806 4328 [ 2C9C4824664C61351FF1E0169262D026 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:55:36.0071 4328 amdkmdag - ok
14:55:36.0118 4328 [ EF7382689D3B17AC2983202E7A40AB45 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:55:36.0165 4328 amdkmdap - ok
14:55:36.0212 4328 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:55:36.0243 4328 AmdPPM - ok
14:55:36.0258 4328 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:55:36.0290 4328 amdsata - ok
14:55:36.0305 4328 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:55:36.0352 4328 amdsbs - ok
14:55:36.0368 4328 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
14:55:36.0399 4328 amdxata - ok
14:55:36.0430 4328 [ A4947E035B441D946422BD9A5D411C98 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
14:55:36.0446 4328 amd_sata - ok
14:55:36.0477 4328 [ 7A0E0CE7AECEE3F175CB2DAC81694499 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
14:55:36.0508 4328 amd_xata - ok
14:55:36.0555 4328 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
14:55:36.0586 4328 androidusb - ok
14:55:36.0633 4328 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:55:36.0648 4328 AODDriver4.1 - ok
14:55:36.0695 4328 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:55:36.0804 4328 AppID - ok
14:55:36.0851 4328 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:55:36.0960 4328 AppIDSvc - ok
14:55:36.0976 4328 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:55:37.0070 4328 Appinfo - ok
14:55:37.0101 4328 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:55:37.0132 4328 arc - ok
14:55:37.0179 4328 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:55:37.0194 4328 arcsas - ok
14:55:37.0272 4328 aspnet_state - ok
14:55:37.0304 4328 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:55:37.0397 4328 AsyncMac - ok
14:55:37.0460 4328 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:55:37.0475 4328 atapi - ok
14:55:37.0678 4328 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:55:37.0850 4328 athr - ok
14:55:37.0896 4328 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:55:37.0912 4328 AtiHDAudioService - ok
14:55:37.0974 4328 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
14:55:37.0990 4328 AtiHdmiService - ok
14:55:38.0021 4328 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:55:38.0037 4328 AtiPcie - ok
14:55:38.0099 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:55:38.0208 4328 AudioEndpointBuilder - ok
14:55:38.0240 4328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:55:38.0349 4328 AudioSrv - ok
14:55:38.0364 4328 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:55:38.0442 4328 AxInstSV - ok
14:55:38.0489 4328 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:55:38.0536 4328 b06bdrv - ok
14:55:38.0567 4328 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:55:38.0630 4328 b57nd60a - ok
14:55:38.0676 4328 [ D1BA00D7CB6C1FBF29DC8935D8525D22 ] bcm C:\Windows\system32\DRIVERS\drxvi314_64.sys
14:55:38.0723 4328 bcm - ok
14:55:38.0754 4328 [ 5CCD19E7FA04DB87ADF171FA702A4169 ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
14:55:38.0786 4328 bcmbusctr - ok
14:55:38.0832 4328 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:55:38.0895 4328 BDESVC - ok
14:55:38.0942 4328 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:55:39.0035 4328 Beep - ok
14:55:39.0066 4328 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:55:39.0191 4328 BFE - ok
14:55:39.0269 4328 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:55:39.0378 4328 BITS - ok
14:55:39.0410 4328 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:55:39.0456 4328 blbdrive - ok
14:55:39.0488 4328 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:55:39.0519 4328 bowser - ok
14:55:39.0550 4328 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:55:39.0597 4328 BrFiltLo - ok
14:55:39.0612 4328 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:55:39.0644 4328 BrFiltUp - ok
14:55:39.0659 4328 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:55:39.0753 4328 BridgeMP - ok
14:55:39.0800 4328 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:55:39.0831 4328 Browser - ok
14:55:39.0878 4328 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:55:39.0909 4328 Brserid - ok
14:55:39.0940 4328 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:55:39.0987 4328 BrSerWdm - ok
14:55:40.0002 4328 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:55:40.0065 4328 BrUsbMdm - ok
14:55:40.0096 4328 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:55:40.0112 4328 BrUsbSer - ok
14:55:40.0158 4328 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:55:40.0205 4328 BTHMODEM - ok
14:55:40.0252 4328 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:55:40.0346 4328 bthserv - ok
14:55:40.0361 4328 catchme - ok
14:55:40.0424 4328 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:55:40.0533 4328 cdfs - ok
14:55:40.0580 4328 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:55:40.0626 4328 cdrom - ok
14:55:40.0673 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:55:40.0782 4328 CertPropSvc - ok
14:55:40.0892 4328 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
14:55:40.0907 4328 CinemaNow Service - ok
14:55:40.0954 4328 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:55:41.0001 4328 circlass - ok
14:55:41.0063 4328 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:55:41.0110 4328 CLFS - ok
14:55:41.0157 4328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:55:41.0188 4328 clr_optimization_v2.0.50727_32 - ok
14:55:41.0297 4328 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:55:41.0313 4328 clr_optimization_v2.0.50727_64 - ok
14:55:41.0469 4328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:55:41.0485 4328 clr_optimization_v4.0.30319_32 - ok
14:55:41.0594 4328 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:55:41.0625 4328 clr_optimization_v4.0.30319_64 - ok
14:55:41.0672 4328 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:55:41.0719 4328 CmBatt - ok
14:55:41.0750 4328 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:55:41.0765 4328 cmdide - ok
14:55:41.0812 4328 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:55:41.0875 4328 CNG - ok
14:55:41.0906 4328 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:55:41.0937 4328 Compbatt - ok
14:55:41.0953 4328 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:55:41.0984 4328 CompositeBus - ok
14:55:41.0999 4328 COMSysApp - ok
14:55:42.0015 4328 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:55:42.0046 4328 crcdisk - ok
14:55:42.0093 4328 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:55:42.0124 4328 CryptSvc - ok
14:55:42.0265 4328 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:55:42.0327 4328 cvhsvc - ok
14:55:42.0389 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:55:42.0483 4328 DcomLaunch - ok
14:55:42.0545 4328 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:55:42.0670 4328 defragsvc - ok
14:55:42.0701 4328 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:55:42.0811 4328 DfsC - ok
14:55:42.0857 4328 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:55:42.0920 4328 Dhcp - ok
14:55:42.0935 4328 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:55:43.0029 4328 discache - ok
14:55:43.0045 4328 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:55:43.0076 4328 Disk - ok
14:55:43.0107 4328 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:55:43.0169 4328 Dnscache - ok
14:55:43.0216 4328 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:55:43.0325 4328 dot3svc - ok
14:55:43.0372 4328 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:55:43.0403 4328 Dot4 - ok
14:55:43.0435 4328 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:55:43.0466 4328 Dot4Print - ok
14:55:43.0481 4328 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:55:43.0528 4328 dot4usb - ok
14:55:43.0591 4328 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:55:43.0700 4328 DPS - ok
14:55:43.0731 4328 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:55:43.0793 4328 drmkaud - ok
14:55:43.0856 4328 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:55:43.0918 4328 DXGKrnl - ok
14:55:43.0981 4328 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:55:44.0105 4328 EapHost - ok
14:55:44.0215 4328 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:55:44.0355 4328 ebdrv - ok
14:55:44.0402 4328 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:55:44.0433 4328 EFS - ok
14:55:44.0527 4328 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:55:44.0589 4328 ehRecvr - ok
14:55:44.0605 4328 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:55:44.0636 4328 ehSched - ok
14:55:44.0729 4328 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:55:44.0776 4328 elxstor - ok
14:55:44.0870 4328 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
14:55:44.0885 4328 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
14:55:44.0885 4328 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
14:55:44.0963 4328 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
14:55:44.0995 4328 EpsonCustomerParticipation - ok
14:55:45.0026 4328 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:55:45.0073 4328 ErrDev - ok
14:55:45.0135 4328 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:55:45.0244 4328 EventSystem - ok
14:55:45.0307 4328 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:55:45.0416 4328 exfat - ok
14:55:45.0431 4328 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:55:45.0556 4328 fastfat - ok
14:55:45.0619 4328 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:55:45.0697 4328 Fax - ok
14:55:45.0743 4328 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:55:45.0775 4328 fdc - ok
14:55:45.0821 4328 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:55:45.0915 4328 fdPHost - ok
14:55:45.0931 4328 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:55:46.0040 4328 FDResPub - ok
14:55:46.0055 4328 fhwdlbbb - ok
14:55:46.0102 4328 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:55:46.0133 4328 FileInfo - ok
14:55:46.0211 4328 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:55:46.0305 4328 Filetrace - ok
14:55:46.0352 4328 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:55:46.0367 4328 flpydisk - ok
14:55:46.0399 4328 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:55:46.0430 4328 FltMgr - ok
14:55:46.0508 4328 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:55:46.0601 4328 FontCache - ok
14:55:46.0664 4328 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:55:46.0679 4328 FontCache3.0.0.0 - ok
14:55:46.0726 4328 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:55:46.0757 4328 FsDepends - ok
14:55:46.0820 4328 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:55:46.0835 4328 fssfltr - ok
14:55:46.0976 4328 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:55:47.0054 4328 fsssvc - ok
14:55:47.0085 4328 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:55:47.0116 4328 Fs_Rec - ok
14:55:47.0147 4328 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:55:47.0194 4328 fvevol - ok
14:55:47.0225 4328 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:55:47.0257 4328 gagp30kx - ok
14:55:47.0350 4328 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:55:47.0381 4328 GameConsoleService - ok
14:55:47.0459 4328 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:55:47.0584 4328 gpsvc - ok
14:55:47.0693 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:55:47.0725 4328 gupdate - ok
14:55:47.0740 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:55:47.0771 4328 gupdatem - ok
14:55:47.0834 4328 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:55:47.0865 4328 gusvc - ok
14:55:47.0896 4328 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:55:47.0943 4328 hcw85cir - ok
14:55:47.0974 4328 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:55:48.0037 4328 HdAudAddService - ok
14:55:48.0068 4328 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:55:48.0130 4328 HDAudBus - ok
14:55:48.0161 4328 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:55:48.0177 4328 HidBatt - ok
14:55:48.0208 4328 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:55:48.0271 4328 HidBth - ok
14:55:48.0286 4328 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:55:48.0333 4328 HidIr - ok
14:55:48.0380 4328 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:55:48.0505 4328 hidserv - ok
14:55:48.0536 4328 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:55:48.0551 4328 HidUsb - ok
14:55:48.0614 4328 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:55:48.0707 4328 hkmsvc - ok
14:55:48.0754 4328 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:55:48.0801 4328 HomeGroupListener - ok
14:55:48.0863 4328 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:55:48.0926 4328 HomeGroupProvider - ok
14:55:49.0019 4328 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:55:49.0035 4328 HP Support Assistant Service - ok
14:55:49.0113 4328 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:55:49.0144 4328 HP Wireless Assistant Service - ok
14:55:49.0285 4328 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:55:49.0316 4328 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:55:49.0316 4328 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:55:49.0331 4328 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:55:49.0347 4328 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:55:49.0347 4328 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:55:49.0441 4328 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:55:49.0487 4328 hpqwmiex - ok
14:55:49.0534 4328 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:55:49.0565 4328 HpSAMD - ok
14:55:49.0659 4328 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:55:49.0690 4328 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:55:49.0690 4328 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:55:49.0753 4328 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:55:49.0768 4328 HPWMISVC - ok
14:55:49.0846 4328 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:55:49.0955 4328 HTTP - ok
14:55:49.0971 4328 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:55:50.0002 4328 hwpolicy - ok
14:55:50.0018 4328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:55:50.0049 4328 i8042prt - ok
14:55:50.0111 4328 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:55:50.0158 4328 iaStorV - ok
14:55:50.0314 4328 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:55:50.0361 4328 idsvc - ok
14:55:50.0564 4328 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:55:50.0767 4328 igfx - ok
14:55:50.0798 4328 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:55:50.0829 4328 iirsp - ok
14:55:50.0923 4328 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:55:51.0016 4328 IKEEXT - ok
14:55:51.0157 4328 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:55:51.0281 4328 IntcAzAudAddService - ok
14:55:51.0328 4328 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:55:51.0344 4328 intelide - ok
14:55:51.0375 4328 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:55:51.0422 4328 intelppm - ok
14:55:51.0469 4328 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:55:51.0593 4328 IPBusEnum - ok
14:55:51.0625 4328 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:55:51.0703 4328 IpFilterDriver - ok
14:55:51.0781 4328 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:55:51.0827 4328 iphlpsvc - ok
14:55:51.0890 4328 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:55:51.0921 4328 IPMIDRV - ok
14:55:51.0983 4328 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:55:52.0108 4328 IPNAT - ok
14:55:52.0124 4328 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:55:52.0155 4328 IRENUM - ok
14:55:52.0186 4328 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:55:52.0217 4328 isapnp - ok
14:55:52.0249 4328 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:55:52.0295 4328 iScsiPrt - ok
14:55:52.0311 4328 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:55:52.0342 4328 kbdclass - ok
14:55:52.0358 4328 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:55:52.0405 4328 kbdhid - ok
14:55:52.0436 4328 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:55:52.0467 4328 KeyIso - ok
14:55:52.0529 4328 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:55:52.0561 4328 KSecDD - ok
14:55:52.0607 4328 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:55:52.0639 4328 KSecPkg - ok
14:55:52.0654 4328 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:55:52.0763 4328 ksthunk - ok
14:55:52.0826 4328 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:55:52.0919 4328 KtmRm - ok
14:55:52.0982 4328 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:55:53.0122 4328 LanmanServer - ok
14:55:53.0169 4328 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:55:53.0278 4328 LanmanWorkstation - ok
14:55:53.0387 4328 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:55:53.0387 4328 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:55:53.0387 4328 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:55:53.0450 4328 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:55:53.0559 4328 lltdio - ok
14:55:53.0606 4328 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:55:53.0699 4328 lltdsvc - ok
14:55:53.0731 4328 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:55:53.0824 4328 lmhosts - ok
14:55:53.0871 4328 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
14:55:53.0902 4328 LPCFilter - ok
14:55:53.0965 4328 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:55:53.0996 4328 LSI_FC - ok
14:55:54.0011 4328 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:55:54.0043 4328 LSI_SAS - ok
14:55:54.0074 4328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:55:54.0105 4328 LSI_SAS2 - ok
14:55:54.0121 4328 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:55:54.0152 4328 LSI_SCSI - ok
14:55:54.0199 4328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:55:54.0292 4328 luafv - ok
14:55:54.0448 4328 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
14:55:54.0479 4328 McComponentHostService - ok
14:55:54.0542 4328 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:55:54.0573 4328 Mcx2Svc - ok
14:55:54.0635 4328 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:55:54.0667 4328 megasas - ok
14:55:54.0682 4328 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:55:54.0729 4328 MegaSR - ok
14:55:54.0807 4328 Microsoft SharePoint Workspace Audit Service - ok
14:55:54.0869 4328 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:55:54.0963 4328 MMCSS - ok
14:55:54.0979 4328 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:55:55.0103 4328 Modem - ok
14:55:55.0135 4328 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:55:55.0181 4328 monitor - ok
14:55:55.0213 4328 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:55:55.0244 4328 mouclass - ok
14:55:55.0275 4328 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:55:55.0322 4328 mouhid - ok
14:55:55.0337 4328 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:55:55.0369 4328 mountmgr - ok
14:55:55.0462 4328 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:55:55.0493 4328 MozillaMaintenance - ok
14:55:55.0571 4328 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:55:55.0618 4328 MpFilter - ok
14:55:55.0681 4328 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:55:55.0712 4328 mpio - ok
14:55:55.0759 4328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:55:55.0852 4328 mpsdrv - ok
14:55:55.0930 4328 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:55:56.0055 4328 MpsSvc - ok
14:55:56.0102 4328 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:55:56.0149 4328 MRxDAV - ok
14:55:56.0180 4328 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:55:56.0195 4328 mrxsmb - ok
14:55:56.0227 4328 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:55:56.0258 4328 mrxsmb10 - ok
14:55:56.0273 4328 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:55:56.0305 4328 mrxsmb20 - ok
14:55:56.0336 4328 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:55:56.0367 4328 msahci - ok
14:55:56.0414 4328 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:55:56.0445 4328 msdsm - ok
14:55:56.0507 4328 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:55:56.0554 4328 MSDTC - ok
14:55:56.0632 4328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:55:56.0726 4328 Msfs - ok
14:55:56.0741 4328 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:55:56.0835 4328 mshidkmdf - ok
14:55:56.0897 4328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:55:56.0929 4328 msisadrv - ok
14:55:56.0975 4328 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:55:57.0100 4328 MSiSCSI - ok
14:55:57.0116 4328 msiserver - ok
14:55:57.0147 4328 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:55:57.0225 4328 MSKSSRV - ok
14:55:57.0287 4328 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:55:57.0319 4328 MsMpSvc - ok
14:55:57.0334 4328 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:55:57.0443 4328 MSPCLOCK - ok
14:55:57.0459 4328 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:55:57.0568 4328 MSPQM - ok
14:55:57.0599 4328 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:55:57.0646 4328 MsRPC - ok
14:55:57.0677 4328 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:55:57.0709 4328 mssmbios - ok
14:55:57.0740 4328 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:55:57.0818 4328 MSTEE - ok
14:55:57.0865 4328 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:55:57.0896 4328 MTConfig - ok
14:55:57.0911 4328 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:55:57.0943 4328 Mup - ok
14:55:57.0989 4328 [ 08835780CC6A5CFF5275101B5A9D17A4 ] MxEFUF C:\Windows\system32\DRIVERS\MxEFUF64.sys
14:55:58.0036 4328 MxEFUF - ok
14:55:58.0114 4328 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:55:58.0239 4328 napagent - ok
14:55:58.0301 4328 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:55:58.0379 4328 NativeWifiP - ok
14:55:58.0457 4328 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:55:58.0520 4328 NDIS - ok
14:55:58.0551 4328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:55:58.0645 4328 NdisCap - ok
14:55:58.0660 4328 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:55:58.0754 4328 NdisTapi - ok
14:55:58.0769 4328 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:55:58.0879 4328 Ndisuio - ok
14:55:58.0894 4328 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:55:58.0988 4328 NdisWan - ok
14:55:59.0019 4328 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:55:59.0097 4328 NDProxy - ok
14:55:59.0300 4328 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
14:55:59.0362 4328 Nero BackItUp Scheduler 3 - ok
14:55:59.0425 4328 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:55:59.0456 4328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:55:59.0456 4328 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:55:59.0503 4328 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:55:59.0612 4328 NetBIOS - ok
14:55:59.0643 4328 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:55:59.0737 4328 NetBT - ok
14:55:59.0768 4328 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:55:59.0799 4328 Netlogon - ok
14:55:59.0846 4328 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:55:59.0955 4328 Netman - ok
14:56:00.0017 4328 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:56:00.0142 4328 netprofm - ok
14:56:00.0189 4328 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:56:00.0205 4328 NetTcpPortSharing - ok
14:56:00.0407 4328 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:56:00.0595 4328 netw5v64 - ok
14:56:00.0641 4328 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:56:00.0657 4328 nfrd960 - ok
14:56:00.0719 4328 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:56:00.0751 4328 NisDrv - ok
14:56:00.0813 4328 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:56:00.0860 4328 NisSrv - ok
14:56:00.0907 4328 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:56:00.0953 4328 NlaSvc - ok
14:56:01.0063 4328 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
14:56:01.0094 4328 NMIndexingService - ok
14:56:01.0265 4328 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:56:01.0390 4328 NOBU - ok
14:56:01.0484 4328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:56:01.0577 4328 Npfs - ok
14:56:01.0640 4328 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:56:01.0765 4328 nsi - ok
14:56:01.0780 4328 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:56:01.0874 4328 nsiproxy - ok
14:56:01.0967 4328 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:56:02.0061 4328 Ntfs - ok
14:56:02.0108 4328 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:56:02.0186 4328 Null - ok
14:56:02.0248 4328 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:56:02.0279 4328 nvraid - ok
14:56:02.0311 4328 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:56:02.0342 4328 nvstor - ok
14:56:02.0373 4328 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:56:02.0404 4328 nv_agp - ok
14:56:02.0451 4328 [ F79633A8B7DB75CB5FAD53B02985A414 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
14:56:02.0467 4328 NWADI - ok
14:56:02.0513 4328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:56:02.0529 4328 ohci1394 - ok
14:56:02.0607 4328 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:56:02.0638 4328 ose - ok
14:56:02.0919 4328 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:56:03.0137 4328 osppsvc - ok
14:56:03.0215 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:56:03.0231 4328 p2pimsvc - ok
14:56:03.0278 4328 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:56:03.0325 4328 p2psvc - ok
14:56:03.0371 4328 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:56:03.0418 4328 Parport - ok
14:56:03.0481 4328 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:56:03.0512 4328 partmgr - ok
14:56:03.0574 4328 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:56:03.0652 4328 PcaSvc - ok
14:56:03.0683 4328 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:56:03.0715 4328 pci - ok
14:56:03.0761 4328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:56:03.0793 4328 pciide - ok
14:56:03.0824 4328 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:56:03.0855 4328 pcmcia - ok
14:56:03.0886 4328 PCTINDIS5X64 - ok
14:56:03.0933 4328 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:56:03.0964 4328 pcw - ok
14:56:04.0011 4328 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:56:04.0120 4328 PEAUTH - ok
14:56:04.0276 4328 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:56:04.0323 4328 PerfHost - ok
14:56:04.0479 4328 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:56:04.0635 4328 pla - ok
14:56:04.0682 4328 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
14:56:04.0697 4328 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
14:56:04.0697 4328 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
14:56:04.0760 4328 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:56:04.0822 4328 PlugPlay - ok
14:56:04.0885 4328 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:56:04.0900 4328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:56:04.0900 4328 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:56:04.0963 4328 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:56:05.0025 4328 PNRPAutoReg - ok
14:56:05.0041 4328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:56:05.0087 4328 PNRPsvc - ok
14:56:05.0150 4328 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:56:05.0275 4328 PolicyAgent - ok
14:56:05.0337 4328 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:56:05.0462 4328 Power - ok
14:56:05.0524 4328 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:56:05.0633 4328 PptpMiniport - ok
14:56:05.0680 4328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:56:05.0727 4328 Processor - ok
14:56:05.0789 4328 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:56:05.0852 4328 ProfSvc - ok
14:56:05.0883 4328 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:56:05.0914 4328 ProtectedStorage - ok
14:56:05.0992 4328 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:56:06.0070 4328 Psched - ok
14:56:06.0133 4328 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:56:06.0164 4328 PxHlpa64 - ok
14:56:06.0242 4328 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:56:06.0320 4328 ql2300 - ok
14:56:06.0367 4328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:56:06.0398 4328 ql40xx - ok
14:56:06.0460 4328 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:56:06.0523 4328 QWAVE - ok
14:56:06.0554 4328 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:56:06.0601 4328 QWAVEdrv - ok
14:56:06.0616 4328 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:56:06.0725 4328 RasAcd - ok
14:56:06.0772 4328 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:56:06.0866 4328 RasAgileVpn - ok
14:56:06.0897 4328 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:56:07.0022 4328 RasAuto - ok
14:56:07.0069 4328 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:56:07.0178 4328 Rasl2tp - ok
14:56:07.0240 4328 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:56:07.0334 4328 RasMan - ok
14:56:07.0365 4328 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:56:07.0474 4328 RasPppoe - ok
14:56:07.0505 4328 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:56:07.0599 4328 RasSstp - ok
14:56:07.0630 4328 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:56:07.0771 4328 rdbss - ok
14:56:07.0817 4328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:56:07.0864 4328 rdpbus - ok
14:56:07.0895 4328 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:56:08.0020 4328 RDPCDD - ok
14:56:08.0067 4328 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:56:08.0145 4328 RDPENCDD - ok
14:56:08.0192 4328 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:56:08.0270 4328 RDPREFMP - ok
14:56:08.0332 4328 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:56:08.0363 4328 RdpVideoMiniport - ok
14:56:08.0379 4328 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:56:08.0410 4328 RDPWD - ok
14:56:08.0441 4328 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:56:08.0457 4328 rdyboost - ok
14:56:08.0535 4328 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:56:08.0613 4328 RemoteAccess - ok
14:56:08.0691 4328 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:56:08.0785 4328 RemoteRegistry - ok
14:56:08.0847 4328 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:56:08.0956 4328 RpcEptMapper - ok
14:56:09.0019 4328 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:56:09.0050 4328 RpcLocator - ok
14:56:09.0097 4328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
14:56:09.0206 4328 RpcSs - ok
14:56:09.0268 4328 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:56:09.0362 4328 rspndr - ok
14:56:09.0487 4328 [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:56:09.0518 4328 RSUSBSTOR - ok
14:56:09.0596 4328 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:56:09.0627 4328 RTL8167 - ok
14:56:09.0689 4328 [ 573B3EB59948A23C5FBAD48D90056817 ] RTLE8023x64 C:\Windows\system32\DRIVERS\Rtenic64.sys
14:56:09.0721 4328 RTLE8023x64 - ok
14:56:09.0861 4328 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
14:56:09.0908 4328 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
14:56:09.0908 4328 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
14:56:09.0939 4328 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:56:09.0970 4328 SamSs - ok
14:56:10.0017 4328 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:56:10.0048 4328 sbp2port - ok
14:56:10.0111 4328 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:56:10.0220 4328 SCardSvr - ok
14:56:10.0267 4328 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:56:10.0376 4328 scfilter - ok
14:56:10.0454 4328 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:56:10.0579 4328 Schedule - ok
14:56:10.0641 4328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:56:10.0719 4328 SCPolicySvc - ok
14:56:10.0781 4328 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
14:56:10.0828 4328 sdbus - ok
14:56:10.0875 4328 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:56:10.0937 4328 SDRSVC - ok
14:56:10.0984 4328 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:56:11.0062 4328 secdrv - ok
14:56:11.0125 4328 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:56:11.0234 4328 seclogon - ok
14:56:11.0281 4328 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:56:11.0390 4328 SENS - ok
14:56:11.0437 4328 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:56:11.0468 4328 SensrSvc - ok
14:56:11.0546 4328 [ 052D4299E72FFFCCD9A168ADCDF5C450 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
14:56:11.0577 4328 Ser2pl - ok
14:56:11.0624 4328 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:56:11.0671 4328 Serenum - ok
14:56:11.0717 4328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:56:11.0749 4328 Serial - ok
14:56:11.0780 4328 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:56:11.0827 4328 sermouse - ok
14:56:11.0936 4328 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:56:12.0045 4328 SessionEnv - ok
14:56:12.0092 4328 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:56:12.0139 4328 sffdisk - ok
14:56:12.0170 4328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:56:12.0201 4328 sffp_mmc - ok
14:56:12.0232 4328 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:56:12.0263 4328 sffp_sd - ok
14:56:12.0295 4328 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:56:12.0326 4328 sfloppy - ok
14:56:12.0373 4328 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:56:12.0435 4328 Sftfs - ok
14:56:12.0575 4328 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:56:12.0622 4328 sftlist - ok
14:56:12.0669 4328 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:56:12.0700 4328 Sftplay - ok
14:56:12.0763 4328 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:56:12.0778 4328 Sftredir - ok
14:56:12.0809 4328 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:56:12.0825 4328 Sftvol - ok
14:56:12.0887 4328 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:56:12.0919 4328 sftvsa - ok
14:56:12.0997 4328 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:56:13.0106 4328 SharedAccess - ok
14:56:13.0184 4328 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:56:13.0277 4328 ShellHWDetection - ok
14:56:13.0340 4328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:56:13.0371 4328 SiSRaid2 - ok
14:56:13.0418 4328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:56:13.0449 4328 SiSRaid4 - ok
14:56:13.0511 4328 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:56:13.0605 4328 Smb - ok
14:56:13.0714 4328 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:56:13.0777 4328 SNMPTRAP - ok
14:56:13.0792 4328 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:56:13.0823 4328 spldr - ok
14:56:13.0886 4328 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:56:13.0933 4328 Spooler - ok
14:56:14.0104 4328 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:56:14.0291 4328 sppsvc - ok
14:56:14.0323 4328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:56:14.0447 4328 sppuinotify - ok
14:56:14.0510 4328 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:56:14.0557 4328 srv - ok
14:56:14.0588 4328 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:56:14.0619 4328 srv2 - ok
14:56:14.0697 4328 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:56:14.0728 4328 SrvHsfHDA - ok
14:56:14.0806 4328 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:56:14.0900 4328 SrvHsfV92 - ok
14:56:14.0947 4328 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:56:14.0993 4328 SrvHsfWinac - ok
14:56:15.0025 4328 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:56:15.0056 4328 srvnet - ok
14:56:15.0118 4328 [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
14:56:15.0181 4328 ssadbus - ok
14:56:15.0212 4328 [ 73E2BA39E7EB024DC686412E2E924A74 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:56:15.0243 4328 ssadmdfl - ok
14:56:15.0274 4328 [ 74B032D6C1E36AE2F790752FDE8CE055 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
14:56:15.0321 4328 ssadmdm - ok
14:56:15.0383 4328 [ 2B44CA7DAFA820DC5756006CFCCC8D72 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
14:56:15.0430 4328 ssadserd - ok
14:56:15.0477 4328 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
14:56:15.0493 4328 sscdbus - ok
14:56:15.0524 4328 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:56:15.0555 4328 sscdmdfl - ok
14:56:15.0602 4328 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
14:56:15.0617 4328 sscdmdm - ok
14:56:15.0664 4328 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
14:56:15.0695 4328 sscdserd - ok
14:56:15.0742 4328 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:56:15.0836 4328 SSDPSRV - ok
14:56:15.0898 4328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:56:15.0992 4328 SstpSvc - ok
14:56:16.0070 4328 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:56:16.0101 4328 stexstor - ok
14:56:16.0179 4328 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:56:16.0273 4328 stisvc - ok
14:56:16.0304 4328 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:56:16.0335 4328 swenum - ok
14:56:16.0491 4328 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:56:16.0522 4328 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:56:16.0522 4328 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:56:16.0569 4328 [ A8E9E76CC2F342F205273702969C84C9 ] swmx00 C:\Windows\system32\DRIVERS\swmx00.sys
14:56:16.0600 4328 swmx00 - ok
14:56:16.0663 4328 [ B053610BB36D9BD1BFF7102727427600 ] SWNC5E00 C:\Windows\system32\DRIVERS\SWNC5E00.sys
14:56:16.0709 4328 SWNC5E00 - ok
14:56:16.0787 4328 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:56:16.0928 4328 swprv - ok
14:56:17.0006 4328 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:56:17.0037 4328 SynTP - ok
14:56:17.0131 4328 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:56:17.0240 4328 SysMain - ok
14:56:17.0302 4328 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:56:17.0349 4328 TabletInputService - ok
14:56:17.0427 4328 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:56:17.0521 4328 TapiSrv - ok
14:56:17.0583 4328 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:56:17.0677 4328 TBS - ok
14:56:17.0786 4328 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:56:17.0879 4328 Tcpip - ok
14:56:17.0973 4328 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:56:18.0067 4328 TCPIP6 - ok
14:56:18.0145 4328 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:56:18.0176 4328 tcpipreg - ok
14:56:18.0269 4328 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:56:18.0316 4328 TDPIPE - ok
14:56:18.0347 4328 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:56:18.0379 4328 TDTCP - ok
14:56:18.0441 4328 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:56:18.0519 4328 tdx - ok
14:56:18.0566 4328 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:56:18.0597 4328 TermDD - ok
14:56:18.0659 4328 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:56:18.0769 4328 TermService - ok
14:56:18.0831 4328 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:56:18.0893 4328 Themes - ok
14:56:18.0956 4328 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:56:19.0049 4328 THREADORDER - ok
14:56:19.0081 4328 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:56:19.0174 4328 TrkWks - ok
14:56:19.0283 4328 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:56:19.0361 4328 TrustedInstaller - ok
14:56:19.0455 4328 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:56:19.0564 4328 tssecsrv - ok
14:56:19.0627 4328 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:56:19.0673 4328 TsUsbFlt - ok
14:56:19.0689 4328 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:56:19.0783 4328 tunnel - ok
14:56:19.0845 4328 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:56:19.0876 4328 uagp35 - ok
14:56:19.0907 4328 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:56:20.0017 4328 udfs - ok
14:56:20.0126 4328 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:56:20.0188 4328 UI0Detect - ok
14:56:20.0219 4328 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:56:20.0251 4328 uliagpkx - ok
14:56:20.0297 4328 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:56:20.0313 4328 umbus - ok
14:56:20.0375 4328 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:56:20.0422 4328 UmPass - ok
14:56:20.0485 4328 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:56:20.0609 4328 upnphost - ok
14:56:20.0656 4328 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:56:20.0719 4328 usbccgp - ok
14:56:20.0765 4328 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:56:20.0812 4328 usbcir - ok
14:56:20.0843 4328 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:56:20.0875 4328 usbehci - ok
14:56:20.0921 4328 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:56:20.0937 4328 usbfilter - ok
14:56:20.0984 4328 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:56:21.0031 4328 usbhub - ok
14:56:21.0109 4328 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:56:21.0140 4328 usbohci - ok
14:56:21.0171 4328 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:56:21.0218 4328 usbprint - ok
14:56:21.0280 4328 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:56:21.0311 4328 usbscan - ok
14:56:21.0374 4328 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:56:21.0421 4328 USBSTOR - ok
14:56:21.0483 4328 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:56:21.0530 4328 usbuhci - ok
14:56:21.0577 4328 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:56:21.0608 4328 usbvideo - ok
14:56:21.0655 4328 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:56:21.0670 4328 usb_rndisx - ok
14:56:21.0748 4328 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:56:21.0857 4328 UxSms - ok
14:56:21.0904 4328 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:56:21.0935 4328 VaultSvc - ok
14:56:21.0998 4328 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:56:22.0013 4328 vdrvroot - ok
14:56:22.0091 4328 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:56:22.0201 4328 vds - ok
14:56:22.0247 4328 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:56:22.0279 4328 vga - ok
14:56:22.0325 4328 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:56:22.0435 4328 VgaSave - ok
14:56:22.0481 4328 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:56:22.0513 4328 vhdmp - ok
14:56:22.0575 4328 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:56:22.0591 4328 viaide - ok
14:56:22.0637 4328 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:56:22.0669 4328 volmgr - ok
14:56:22.0747 4328 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:56:22.0793 4328 volmgrx - ok
14:56:22.0825 4328 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:56:22.0856 4328 volsnap - ok
14:56:22.0918 4328 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:56:22.0949 4328 vsmraid - ok
14:56:23.0059 4328 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:56:23.0215 4328 VSS - ok
14:56:23.0261 4328 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:56:23.0308 4328 vwifibus - ok
14:56:23.0355 4328 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:56:23.0417 4328 vwififlt - ok
14:56:23.0449 4328 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:56:23.0480 4328 vwifimp - ok
14:56:23.0542 4328 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:56:23.0651 4328 W32Time - ok
14:56:23.0729 4328 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:56:23.0761 4328 WacomPen - ok
14:56:23.0792 4328 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:56:23.0870 4328 WANARP - ok
14:56:23.0901 4328 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:56:23.0979 4328 Wanarpv6 - ok
14:56:24.0073 4328 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:56:24.0151 4328 WatAdminSvc - ok
14:56:24.0260 4328 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:56:24.0353 4328 wbengine - ok
14:56:24.0385 4328 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:56:24.0431 4328 WbioSrvc - ok
14:56:24.0478 4328 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:56:24.0525 4328 wcncsvc - ok
14:56:24.0572 4328 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:56:24.0603 4328 WcsPlugInService - ok
14:56:24.0650 4328 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:56:24.0681 4328 Wd - ok
14:56:24.0775 4328 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:56:24.0837 4328 Wdf01000 - ok
14:56:24.0915 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:56:24.0977 4328 WdiServiceHost - ok
14:56:25.0009 4328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:56:25.0055 4328 WdiSystemHost - ok
14:56:25.0102 4328 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:56:25.0180 4328 WebClient - ok
14:56:25.0243 4328 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:56:25.0367 4328 Wecsvc - ok
14:56:25.0430 4328 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:56:25.0523 4328 wercplsupport - ok
14:56:25.0555 4328 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:56:25.0648 4328 WerSvc - ok
14:56:25.0711 4328 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:56:25.0804 4328 WfpLwf - ok
14:56:25.0835 4328 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:56:25.0867 4328 WIMMount - ok
14:56:25.0945 4328 WinDefend - ok
14:56:25.0976 4328 WinHttpAutoProxySvc - ok
14:56:26.0132 4328 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:56:26.0241 4328 Winmgmt - ok
14:56:26.0366 4328 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:56:26.0522 4328 WinRM - ok
14:56:26.0647 4328 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:56:26.0678 4328 WinUsb - ok
14:56:26.0756 4328 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:56:26.0849 4328 Wlansvc - ok
14:56:26.0959 4328 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:56:26.0990 4328 wlcrasvc - ok
14:56:27.0193 4328 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:56:27.0302 4328 wlidsvc - ok
14:56:27.0380 4328 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:56:27.0427 4328 WmiAcpi - ok
14:56:27.0520 4328 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:56:27.0567 4328 wmiApSrv - ok
14:56:27.0614 4328 WMPNetworkSvc - ok
14:56:27.0676 4328 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:56:27.0707 4328 WPCSvc - ok
14:56:27.0739 4328 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:56:27.0770 4328 WPDBusEnum - ok
14:56:27.0848 4328 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:56:27.0941 4328 ws2ifsl - ok
14:56:28.0004 4328 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:56:28.0066 4328 wscsvc - ok
14:56:28.0082 4328 WSearch - ok
14:56:28.0238 4328 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:56:28.0363 4328 wuauserv - ok
14:56:28.0441 4328 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:56:28.0456 4328 WudfPf - ok
14:56:28.0519 4328 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:56:28.0565 4328 WUDFRd - ok
14:56:28.0628 4328 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:56:28.0690 4328 wudfsvc - ok
14:56:28.0753 4328 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:56:28.0815 4328 WwanSvc - ok
14:56:28.0909 4328 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
14:56:28.0955 4328 yukonw7 - ok
14:56:28.0987 4328 ZTEMSD0227 - ok
14:56:29.0111 4328 ================ Scan global ===============================
14:56:29.0174 4328 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:56:29.0236 4328 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:56:29.0267 4328 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:56:29.0330 4328 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:56:29.0361 4328 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:56:29.0361 4328 [Global] - ok
14:56:29.0361 4328 ================ Scan MBR ==================================
14:56:29.0423 4328 [ 5B0FE4F8B89E44902B10336475518E06 ] \Device\Harddisk0\DR0
14:56:29.0876 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:56:29.0876 4328 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:56:29.0876 4328 ================ Scan VBR ==================================
14:56:29.0891 4328 [ 99A21F5A25140FAAC241FEE80C2404F2 ] \Device\Harddisk0\DR0\Partition1
14:56:29.0891 4328 \Device\Harddisk0\DR0\Partition1 - ok
14:56:29.0923 4328 [ CAF481E5CAB69E0C1206485F1023E10C ] \Device\Harddisk0\DR0\Partition2
14:56:29.0923 4328 \Device\Harddisk0\DR0\Partition2 - ok
14:56:29.0969 4328 [ B87AB114ABF593134227C05262F4405C ] \Device\Harddisk0\DR0\Partition3
14:56:29.0969 4328 \Device\Harddisk0\DR0\Partition3 - ok
14:56:29.0985 4328 [ C874B4BC5E63D34D7BE04FBB77B16C32 ] \Device\Harddisk0\DR0\Partition4
14:56:30.0001 4328 \Device\Harddisk0\DR0\Partition4 - ok
14:56:30.0001 4328 ============================================================
14:56:30.0001 4328 Scan finished
14:56:30.0001 4328 ============================================================
14:56:30.0016 2856 Detected object count: 11
14:56:30.0016 2856 Actual detected object count: 11
14:58:32.0024 2856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0024 2856 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0024 2856 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0024 2856 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0040 2856 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0040 2856 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0040 2856 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0040 2856 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0040 2856 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0040 2856 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0040 2856 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0040 2856 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0055 2856 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0055 2856 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0055 2856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0055 2856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0055 2856 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0055 2856 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0071 2856 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:32.0071 2856 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:32.0071 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:58:32.0071 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:58:56.0516 2052 Deinitialize success
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Run TDSSKiller like you just did but this time tell it to DELETE the TDSS File System:

14:58:32.0071 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:58:32.0071 2856 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

Advertisements


#11
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
ok will do
took off old malware an tried to install new but got a dialog box that says
run time error 339
componet ieframe.dll or one of its dependecies is not correctly registered a file is missing or invalid

Edited by noluv, 31 January 2013 - 07:45 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Just skip MBAM for now. I have modified the final OTL scan to look for the missing file.
  • 0

#13
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
ok clicked on my computer an clicked on manage it said cannot find the file and make sure i typed it correctly

Edited by noluv, 31 January 2013 - 10:16 PM.

  • 0

#14
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/01/2013 7:08:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/01/2013 7:12:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/01/2013 5:03:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/01/2013 8:46:40 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/01/2013 10:45:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/01/2013 11:09:54 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/01/2013 2:45:37 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/01/2013 7:14:37 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/01/2013 4:57:53 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/01/2013 11:30:30 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/01/2013 11:09:59 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/01/2013 11:08:04 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/01/2013 10:03:24 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/01/2013 3:36:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/01/2013 2:37:32 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/01/2013 12:09:36 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/01/2013 11:41:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/01/2013 11:18:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/01/2013 8:34:03 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/01/2013 1:36:58 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/01/2013 11:17:00 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/01/2013 7:46:12 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 21/01/2013 7:44:57 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 21/01/2013 7:35:26 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 21/01/2013 7:22:06 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/01/2013 7:22:06 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/01/2013 7:12:59 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:08:50 PM on ?1/?21/?2013 was unexpected.

Log: 'System' Date/Time: 21/01/2013 6:52:56 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/01/2013 6:52:56 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/01/2013 5:43:00 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 21/01/2013 5:42:48 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Log: 'System' Date/Time: 21/01/2013 5:42:24 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 21/01/2013 5:28:18 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 21/01/2013 5:27:53 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 21/01/2013 5:23:59 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/01/2013 5:06:03 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 21/01/2013 5:05:43 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Log: 'System' Date/Time: 21/01/2013 5:05:09 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 21/01/2013 5:03:49 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 4:50:40 AM on ?1/?21/?2013 was unexpected.

Log: 'System' Date/Time: 21/01/2013 8:51:24 AM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 21/01/2013 8:50:45 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/01/2013 9:25:39 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 9:21:24 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/01/2013 9:21:24 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 21/01/2013 8:29:52 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 8:25:49 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/01/2013 8:25:49 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 21/01/2013 8:11:04 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.pandasoftware.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/01/2013 8:07:12 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 8:03:03 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/01/2013 8:03:03 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 21/01/2013 7:26:37 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 6:22:52 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll;file:_C:\Users\RAWFRO~1\AppData\Local\Temp\av4141D.tmp;file:_C:\Users\RAWFRO~1\AppData\Local\Temp\av4141E.tmp Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Raw from Noluv\Downloads\aswMBR.exe Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 6:22:52 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll;file:_C:\Users\RAWFRO~1\AppData\Local\Temp\av4141D.tmp Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Raw from Noluv\Downloads\aswMBR.exe Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 6:22:52 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\RAWFRO~1\AppData\Local\Temp\av4141D.tmp Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Raw from Noluv\Downloads\aswMBR.exe Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 6:22:51 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Raw from Noluv\Downloads\aswMBR.exe Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 6:16:42 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Cycbot!cfg&threatid=2147648108 Name: Backdoor:Win32/Cycbot!cfg ID: 2147648108 Severity: Severe Category: Backdoor Path: file:_C:\Users\Raw from Noluv\AppData\Roaming\E24B9\9178.24B Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: MMG\Raw from Noluv Process Name: C:\Users\Raw from Noluv\Downloads\aswMBR.exe Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 6:01:56 PM
Type: Warning Category: 0
Event: 129 Source: amd_sata
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 21/01/2013 5:53:56 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: containerfile:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll;file:_c:\users\raw from noluv\Adobe Photoshop CS6 Extended.exe->(RarSfx)->Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.143.971.0, AS: 1.143.971.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 21/01/2013 5:51:56 PM
Type: Warning Category: 0
Event: 129 Source: amd_sata
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 21/01/2013 5:38:47 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#15
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/01/2013 7:11:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/01/2013 12:00:00 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 22/01/2013 12:00:00 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 21/01/2013 11:59:24 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
The event description cannot be found.

Log: 'Application' Date/Time: 21/01/2013 11:59:19 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
The event description cannot be found.

Log: 'Application' Date/Time: 21/01/2013 11:26:37 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 21/01/2013 11:26:37 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 21/01/2013 9:24:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Faulting module name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Exception code: 0xc0000005 Fault offset: 0x00086a1f Faulting process id: 0xd5c Faulting application start time: 0x01cdf81db239c77d Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Faulting module path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Report Id: f5df8013-6410-11e2-a2a5-78acc03e8bd9

Log: 'Application' Date/Time: 21/01/2013 9:19:20 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 21/01/2013 9:19:20 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 21/01/2013 9:16:22 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Faulting module name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Exception code: 0xc0000005 Fault offset: 0x00086a1f Faulting process id: 0xfdc Faulting application start time: 0x01cdf81c8eaf44dd Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Faulting module path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Report Id: ce074dd4-640f-11e2-856f-78acc03e8bd9

Log: 'Application' Date/Time: 21/01/2013 8:05:23 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Faulting module name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Exception code: 0xc0000005 Fault offset: 0x00086a1f Faulting process id: 0xed8 Faulting application start time: 0x01cdf8129be27a98 Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Faulting module path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Report Id: e33b19ba-6405-11e2-8810-78acc03e8bd9

Log: 'Application' Date/Time: 21/01/2013 7:43:34 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 21/01/2013 7:43:34 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 21/01/2013 7:21:04 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Faulting module name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Exception code: 0xc0000005 Fault offset: 0x00086a1f Faulting process id: 0x598 Faulting application start time: 0x01cdf80c6da856d8 Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Faulting module path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Report Id: b29a55cd-63ff-11e2-be26-78acc03e8bd9

Log: 'Application' Date/Time: 21/01/2013 5:42:10 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Faulting module name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Exception code: 0xc0000005 Fault offset: 0x00086a1f Faulting process id: 0xb5c Faulting application start time: 0x01cdf7fe97095643 Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Faulting module path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Report Id: e1a4fb3e-63f1-11e2-b32c-78acc03e8bd9

Log: 'Application' Date/Time: 21/01/2013 5:29:12 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Faulting module name: Epson all-in-one Registration.exe, version: 0.5.1.5, time stamp: 0x4d8929a1 Exception code: 0xc0000005 Fault offset: 0x00086a1f Faulting process id: 0x884 Faulting application start time: 0x01cdf7fccfe15d22 Faulting application path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Faulting module path: C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe Report Id: 119e2159-63f0-11e2-971b-78acc03e8bd9

Log: 'Application' Date/Time: 20/01/2013 9:23:26 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 20/01/2013 9:23:26 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 20/01/2013 8:03:09 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 20/01/2013 8:03:09 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/01/2013 9:24:00 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=BEC}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 9:23:55 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=BEC}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/01/2013 8:27:43 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=8D8}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 8:27:40 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=8D8}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/01/2013 8:04:34 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=B7C}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 8:04:31 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=B7C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/01/2013 7:25:54 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{fd3fc100-23d3-11e0-86db-78acc03e8bd9}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 21/01/2013 7:13:53 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=A04}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 7:13:49 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=A04}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/01/2013 5:42:43 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=F08}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 5:42:40 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=F08}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/01/2013 5:28:15 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=D54}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 5:28:10 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=D54}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/01/2013 5:05:44 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=7AC}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 5:05:39 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=7AC}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/01/2013 9:21:30 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{fd3fc100-23d3-11e0-86db-78acc03e8bd9}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 21/01/2013 8:51:02 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=1100}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 21/01/2013 8:51:00 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=1100}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 20/01/2013 10:47:22 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=C94}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MMG Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 20/01/2013 10:47:21 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=C94}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP