Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lenovo laptop stops responding when wireless is turned on/connected to


  • Please log in to reply

#1
alexander4

alexander4

    Member

  • Member
  • PipPip
  • 59 posts
**This thread moved from Hardware forum to Malware at member's suggestion**

I am not sure if this is a hardware issue, or malware.
Lenovo G550 2958 Win 7 Home Premium 64-bit

This is a friend's laptop I've been trying to troubleshoot. Issue is that once WIFI is enabled, or it is plugged in to a LAN, it quickly becomes unresponsive. Applications will not open, ctrl + alt + del generates an error message about not being able to open the security screen.

The first thing I did was run Malwarebyte's in safe mode. It discovered 13 issues and removed them. There was no antivirus when he brought it to me, so I have since installed Avast Internet Security.

Safe Mode seems to work, even when plugged in to a LAN. Through safe mode, I disabled all the startup programs in MSConfig, and disabled all services that were not Microsoft related. I attempted to update the Wireless and LAN drivers through Lenovo's website. I say attempted because even though I downloaded for the Lenovo G550 2958 64-bit, it doesn't look like the updates took. That is the dates under device manager predate the release dates on the downloaded drivers.Using the device manager, I attempted to update the drivers that way, and it said the best drivers were already in place.

Devices are:
Broadcom 802.11g Network Adapter
Broadcom NetLink Fast Ethernet
Microsoft Virtual WiFi Miniport Adapter (I don't know what this is)

I am not sure where to go from here. Again, safe mode with networking seems to work fine. I can browse, open applications and all that. Any help is appreciated.

Thank you in advance,
alexander4

OTL Log run 02/07/2013:

OTL logfile created on: 2/7/2013 8:49:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 74.62% Memory free
7.87 Gb Paging File | 6.84 Gb Available in Paging File | 86.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.69 Gb Total Space | 80.59 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.55 Gb Free Space | 83.33% Space Free | Partition Type: FAT

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/07 20:44:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/10/30 17:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
PRC - [2008/01/11 11:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/30 17:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/09/22 12:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 08:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/06 17:59:24 | 000,117,568 | ---- | M] (Broadcom Corp.) [Disabled | Stopped] -- C:\Program Files\Broadcom\BACS\BPowMon.exe -- (BPowMon)
SRV - [2010/12/04 13:00:44 | 000,042,312 | ---- | M] (White Sky, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ID Vault\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/15 21:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 08:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 08:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/23 04:23:32 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/11 11:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 17:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/21 03:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/12 19:11:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/09/20 09:09:22 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\gidv2.sys -- (GIDv2)
DRV:64bit: - [2010/06/17 01:51:34 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2010/05/07 08:58:08 | 000,058,896 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2009/10/16 12:37:34 | 000,197,376 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009/09/14 11:40:28 | 000,259,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/21 08:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 05:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 21:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 17:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/06 17:59:20 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV:64bit: - [2009/07/02 19:42:08 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/14 20:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/30 19:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/19 07:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/08/06 06:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/01/12 09:23:08 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
DRV - [2000/09/19 18:55:00 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...dc-88ae1d1f1c60
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}: "URL" = ${SEARCH_URL}{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...dc-88ae1d1f1c60
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {62CD514E-467E-4B6C-9B3D-8CCBD60E701A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}: "URL" = http://searchab.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{ED145575-455A-4DCD-8657-93E3D5E4BD8C}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Privitize VPN (Enabled)
CHR - default_search_provider: search_url = http://searchab.com/...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Vid-Saver = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.65_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.65_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D09DF77-2863-4319-B587-ABEEC89DEAF3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\zoomex\sprote~1.dll) - c:\Program Files (x86)\ZoomEx\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b7a45ec-687d-11e0-bcf5-cb7cddd17a7f}\Shell - "" = AutoRun
O33 - MountPoints2\{4b7a45ec-687d-11e0-bcf5-cb7cddd17a7f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{56fe2981-e1b6-11e1-bec2-88ae1d1f1c60}\Shell - "" = AutoRun
O33 - MountPoints2\{56fe2981-e1b6-11e1-bec2-88ae1d1f1c60}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{56fe2996-e1b6-11e1-bec2-88ae1d1f1c60}\Shell - "" = AutoRun
O33 - MountPoints2\{56fe2996-e1b6-11e1-bec2-88ae1d1f1c60}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{bd0cc190-bb6c-11df-b545-88ae1d1f1c60}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0cc190-bb6c-11df-b545-88ae1d1f1c60}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 20:49:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/07 06:47:03 | 002,769,400 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\BCMWL664.SYS
[2013/02/07 06:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Broadcom Wireless
[2013/02/07 06:46:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\InstallShield
[2013/02/07 05:12:08 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/02/07 04:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
[2013/02/07 04:22:34 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2013/02/07 04:03:18 | 000,000,000 | ---D | C] -- C:\Drivers
[2013/02/07 02:12:20 | 000,370,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/02/07 02:12:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/02/07 02:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/02/07 02:12:12 | 000,132,864 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFW.sys
[2013/02/07 02:11:38 | 000,262,656 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdis2.sys
[2013/02/07 02:11:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/02/07 02:11:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/02/07 02:11:36 | 000,021,136 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys
[2013/02/07 02:11:35 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/02/07 02:11:28 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/02/07 02:11:27 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/02/07 02:10:54 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\windows\SysNative\drivers\aswNdis.sys
[2013/02/07 02:10:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/02/07 02:10:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2013/02/07 02:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/07 02:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/22 17:59:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013/01/22 17:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 17:59:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/01/22 17:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/22 17:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/22 17:58:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/01/22 17:58:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Updater3491
[2013/01/22 01:10:50 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2013/01/22 01:10:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2013/01/22 00:58:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/01/22 00:58:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/01/22 00:58:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/01/22 00:58:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/01/22 00:58:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/01/22 00:58:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/01/22 00:58:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/01/22 00:58:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/01/22 00:58:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/01/22 00:58:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/01/22 00:58:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/01/22 00:58:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/01/22 00:58:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/01/22 00:58:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/01/22 00:58:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/01/22 00:57:10 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/01/22 00:57:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/01/22 00:57:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/01/22 00:57:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/01/22 00:56:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2013/01/22 00:56:40 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2013/01/22 00:56:40 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2013/01/22 00:56:40 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2013/01/21 21:53:42 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/21 21:53:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/21 21:52:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/21 21:52:48 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/21 21:52:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/21 21:52:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/21 21:52:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/21 21:52:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/21 21:52:39 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/21 21:52:39 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/21 21:52:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/21 21:52:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/21 21:52:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/21 21:52:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/21 21:52:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/21 21:52:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/21 21:52:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/21 21:52:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/21 21:52:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/21 21:52:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/21 21:52:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/21 21:52:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/21 21:52:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/21 21:52:38 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/21 21:52:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/21 21:52:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/21 21:52:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/21 21:52:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/21 21:52:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/21 21:52:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/21 21:52:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/21 21:52:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/21 21:50:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/21 21:50:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/21 21:50:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/21 21:50:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/21 21:50:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/21 21:50:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/21 21:50:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/21 21:50:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/21 21:50:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/21 21:50:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/21 21:50:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/21 21:50:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/21 21:50:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/21 21:50:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/21 21:50:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/21 21:50:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/21 21:50:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/21 21:50:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/21 21:50:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/21 21:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/21 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2013/01/21 21:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomEx
[2013/01/21 21:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoomex
[2013/01/21 21:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/21 21:44:55 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2010/11/12 19:11:16 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/07 20:54:07 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 20:54:07 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/07 20:52:01 | 000,792,128 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/07 20:52:01 | 000,671,120 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/07 20:52:01 | 000,124,278 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/07 20:46:51 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2013/02/07 20:46:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/07 20:45:45 | 3168,219,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/07 20:44:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/07 06:47:20 | 000,675,958 | ---- | M] () -- C:\windows\SysNative\oem6.inf
[2013/02/07 05:22:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496846423-2674535317-2042609940-1004UA.job
[2013/02/07 02:12:20 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/07 02:11:28 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/02/03 17:22:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496846423-2674535317-2042609940-1004Core.job
[2013/01/22 17:59:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 17:10:58 | 000,438,520 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/21 21:46:20 | 000,000,110 | ---- | M] () -- C:\prefs.js
[2013/01/21 21:33:49 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2013/01/15 21:42:32 | 000,125,178 | ---- | M] () -- C:\Users\user\Documents\Publication1.jpg
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/07 02:12:20 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/07 02:11:28 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/01/22 17:59:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 01:10:53 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/22 00:56:40 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/21 21:46:20 | 000,000,110 | ---- | C] () -- C:\prefs.js
[2013/01/15 21:42:31 | 000,125,178 | ---- | C] () -- C:\Users\user\Documents\Publication1.jpg
[2012/11/23 23:34:08 | 000,000,254 | ---- | C] () -- C:\windows\RomeTW.ini
[2010/11/12 19:11:16 | 000,099,384 | ---- | C] () -- C:\Users\user\AppData\Roaming\inst.exe
[2010/11/12 19:11:16 | 000,007,859 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2010/11/12 19:11:16 | 000,001,167 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2011/02/11 11:18:33 | 000,035,734 | ---- | M] ()(C:\Users\user\Documents\Fl?veni Character Sketch.docx) -- C:\Users\user\Documents\Flάveni Character Sketch.docx
[2011/02/10 20:36:31 | 000,035,734 | ---- | C] ()(C:\Users\user\Documents\Fl?veni Character Sketch.docx) -- C:\Users\user\Documents\Flάveni Character Sketch.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EBE00DD2

< End of report >


OTL Extras logfile created on: 2/7/2013 8:49:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 74.62% Memory free
7.87 Gb Paging File | 6.84 Gb Available in Paging File | 86.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.69 Gb Total Space | 80.59 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.55 Gb Free Space | 83.33% Space Free | Partition Type: FAT

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D12514-6145-44C3-8D9C-B802CC4F017E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D8F2C7A-9D4D-4313-8A68-65918BD948D4}" = lport=445 | protocol=6 | dir=in | app=system |
"{1660D62D-D103-49E4-A220-C008CE63DCC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{21A55EFF-82DB-4DE3-9B5A-B7C2C89C6037}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3125799E-DD34-4F71-9629-BCFD2EA6469C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{399F9085-71F8-43A7-963B-8C8E489BE60F}" = rport=137 | protocol=17 | dir=out | app=system |
"{39DF5FB9-22DF-4BEA-ACB0-5559A282F94D}" = lport=137 | protocol=17 | dir=in | app=system |
"{3ECF4820-5FB1-4001-977A-6D5879B2B569}" = lport=139 | protocol=6 | dir=in | app=system |
"{42E3FF23-F9F2-4329-99EA-A7776F39C8B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D764FB2-49CD-4DC2-859B-3C420825C0AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{509AE6B6-8705-4E24-9561-01CFC7A92EE1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5293FCD8-C130-4450-A39F-D25B69ABAF95}" = rport=139 | protocol=6 | dir=out | app=system |
"{5416C766-0B6F-45EB-B8F5-906D953B2C92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{562A914B-AC81-4CF5-AA24-09475DCF091A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AC2E922-75C8-4E80-95DE-D201EF9E622A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65C63A17-30D4-4EF4-BB77-812910F31FF5}" = lport=138 | protocol=17 | dir=in | app=system |
"{66672847-3FF1-4E45-B309-AD069F9844E8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C8E90C5-3FD4-4860-BF45-3D4D6109CC7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73885FE2-B064-431A-90D4-EE280E3D6BB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7508EC4D-DDBB-4F58-ADE7-4A4219D66E7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A02BBE6-3947-4D5D-BE42-1C976CD077BD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7D1B921E-004D-4BDA-A4F9-F53C66D61996}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82C58141-862A-4C2E-9742-99EB6F2A44A2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{95D834A6-6836-4AA0-897B-BD7AAD112775}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{997EFA79-2D72-4445-B2B4-0C35BD69A94F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CDE2763-6B4E-4F77-A268-A01C4AE9B411}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9EAE3C7C-5E90-412A-B3A2-2C7CDB32F22A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B3CA8137-7057-45F1-9B84-C876EF013384}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C1C8ED67-FA82-4168-8165-6E0D05DB1738}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C40C911C-9EED-4EE9-9463-B161AE0B076A}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6AACF46-2007-40D2-8EC3-FAF8201BFCBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CED719E3-D824-4F75-9FFB-8A27BDBB20B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D7E1CD5C-C66B-4B85-B8A6-BDEA69F6C41A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBAE7201-93D3-4635-AFEC-DFC1B58E56DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE65EF28-6E02-4CD4-B16B-7B34267B6F4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFEB34E0-7D7B-46F3-B29D-8BB780B1E851}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E1CC94DA-2AFB-4274-818C-4C51BBF161E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2693B2E-4BE0-4D37-8953-28C81AACF3D7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{ED28D41A-176E-45E5-8F37-CC878158D8FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE4B28FB-6AC4-4FBE-9CC3-DE9FE918B6B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F81F5B7C-CAFE-48EF-B6DC-908183C49616}" = rport=445 | protocol=6 | dir=out | app=system |
"{F84D6A39-9567-46F9-8CF8-4FF5AC85320B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0266217D-C391-4E71-9EC0-900B7BAFD94A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{0B6B4940-5989-4E0F-818C-D31A432123BF}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{0E64C835-D4F5-4C1E-A977-CAB6209F2CA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11603387-07B6-4625-B9B6-36A066A50EB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1194710B-BFA7-4D3B-BFCD-34FFBD31992C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1248039A-1F6B-4F2B-96D3-8BB8CA50F54C}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{1292F0FC-7504-4A3B-99A0-3DBF09A0705E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{132331B2-B239-41C0-B5BB-9915975D6CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13737B5A-6169-4C2C-BD15-0E78EAF4F171}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{191E1E9C-6C7A-41D8-A06C-81B546AD8B1A}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{1B0A1828-7619-4A13-A1A9-D74F519FA2D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B441073-4915-4EBA-96AD-F4462304A3D0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C56E1C3-C6E7-4EDA-BE18-6BB82D8D9E05}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1FC83F56-E27A-49CA-8E65-3F898EA55A91}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{1FD760F3-1615-4E0D-8400-BD3DBB9B05B5}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{20A7F6E7-BCA1-4A65-8AAE-ECC9968B2C5A}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{2106D5E1-6048-4366-838E-6AB94E7C5DB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{210EBAAC-F5D8-4EC7-A5A7-D42A2D3CA257}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{2B5E71F3-6F88-4769-B23B-BC7075FA010C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2F5D466E-267F-4DD7-8E37-5552FCC42772}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36801DAA-C625-476B-91C3-E09CD9926633}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{381C8651-1C11-42E2-9302-5051B11AD6FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{383542E7-3207-47B0-92AA-8895849194E3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3843A4FA-47F3-4A24-9098-A6E81B104D01}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{3A93A826-5B40-4754-BDCE-125FAB0AAA1B}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{3D438CEA-E18B-4C19-A056-E6D6335265C2}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{3DDDECC1-C8C3-437B-9D92-01432B5F1152}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E24E889-ED5E-48F6-9D56-7C813A5BC542}" = protocol=1 | dir=out | [email protected],-28544 |
"{47D18C09-A0A6-477F-BB9A-5B2C02C1F1B4}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{4D9347A6-436E-4066-B3A8-FDF177AE8333}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{4FFD19BC-FA3C-49E2-9EEA-34D4F3732166}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{5057E42E-CE20-4D40-9849-DB4C5E5906F6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6011B781-FD7E-4C82-9CC1-4D9F60A0EB55}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{601BFFE5-AA56-4627-ABE5-1755E0B47300}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6149A0EE-DDF1-4566-A24E-D02646C57A4A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6A60A407-C280-4C6F-83FC-948D77439244}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6B9C2225-EB45-43A7-B1E1-4A2D20C438A0}" = protocol=1 | dir=in | [email protected],-28543 |
"{82B0C132-4E85-4789-AE12-88CA629443E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{851931C9-A810-4BBF-8735-42AE6F7F4507}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8928E3D8-5969-493E-AD38-19C53CA1C078}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90C48F57-B0B3-415B-8544-A03294D4A30E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{9D22FFD8-C8FE-46D6-9752-179FEBC464DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D2B633C-3790-48CD-983F-3CB93C2E1F3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2DD148E-7BB5-4D02-976B-B38B3B13706A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A3981AA8-7C0C-414D-A6B5-9D087C501324}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A9422CE1-C19E-4487-B98C-02624DB7DA2D}" = protocol=58 | dir=out | [email protected],-28546 |
"{B0B773EA-AE79-46DA-91BA-0BF5723BE9A8}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{B5CA2381-B533-40E4-ACDC-7A3E3098EF4A}" = protocol=58 | dir=in | [email protected],-28545 |
"{C6CF8D18-1702-4C16-AA80-4A3EE43FD1FC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D0C7A7FE-B542-47B0-BBAD-5C4911BCDA8B}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{D1CF0138-F154-4446-9E20-45F7288F823C}" = protocol=6 | dir=out | app=system |
"{D77D8288-0DAA-494F-A3F0-5BAA4AB3D163}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D7E5E95E-A44D-45BD-84F6-86056886287D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE3624D4-B38F-470A-8A3B-8DBE323C7B91}" = protocol=58 | dir=in | [email protected],-148 |
"{DF6AF305-0B72-419E-839B-DBC6AE56A7DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1933060-132B-43F6-A019-D15770D8A438}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E570D963-A227-40AF-B5AB-82DC5F23CF08}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{EBAE75C5-8AC5-4646-9B72-BC2D76F8C4BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{ECD4ABD7-6EE6-42DA-9BF4-8580ACBFC1F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EF683477-81D8-4A50-B03E-6B4A57CBC45F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4583F1A-D87A-4398-A511-416BA969E0CB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FCEC71AA-C160-4FEF-A0F3-CD724876A041}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FDAFB29B-53C6-4608-9975-9E417F4A6148}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FDE37F1B-7D1D-4453-91CC-C14666F8F218}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B95AFF96-7498-4C91-AE7A-3CBA62B9DD60}" = ZoomEx
"{DE274C2F-D9E5-4DE7-96FC-5D18DC5A71FD}" = Broadcom Management Programs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"92F4CDC794E6E4E29DC063D292D1C94F6FA1EA1E" = Windows Driver Package - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lenovo EasyCamera" = Lenovo EasyCamera
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ZoomEx" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06E1854-1580-4157-AD70-72734D324DEA}" = Lenovo Idea Notes
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2602F16-02D1-4F1C-99A5-E246C522A59D}" = Lenovo First Boot
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Audacity_is1" = Audacity 2.0
"avast" = avast! Internet Security
"BitTorrent" = BitTorrent
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Comical_is1" = Comical 0.8
"EA Download Manager" = EA Download Manager
"EasyCapture4.0" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ID Vault" = ID Vault
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"SP_5dec30d7" =
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"uTorrent" = µTorrent
"VeriFace" = VeriFace
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2013 4:31:22 AM | Computer Name = user-PC | Source = ZoomExUpdater | ID = 0
Description =

Error - 2/7/2013 4:31:23 AM | Computer Name = user-PC | Source = ZoomExUpdater | ID = 0
Description =

Error - 2/7/2013 4:31:23 AM | Computer Name = user-PC | Source = ZoomExUpdater | ID = 0
Description =

Error - 2/7/2013 4:31:24 AM | Computer Name = user-PC | Source = ZoomExUpdater | ID = 0
Description =

Error - 2/7/2013 7:06:42 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/7/2013 7:06:42 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584

Error - 2/7/2013 7:06:42 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584

Error - 2/7/2013 7:12:18 AM | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 2/7/2013 7:44:01 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/7/2013 8:09:05 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_BITS, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000077a9000a Faulting process
id: 0x384 Faulting application start time: 0x01ce0524125f1ecc Faulting application
path: C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: 2a8aa9e9-711f-11e2-86fe-88ae1d1f1c60

[ System Events ]
Error - 2/7/2013 8:22:56 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 8:22:56 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 8:23:32 PM | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =

Error - 2/7/2013 8:24:18 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 8:24:18 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 8:24:18 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 8:24:22 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 8:24:22 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 8:24:22 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/7/2013 10:46:43 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Uninstall:

ZoomEx
Java™ 6 Update 31
EA Download Manager
EA Download Manager UI
BitTorrent
µTorrent
Windows Live Movie Maker
Lenovo ReadyComm 5.0 Service (This controls Wifi so you may need to let Windows control the WiFi if that's how you are connecting then set it up again.) ReadyComm has a really bad rep so best to do without it. You might want to visit Lenovo and download the latest version before uninstalling this so you will have a way to go back if you need it.)

Update when you get a chance:
Adobe Reader 9.5.0 This should be 11.something. Uninstall this one and get the latest from Adobe.com. Do not let it install anything else like a toolbar or security scan.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...dc-88ae1d1f1c60
IE - HKLM\..\SearchScopes\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...dc-88ae1d1f1c60
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {62CD514E-467E-4B6C-9B3D-8CCBD60E701A}
IE - HKCU\..\SearchScopes\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}: "URL" = http://searchab.com/...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O20 - AppInit_DLLs: (c:\progra~2\zoomex\sprote~1.dll) - c:\Program Files (x86)\ZoomEx\sprotector.dll ()
[2013/01/21 21:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/21 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2013/01/21 21:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomEx
[2013/01/21 21:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoomex
[2013/01/21 21:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/01/21 21:46:20 | 000,000,110 | ---- | C] () -- C:\prefs.js

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
at /c
C:\Windows\tasks\At*.job
%ALLUSERSPROFILE%\Application Data\InstallMate
%ALLUSERSPROFILE%\Application Data\Premium\ZoomEx
%PROGRAMFILES%\ZoomEx
%TEMP%\7zSE.tmp


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01162013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Ron
  • 0

#3
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thank you Ron, please bear with me as it will take some time to complete these tasks. I appreciate your time, those logs looked like a bear to get through.

-alexander4
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
No hurry. You may find it easier to post each log as you get it. Skip any step that doesn't want to work and go on to the next one.
  • 0

#5
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL Log
aswMBR is running now, will post shortly

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62CD514E-467E-4B6C-9B3D-8CCBD60E701A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File C:\Program Files (x86)\Java\jre6\bin\ssv.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\zoomex\sprote~1.dll deleted successfully.
File c:\Program Files (x86)\ZoomEx\sprotector.dll not found.
C:\ProgramData\CLSoft LTD\Setup folder moved successfully.
C:\ProgramData\CLSoft LTD folder moved successfully.
Folder C:\ProgramData\Premium\ not found.
C:\Program Files (x86)\ZoomEx folder moved successfully.
C:\ProgramData\Zoomex folder moved successfully.
C:\ProgramData\InstallMate\{B95AFF96-7498-4C91-AE7A-3CBA62B9DD60} folder moved successfully.
C:\ProgramData\InstallMate\{921B064C-DD7E-4478-A693-955C49F824BA} folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
C:\prefs.js moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< at /c >
There are no entries in the list.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
File/Folder C:\ProgramData\Application Data\InstallMate not found.
File/Folder C:\ProgramData\Application Data\Premium\ZoomEx not found.
File/Folder C:\Program Files (x86)\ZoomEx not found.
File/Folder C:\Users\user\AppData\Local\Temp\7zSE.tmp not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: user
->Flash cache emptied: 208522 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: user
->Java cache emptied: 1546764 bytes

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02082013_002143
  • 0

#6
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-08 00:27:06
-----------------------------
00:27:06.426 OS Version: Windows x64 6.1.7601 Service Pack 1
00:27:06.426 Number of processors: 2 586 0x170A
00:27:06.442 ComputerName: USER-PC UserName: user
00:27:17.424 Initialize success
00:27:23.399 AVAST engine defs: 13020601
00:27:38.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:27:38.375 Disk 0 Vendor: ST925031 0010 Size: 238475MB BusType: 3
00:27:38.406 Disk 0 MBR read successfully
00:27:38.406 Disk 0 MBR scan
00:27:38.905 Disk 0 Windows 7 default MBR code
00:27:38.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
00:27:39.560 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 192192 MB offset 411648
00:27:39.623 Disk 0 Partition - 00 0F Extended LBA 30973 MB offset 394021568
00:27:39.638 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 457454272
00:27:39.716 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 30972 MB offset 394023616
00:27:40.278 Disk 0 scanning C:\windows\system32\drivers
00:28:03.569 Service scanning
00:28:35.549 Modules scanning
00:28:37.421 AVAST engine scan C:\windows
00:28:39.901 AVAST engine scan C:\windows\system32
00:32:40.454 AVAST engine scan C:\windows\system32\drivers
00:33:05.929 AVAST engine scan C:\Users\user
00:47:14.711 AVAST engine scan C:\ProgramData
00:48:29.497 Scan finished successfully
01:12:47.663 Disk 0 MBR has been saved successfully to "F:\Cody fix\MBR.dat"
01:12:48.302 The log file has been saved successfully to "F:\Cody fix\aswMBR.txt"
  • 0

#7
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Combo Fix Log

ComboFix 13-02-07.02 - user 02/08/2013 1:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2422 [GMT -6:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\users\user\AppData\Local\Vid-Saver
c:\users\user\AppData\Roaming\inst.exe
c:\users\user\Documents\~WRL0003.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 )))))))))))))))))))))))))))))))
.
.
2013-02-08 07:35 . 2013-02-08 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-08 06:21 . 2013-02-08 06:21 -------- d-----w- C:\_OTL
2013-02-08 06:03 . 2013-02-08 06:03 -------- d-----w- c:\users\user\AppData\Roaming\Lenovo
2013-02-07 12:47 . 2013-02-07 12:47 -------- d-----w- c:\program files (x86)\Broadcom Wireless
2013-02-07 12:47 . 2009-07-07 23:45 2769400 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2013-02-07 12:46 . 2013-02-07 12:46 -------- d-----w- c:\users\user\AppData\Roaming\InstallShield
2013-02-07 10:22 . 2013-02-07 10:22 -------- d-----w- c:\windows\Downloaded Installations
2013-02-07 10:03 . 2013-02-07 10:22 -------- d-----w- C:\Drivers
2013-02-07 08:12 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-07 08:12 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-07 08:12 . 2012-10-30 23:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-02-07 08:11 . 2012-10-30 23:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-02-07 08:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-02-07 08:11 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-07 08:11 . 2012-10-30 23:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-07 08:11 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-07 08:11 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-07 08:11 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-07 08:10 . 2012-09-21 09:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-02-07 08:10 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-07 08:10 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-02-07 08:10 . 2013-02-07 08:10 -------- d-----w- c:\programdata\AVAST Software
2013-02-07 08:10 . 2013-02-07 08:10 -------- d-----w- c:\program files\AVAST Software
2013-01-23 10:21 . 2013-02-08 07:35 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D206441F-0B67-4C24-8D57-08BEF8CD5D51}\offreg.dll
2013-01-22 23:59 . 2013-01-22 23:59 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-01-22 23:59 . 2013-01-22 23:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-22 23:58 . 2013-01-22 23:58 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-01-22 23:58 . 2013-01-22 23:58 -------- d-----w- c:\users\user\AppData\Local\Updater3491
2013-01-22 07:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-22 07:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-22 07:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-22 07:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-22 06:57 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-22 06:57 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-22 06:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-22 06:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-22 06:56 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-22 06:56 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-22 06:56 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-22 06:56 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-22 06:56 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-22 06:56 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-22 06:56 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-22 03:53 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-22 03:53 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-22 03:53 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-22 03:53 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-22 03:53 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-22 03:53 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-22 03:50 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-22 03:44 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-22 03:42 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D206441F-0B67-4C24-8D57-08BEF8CD5D51}\mpengine.dll
2013-01-22 03:39 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 23:31 . 2010-09-10 05:23 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-22 03:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [2010-06-17 10112]
R3 StMp3Recx64;Player Recovery Device Control Driver;c:\windows\system32\Drivers\StMp3Recx64.sys [2007-01-12 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1255736]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]
R4 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [2009-07-06 117568]
R4 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2009-06-23 172720]
R4 IDVaultSvc;IDVault Service;c:\program files (x86)\ID Vault\IDVaultSvc.exe [2010-12-04 42312]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 funfrm;funfrm; [x]
S1 GIDv2;GIDv2; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 26128]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-13 82816]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 197376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2010-09-20 15:15 432904 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2496846423-2674535317-2042609940-1004Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 17:32]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2496846423-2674535317-2042609940-1004UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 17:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-05-07 14:58 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{E9A4529E-068B-4B04-9C74-D9783C1ACAFF}\4497E65687: DhcpNameServer = 192.168.2.1 24.217.0.5 24.217.201.67 68.113.206.10
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-08 01:38:04
ComboFix-quarantined-files.txt 2013-02-08 07:38
.
Pre-Run: 91,542,351,872 bytes free
Post-Run: 91,919,781,888 bytes free
.
- - End Of File - - 8E9E713845BAE61BB971DB4502EA7759
  • 0

#8
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
First TDSKiller Log

edit: now with the log!

02:34:06.0045 1196 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:34:06.0076 1196 ============================================================
02:34:06.0076 1196 Current date / time: 2013/02/08 02:34:06.0076
02:34:06.0076 1196 SystemInfo:
02:34:06.0076 1196
02:34:06.0076 1196 OS Version: 6.1.7601 ServicePack: 1.0
02:34:06.0076 1196 Product type: Workstation
02:34:06.0076 1196 ComputerName: USER-PC
02:34:06.0076 1196 UserName: user
02:34:06.0076 1196 Windows directory: C:\windows
02:34:06.0076 1196 System windows directory: C:\windows
02:34:06.0076 1196 Running under WOW64
02:34:06.0076 1196 Processor architecture: Intel x64
02:34:06.0076 1196 Number of processors: 2
02:34:06.0076 1196 Page size: 0x1000
02:34:06.0076 1196 Boot type: Normal boot
02:34:06.0076 1196 ============================================================
02:34:06.0498 1196 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:34:06.0498 1196 ============================================================
02:34:06.0498 1196 \Device\Harddisk0\DR0:
02:34:06.0498 1196 MBR partitions:
02:34:06.0498 1196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
02:34:06.0498 1196 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x177602C0
02:34:06.0544 1196 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x177C52C0, BlocksNum 0x3C7E000
02:34:06.0544 1196 ============================================================
02:34:06.0591 1196 C: <-> \Device\Harddisk0\DR0\Partition2
02:34:06.0638 1196 D: <-> \Device\Harddisk0\DR0\Partition3
02:34:06.0638 1196 ============================================================
02:34:06.0638 1196 Initialize success
02:34:06.0638 1196 ============================================================
02:34:28.0665 2984 ============================================================
02:34:28.0665 2984 Scan started
02:34:28.0665 2984 Mode: Manual;
02:34:28.0665 2984 ============================================================
02:34:29.0320 2984 ================ Scan system memory ========================
02:34:29.0320 2984 System memory - ok
02:34:29.0320 2984 ================ Scan services =============================
02:34:29.0508 2984 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
02:34:29.0508 2984 1394ohci - ok
02:34:29.0570 2984 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
02:34:29.0570 2984 ACPI - ok
02:34:29.0586 2984 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
02:34:29.0601 2984 AcpiPmi - ok
02:34:29.0632 2984 [ 2E68544BCE94DE6677F700CF1D582B6D ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
02:34:29.0632 2984 ACPIVPC - ok
02:34:29.0695 2984 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
02:34:29.0695 2984 adp94xx - ok
02:34:29.0726 2984 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
02:34:29.0726 2984 adpahci - ok
02:34:29.0773 2984 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
02:34:29.0773 2984 adpu320 - ok
02:34:29.0820 2984 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
02:34:29.0820 2984 AeLookupSvc - ok
02:34:29.0882 2984 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
02:34:29.0898 2984 AFD - ok
02:34:29.0960 2984 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
02:34:29.0960 2984 agp440 - ok
02:34:29.0991 2984 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
02:34:29.0991 2984 ALG - ok
02:34:30.0022 2984 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
02:34:30.0022 2984 aliide - ok
02:34:30.0038 2984 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
02:34:30.0038 2984 amdide - ok
02:34:30.0085 2984 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
02:34:30.0085 2984 AmdK8 - ok
02:34:30.0116 2984 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
02:34:30.0116 2984 AmdPPM - ok
02:34:30.0163 2984 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
02:34:30.0163 2984 amdsata - ok
02:34:30.0210 2984 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
02:34:30.0210 2984 amdsbs - ok
02:34:30.0241 2984 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
02:34:30.0241 2984 amdxata - ok
02:34:30.0288 2984 [ DA27258BC70C6924D60FCA7A5827E9EF ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
02:34:30.0288 2984 ApfiltrService - ok
02:34:30.0350 2984 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
02:34:30.0366 2984 AppID - ok
02:34:30.0381 2984 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
02:34:30.0397 2984 AppIDSvc - ok
02:34:30.0428 2984 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
02:34:30.0428 2984 Appinfo - ok
02:34:30.0553 2984 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:34:30.0553 2984 Apple Mobile Device - ok
02:34:30.0615 2984 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
02:34:30.0615 2984 arc - ok
02:34:30.0646 2984 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
02:34:30.0646 2984 arcsas - ok
02:34:30.0662 2984 ASPI - ok
02:34:30.0709 2984 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
02:34:30.0709 2984 aswFsBlk - ok
02:34:30.0771 2984 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\windows\system32\drivers\aswFW.sys
02:34:30.0771 2984 aswFW - ok
02:34:30.0802 2984 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
02:34:30.0802 2984 aswKbd - ok
02:34:30.0834 2984 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
02:34:30.0834 2984 aswMonFlt - ok
02:34:30.0849 2984 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys
02:34:30.0849 2984 aswNdis - ok
02:34:30.0896 2984 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys
02:34:30.0912 2984 aswNdis2 - ok
02:34:30.0927 2984 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
02:34:30.0927 2984 aswRdr - ok
02:34:30.0974 2984 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys
02:34:30.0974 2984 aswSnx - ok
02:34:31.0005 2984 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys
02:34:31.0005 2984 aswSP - ok
02:34:31.0036 2984 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
02:34:31.0036 2984 aswTdi - ok
02:34:31.0068 2984 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
02:34:31.0068 2984 AsyncMac - ok
02:34:31.0114 2984 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
02:34:31.0130 2984 atapi - ok
02:34:31.0192 2984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
02:34:31.0192 2984 AudioEndpointBuilder - ok
02:34:31.0224 2984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
02:34:31.0239 2984 AudioSrv - ok
02:34:31.0333 2984 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:34:31.0333 2984 avast! Antivirus - ok
02:34:31.0380 2984 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
02:34:31.0380 2984 avast! Firewall - ok
02:34:31.0473 2984 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
02:34:31.0473 2984 AxInstSV - ok
02:34:31.0520 2984 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
02:34:31.0520 2984 b06bdrv - ok
02:34:31.0567 2984 [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
02:34:31.0567 2984 b57nd60a - ok
02:34:31.0660 2984 [ 830DFC7958ADBDDD40E0B61B461432B0 ] BASFND C:\Program Files\Broadcom\BACS\BASFND.sys
02:34:31.0660 2984 BASFND - ok
02:34:31.0785 2984 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
02:34:31.0801 2984 BCM43XX - ok
02:34:31.0879 2984 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
02:34:31.0879 2984 BcmSqlStartupSvc - ok
02:34:31.0910 2984 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
02:34:31.0910 2984 BDESVC - ok
02:34:31.0972 2984 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
02:34:31.0972 2984 Beep - ok
02:34:32.0050 2984 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
02:34:32.0050 2984 BFE - ok
02:34:32.0082 2984 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
02:34:32.0097 2984 BITS - ok
02:34:32.0144 2984 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
02:34:32.0144 2984 blbdrive - ok
02:34:32.0206 2984 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:34:32.0206 2984 Bonjour Service - ok
02:34:32.0253 2984 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
02:34:32.0269 2984 bowser - ok
02:34:32.0300 2984 [ 63872B52C541BE4308A4FE0BA714B7B4 ] BPowMon C:\Program Files\Broadcom\BACS\BPowMon.exe
02:34:32.0300 2984 BPowMon - ok
02:34:32.0347 2984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
02:34:32.0347 2984 BrFiltLo - ok
02:34:32.0362 2984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
02:34:32.0362 2984 BrFiltUp - ok
02:34:32.0394 2984 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
02:34:32.0409 2984 BridgeMP - ok
02:34:32.0440 2984 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
02:34:32.0440 2984 Browser - ok
02:34:32.0487 2984 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
02:34:32.0487 2984 Brserid - ok
02:34:32.0518 2984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
02:34:32.0518 2984 BrSerWdm - ok
02:34:32.0550 2984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
02:34:32.0550 2984 BrUsbMdm - ok
02:34:32.0596 2984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
02:34:32.0596 2984 BrUsbSer - ok
02:34:32.0643 2984 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
02:34:32.0643 2984 BthEnum - ok
02:34:32.0674 2984 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
02:34:32.0674 2984 BTHMODEM - ok
02:34:32.0706 2984 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
02:34:32.0706 2984 BthPan - ok
02:34:32.0768 2984 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
02:34:32.0784 2984 BTHPORT - ok
02:34:32.0815 2984 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
02:34:32.0815 2984 bthserv - ok
02:34:32.0862 2984 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
02:34:32.0862 2984 BTHUSB - ok
02:34:32.0877 2984 catchme - ok
02:34:32.0908 2984 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
02:34:32.0908 2984 cdfs - ok
02:34:32.0971 2984 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
02:34:32.0971 2984 cdrom - ok
02:34:33.0018 2984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
02:34:33.0018 2984 CertPropSvc - ok
02:34:33.0033 2984 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
02:34:33.0033 2984 circlass - ok
02:34:33.0080 2984 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
02:34:33.0080 2984 CLFS - ok
02:34:33.0158 2984 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:34:33.0174 2984 clr_optimization_v2.0.50727_32 - ok
02:34:33.0252 2984 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:34:33.0252 2984 clr_optimization_v2.0.50727_64 - ok
02:34:33.0345 2984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:34:33.0345 2984 clr_optimization_v4.0.30319_32 - ok
02:34:33.0376 2984 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:34:33.0376 2984 clr_optimization_v4.0.30319_64 - ok
02:34:33.0423 2984 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
02:34:33.0423 2984 CmBatt - ok
02:34:33.0470 2984 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
02:34:33.0470 2984 cmdide - ok
02:34:33.0517 2984 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
02:34:33.0532 2984 CNG - ok
02:34:33.0579 2984 [ 0D23C3312838EEA1ED55D5F135BCA613 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
02:34:33.0595 2984 CnxtHdAudService - ok
02:34:33.0626 2984 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
02:34:33.0626 2984 Compbatt - ok
02:34:33.0673 2984 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
02:34:33.0673 2984 CompositeBus - ok
02:34:33.0704 2984 COMSysApp - ok
02:34:33.0720 2984 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
02:34:33.0720 2984 crcdisk - ok
02:34:33.0766 2984 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
02:34:33.0766 2984 CryptSvc - ok
02:34:33.0829 2984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
02:34:33.0829 2984 DcomLaunch - ok
02:34:33.0922 2984 [ CFF03EF53209704872C736EB4AF3EB26 ] DDNIMSGService C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
02:34:33.0922 2984 DDNIMSGService - ok
02:34:33.0969 2984 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
02:34:33.0969 2984 defragsvc - ok
02:34:34.0016 2984 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
02:34:34.0016 2984 DfsC - ok
02:34:34.0063 2984 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
02:34:34.0063 2984 Dhcp - ok
02:34:34.0094 2984 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
02:34:34.0094 2984 discache - ok
02:34:34.0125 2984 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
02:34:34.0141 2984 Disk - ok
02:34:34.0172 2984 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
02:34:34.0172 2984 Dnscache - ok
02:34:34.0219 2984 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
02:34:34.0219 2984 dot3svc - ok
02:34:34.0250 2984 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
02:34:34.0250 2984 DPS - ok
02:34:34.0281 2984 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
02:34:34.0281 2984 drmkaud - ok
02:34:34.0344 2984 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
02:34:34.0344 2984 DXGKrnl - ok
02:34:34.0375 2984 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
02:34:34.0390 2984 EapHost - ok
02:34:34.0484 2984 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
02:34:34.0515 2984 ebdrv - ok
02:34:34.0578 2984 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
02:34:34.0578 2984 EFS - ok
02:34:34.0640 2984 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
02:34:34.0656 2984 ehRecvr - ok
02:34:34.0687 2984 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
02:34:34.0687 2984 ehSched - ok
02:34:34.0734 2984 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
02:34:34.0734 2984 elxstor - ok
02:34:34.0765 2984 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
02:34:34.0765 2984 ErrDev - ok
02:34:34.0827 2984 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
02:34:34.0827 2984 EventSystem - ok
02:34:34.0843 2984 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
02:34:34.0843 2984 exfat - ok
02:34:34.0874 2984 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
02:34:34.0874 2984 fastfat - ok
02:34:34.0952 2984 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
02:34:34.0952 2984 Fax - ok
02:34:34.0999 2984 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
02:34:34.0999 2984 fdc - ok
02:34:35.0030 2984 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
02:34:35.0030 2984 fdPHost - ok
02:34:35.0061 2984 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
02:34:35.0061 2984 FDResPub - ok
02:34:35.0092 2984 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
02:34:35.0092 2984 FileInfo - ok
02:34:35.0108 2984 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
02:34:35.0108 2984 Filetrace - ok
02:34:35.0124 2984 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
02:34:35.0124 2984 flpydisk - ok
02:34:35.0155 2984 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
02:34:35.0170 2984 FltMgr - ok
02:34:35.0217 2984 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
02:34:35.0233 2984 FontCache - ok
02:34:35.0311 2984 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:34:35.0311 2984 FontCache3.0.0.0 - ok
02:34:35.0342 2984 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
02:34:35.0342 2984 FsDepends - ok
02:34:35.0389 2984 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
02:34:35.0389 2984 Fs_Rec - ok
02:34:35.0451 2984 [ 6CCF66BCA3D24146CB8B0930DBA1448F ] funfrm C:\windows\system32\drivers\funfrm.sys
02:34:35.0451 2984 funfrm - ok
02:34:35.0498 2984 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
02:34:35.0498 2984 fvevol - ok
02:34:35.0529 2984 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
02:34:35.0529 2984 gagp30kx - ok
02:34:35.0638 2984 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:34:35.0638 2984 GEARAspiWDM - ok
02:34:35.0670 2984 [ 8172B3460291AE4C1D5209F8EA0F8868 ] GIDv2 C:\windows\system32\drivers\GIDv2.sys
02:34:35.0670 2984 GIDv2 - ok
02:34:35.0732 2984 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
02:34:35.0748 2984 gpsvc - ok
02:34:35.0763 2984 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
02:34:35.0763 2984 hcw85cir - ok
02:34:35.0826 2984 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
02:34:35.0826 2984 HdAudAddService - ok
02:34:35.0904 2984 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
02:34:35.0904 2984 HDAudBus - ok
02:34:35.0935 2984 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
02:34:35.0935 2984 HidBatt - ok
02:34:35.0966 2984 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
02:34:35.0966 2984 HidBth - ok
02:34:35.0982 2984 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
02:34:35.0982 2984 HidIr - ok
02:34:36.0013 2984 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
02:34:36.0013 2984 hidserv - ok
02:34:36.0044 2984 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
02:34:36.0060 2984 HidUsb - ok
02:34:36.0091 2984 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
02:34:36.0091 2984 hkmsvc - ok
02:34:36.0138 2984 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
02:34:36.0138 2984 HomeGroupListener - ok
02:34:36.0184 2984 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
02:34:36.0200 2984 HomeGroupProvider - ok
02:34:36.0247 2984 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
02:34:36.0247 2984 HpSAMD - ok
02:34:36.0309 2984 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
02:34:36.0325 2984 HTTP - ok
02:34:36.0372 2984 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
02:34:36.0372 2984 hwpolicy - ok
02:34:36.0418 2984 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
02:34:36.0418 2984 i8042prt - ok
02:34:36.0481 2984 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
02:34:36.0496 2984 IAANTMON - ok
02:34:36.0543 2984 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
02:34:36.0543 2984 iaStor - ok
02:34:36.0606 2984 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
02:34:36.0606 2984 iaStorV - ok
02:34:36.0684 2984 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:34:36.0699 2984 idsvc - ok
02:34:36.0762 2984 [ 87402686FB5588D20CC3BB8E919A0650 ] IDVaultSvc C:\Program Files (x86)\ID Vault\IDVaultSvc.exe
02:34:36.0762 2984 IDVaultSvc - ok
02:34:36.0949 2984 [ AC4B14E985B2BB19386CC8203FE49BCD ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
02:34:36.0996 2984 igfx - ok
02:34:37.0042 2984 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
02:34:37.0042 2984 iirsp - ok
02:34:37.0105 2984 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
02:34:37.0105 2984 IKEEXT - ok
02:34:37.0152 2984 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
02:34:37.0152 2984 intelide - ok
02:34:37.0183 2984 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
02:34:37.0183 2984 intelppm - ok
02:34:37.0214 2984 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
02:34:37.0214 2984 IPBusEnum - ok
02:34:37.0245 2984 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
02:34:37.0245 2984 IpFilterDriver - ok
02:34:37.0292 2984 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
02:34:37.0292 2984 iphlpsvc - ok
02:34:37.0323 2984 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
02:34:37.0339 2984 IPMIDRV - ok
02:34:37.0354 2984 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
02:34:37.0354 2984 IPNAT - ok
02:34:37.0448 2984 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:34:37.0464 2984 iPod Service - ok
02:34:37.0495 2984 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
02:34:37.0495 2984 IRENUM - ok
02:34:37.0542 2984 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
02:34:37.0542 2984 isapnp - ok
02:34:37.0573 2984 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
02:34:37.0588 2984 iScsiPrt - ok
02:34:37.0620 2984 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
02:34:37.0620 2984 k57nd60a - ok
02:34:37.0666 2984 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
02:34:37.0666 2984 kbdclass - ok
02:34:37.0698 2984 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
02:34:37.0698 2984 kbdhid - ok
02:34:37.0713 2984 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
02:34:37.0729 2984 KeyIso - ok
02:34:37.0760 2984 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
02:34:37.0760 2984 KSecDD - ok
02:34:37.0822 2984 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
02:34:37.0822 2984 KSecPkg - ok
02:34:37.0854 2984 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
02:34:37.0854 2984 ksthunk - ok
02:34:37.0885 2984 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
02:34:37.0885 2984 KtmRm - ok
02:34:37.0963 2984 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
02:34:37.0978 2984 LanmanServer - ok
02:34:38.0010 2984 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
02:34:38.0010 2984 LanmanWorkstation - ok
02:34:38.0056 2984 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
02:34:38.0056 2984 lltdio - ok
02:34:38.0088 2984 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
02:34:38.0088 2984 lltdsvc - ok
02:34:38.0119 2984 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
02:34:38.0119 2984 lmhosts - ok
02:34:38.0166 2984 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
02:34:38.0166 2984 LSI_FC - ok
02:34:38.0212 2984 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
02:34:38.0212 2984 LSI_SAS - ok
02:34:38.0244 2984 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
02:34:38.0244 2984 LSI_SAS2 - ok
02:34:38.0275 2984 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
02:34:38.0290 2984 LSI_SCSI - ok
02:34:38.0322 2984 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
02:34:38.0322 2984 luafv - ok
02:34:38.0384 2984 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
02:34:38.0400 2984 Mcx2Svc - ok
02:34:38.0446 2984 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
02:34:38.0462 2984 MDM - ok
02:34:38.0493 2984 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
02:34:38.0493 2984 megasas - ok
02:34:38.0524 2984 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
02:34:38.0524 2984 MegaSR - ok
02:34:38.0618 2984 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:34:38.0618 2984 Microsoft Office Groove Audit Service - ok
02:34:38.0665 2984 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
02:34:38.0665 2984 MMCSS - ok
02:34:38.0696 2984 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
02:34:38.0696 2984 Modem - ok
02:34:38.0712 2984 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
02:34:38.0712 2984 monitor - ok
02:34:38.0743 2984 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
02:34:38.0743 2984 mouclass - ok
02:34:38.0774 2984 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
02:34:38.0774 2984 mouhid - ok
02:34:38.0821 2984 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
02:34:38.0821 2984 mountmgr - ok
02:34:38.0868 2984 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
02:34:38.0883 2984 mpio - ok
02:34:38.0914 2984 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
02:34:38.0914 2984 mpsdrv - ok
02:34:38.0977 2984 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
02:34:38.0977 2984 MpsSvc - ok
02:34:39.0039 2984 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
02:34:39.0039 2984 MRxDAV - ok
02:34:39.0086 2984 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
02:34:39.0086 2984 mrxsmb - ok
02:34:39.0133 2984 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
02:34:39.0133 2984 mrxsmb10 - ok
02:34:39.0148 2984 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
02:34:39.0148 2984 mrxsmb20 - ok
02:34:39.0195 2984 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
02:34:39.0195 2984 msahci - ok
02:34:39.0242 2984 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
02:34:39.0242 2984 msdsm - ok
02:34:39.0273 2984 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
02:34:39.0273 2984 MSDTC - ok
02:34:39.0320 2984 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
02:34:39.0320 2984 Msfs - ok
02:34:39.0336 2984 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
02:34:39.0336 2984 mshidkmdf - ok
02:34:39.0367 2984 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
02:34:39.0367 2984 msisadrv - ok
02:34:39.0398 2984 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
02:34:39.0398 2984 MSiSCSI - ok
02:34:39.0414 2984 msiserver - ok
02:34:39.0445 2984 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
02:34:39.0445 2984 MSKSSRV - ok
02:34:39.0476 2984 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
02:34:39.0476 2984 MSPCLOCK - ok
02:34:39.0492 2984 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
02:34:39.0492 2984 MSPQM - ok
02:34:39.0538 2984 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
02:34:39.0554 2984 MsRPC - ok
02:34:39.0601 2984 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
02:34:39.0601 2984 mssmbios - ok
02:34:39.0663 2984 MSSQL$MSSMLBIZ - ok
02:34:39.0710 2984 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
02:34:39.0710 2984 MSSQLServerADHelper - ok
02:34:39.0741 2984 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
02:34:39.0741 2984 MSTEE - ok
02:34:39.0757 2984 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
02:34:39.0757 2984 MTConfig - ok
02:34:39.0819 2984 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
02:34:39.0819 2984 Mup - ok
02:34:39.0866 2984 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
02:34:39.0882 2984 napagent - ok
02:34:39.0913 2984 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
02:34:39.0913 2984 NativeWifiP - ok
02:34:39.0991 2984 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
02:34:40.0006 2984 NDIS - ok
02:34:40.0022 2984 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
02:34:40.0022 2984 NdisCap - ok
02:34:40.0069 2984 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
02:34:40.0069 2984 NdisTapi - ok
02:34:40.0131 2984 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
02:34:40.0131 2984 Ndisuio - ok
02:34:40.0178 2984 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
02:34:40.0178 2984 NdisWan - ok
02:34:40.0209 2984 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
02:34:40.0225 2984 NDProxy - ok
02:34:40.0240 2984 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
02:34:40.0256 2984 NetBIOS - ok
02:34:40.0303 2984 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
02:34:40.0303 2984 NetBT - ok
02:34:40.0318 2984 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
02:34:40.0318 2984 Netlogon - ok
02:34:40.0365 2984 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
02:34:40.0381 2984 Netman - ok
02:34:40.0396 2984 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
02:34:40.0396 2984 netprofm - ok
02:34:40.0428 2984 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:34:40.0428 2984 NetTcpPortSharing - ok
02:34:40.0584 2984 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
02:34:40.0615 2984 netw5v64 - ok
02:34:40.0662 2984 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
02:34:40.0662 2984 nfrd960 - ok
02:34:40.0693 2984 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
02:34:40.0708 2984 NlaSvc - ok
02:34:40.0740 2984 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
02:34:40.0740 2984 Npfs - ok
02:34:40.0771 2984 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
02:34:40.0771 2984 nsi - ok
02:34:40.0786 2984 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
02:34:40.0786 2984 nsiproxy - ok
02:34:40.0864 2984 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
02:34:40.0880 2984 Ntfs - ok
02:34:40.0927 2984 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
02:34:40.0927 2984 Null - ok
02:34:40.0974 2984 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
02:34:40.0974 2984 nvraid - ok
02:34:41.0005 2984 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
02:34:41.0005 2984 nvstor - ok
02:34:41.0036 2984 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
02:34:41.0036 2984 nv_agp - ok
02:34:41.0114 2984 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:34:41.0114 2984 odserv - ok
02:34:41.0161 2984 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
02:34:41.0161 2984 ohci1394 - ok
02:34:41.0192 2984 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:34:41.0192 2984 ose - ok
02:34:41.0254 2984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
02:34:41.0254 2984 p2pimsvc - ok
02:34:41.0286 2984 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
02:34:41.0286 2984 p2psvc - ok
02:34:41.0317 2984 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
02:34:41.0317 2984 Parport - ok
02:34:41.0348 2984 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
02:34:41.0364 2984 partmgr - ok
02:34:41.0379 2984 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
02:34:41.0379 2984 PcaSvc - ok
02:34:41.0442 2984 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
02:34:41.0442 2984 pci - ok
02:34:41.0457 2984 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
02:34:41.0457 2984 pciide - ok
02:34:41.0504 2984 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
02:34:41.0504 2984 pcmcia - ok
02:34:41.0582 2984 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
02:34:41.0582 2984 pcouffin - ok
02:34:41.0598 2984 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
02:34:41.0598 2984 pcw - ok
02:34:41.0644 2984 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
02:34:41.0644 2984 PEAUTH - ok
02:34:41.0738 2984 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
02:34:41.0738 2984 PerfHost - ok
02:34:41.0816 2984 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
02:34:41.0832 2984 pla - ok
02:34:41.0878 2984 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
02:34:41.0878 2984 PlugPlay - ok
02:34:41.0894 2984 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
02:34:41.0894 2984 PNRPAutoReg - ok
02:34:41.0925 2984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
02:34:41.0925 2984 PNRPsvc - ok
02:34:41.0956 2984 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
02:34:41.0956 2984 PolicyAgent - ok
02:34:41.0988 2984 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
02:34:41.0988 2984 Power - ok
02:34:42.0003 2984 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
02:34:42.0003 2984 PptpMiniport - ok
02:34:42.0034 2984 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
02:34:42.0034 2984 Processor - ok
02:34:42.0081 2984 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
02:34:42.0081 2984 ProfSvc - ok
02:34:42.0097 2984 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
02:34:42.0097 2984 ProtectedStorage - ok
02:34:42.0159 2984 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
02:34:42.0159 2984 Psched - ok
02:34:42.0237 2984 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
02:34:42.0253 2984 ql2300 - ok
02:34:42.0268 2984 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
02:34:42.0284 2984 ql40xx - ok
02:34:42.0315 2984 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
02:34:42.0315 2984 QWAVE - ok
02:34:42.0331 2984 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
02:34:42.0331 2984 QWAVEdrv - ok
02:34:42.0346 2984 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
02:34:42.0346 2984 RasAcd - ok
02:34:42.0378 2984 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
02:34:42.0378 2984 RasAgileVpn - ok
02:34:42.0393 2984 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
02:34:42.0393 2984 RasAuto - ok
02:34:42.0440 2984 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
02:34:42.0456 2984 Rasl2tp - ok
02:34:42.0487 2984 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
02:34:42.0487 2984 RasMan - ok
02:34:42.0518 2984 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
02:34:42.0518 2984 RasPppoe - ok
02:34:42.0565 2984 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
02:34:42.0565 2984 RasSstp - ok
02:34:42.0612 2984 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
02:34:42.0612 2984 rdbss - ok
02:34:42.0643 2984 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
02:34:42.0643 2984 rdpbus - ok
02:34:42.0658 2984 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
02:34:42.0658 2984 RDPCDD - ok
02:34:42.0705 2984 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
02:34:42.0705 2984 RDPENCDD - ok
02:34:42.0721 2984 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
02:34:42.0721 2984 RDPREFMP - ok
02:34:42.0768 2984 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
02:34:42.0768 2984 RDPWD - ok
02:34:42.0846 2984 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
02:34:42.0846 2984 rdyboost - ok
02:34:42.0877 2984 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
02:34:42.0877 2984 RemoteAccess - ok
02:34:42.0908 2984 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
02:34:42.0908 2984 RemoteRegistry - ok
02:34:42.0939 2984 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
02:34:42.0955 2984 RFCOMM - ok
02:34:42.0970 2984 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
02:34:42.0970 2984 RpcEptMapper - ok
02:34:43.0002 2984 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
02:34:43.0002 2984 RpcLocator - ok
02:34:43.0048 2984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
02:34:43.0048 2984 RpcSs - ok
02:34:43.0095 2984 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
02:34:43.0095 2984 rspndr - ok
02:34:43.0111 2984 RSUSBSTOR - ok
02:34:43.0126 2984 RtsUIR - ok
02:34:43.0142 2984 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
02:34:43.0142 2984 SamSs - ok
02:34:43.0189 2984 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
02:34:43.0189 2984 sbp2port - ok
02:34:43.0220 2984 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
02:34:43.0220 2984 SCardSvr - ok
02:34:43.0251 2984 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
02:34:43.0251 2984 scfilter - ok
02:34:43.0314 2984 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
02:34:43.0329 2984 Schedule - ok
02:34:43.0376 2984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
02:34:43.0376 2984 SCPolicySvc - ok
02:34:43.0423 2984 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
02:34:43.0423 2984 SDRSVC - ok
02:34:43.0454 2984 [ 3EA8A16169C26AFBEB544E0E48421186 ] Secdrv C:\windows\system32\drivers\SECDRV.SYS
02:34:43.0454 2984 Secdrv - ok
02:34:43.0501 2984 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
02:34:43.0516 2984 seclogon - ok
02:34:43.0532 2984 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
02:34:43.0548 2984 SENS - ok
02:34:43.0563 2984 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
02:34:43.0563 2984 SensrSvc - ok
02:34:43.0594 2984 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
02:34:43.0594 2984 Serenum - ok
02:34:43.0626 2984 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
02:34:43.0626 2984 Serial - ok
02:34:43.0672 2984 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
02:34:43.0672 2984 sermouse - ok
02:34:43.0735 2984 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
02:34:43.0735 2984 SessionEnv - ok
02:34:43.0782 2984 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
02:34:43.0782 2984 sffdisk - ok
02:34:43.0797 2984 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
02:34:43.0797 2984 sffp_mmc - ok
02:34:43.0813 2984 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
02:34:43.0813 2984 sffp_sd - ok
02:34:43.0844 2984 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
02:34:43.0844 2984 sfloppy - ok
02:34:43.0891 2984 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
02:34:43.0891 2984 SharedAccess - ok
02:34:43.0938 2984 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
02:34:43.0938 2984 ShellHWDetection - ok
02:34:43.0969 2984 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
02:34:43.0969 2984 SiSRaid2 - ok
02:34:44.0000 2984 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
02:34:44.0000 2984 SiSRaid4 - ok
02:34:44.0047 2984 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
02:34:44.0047 2984 Smb - ok
02:34:44.0078 2984 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
02:34:44.0094 2984 SNMPTRAP - ok
02:34:44.0109 2984 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
02:34:44.0109 2984 spldr - ok
02:34:44.0156 2984 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
02:34:44.0172 2984 Spooler - ok
02:34:44.0265 2984 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
02:34:44.0281 2984 sppsvc - ok
02:34:44.0328 2984 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
02:34:44.0328 2984 sppuinotify - ok
02:34:44.0374 2984 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:34:44.0374 2984 SQLBrowser - ok
02:34:44.0452 2984 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:34:44.0452 2984 SQLWriter - ok
02:34:44.0499 2984 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
02:34:44.0515 2984 srv - ok
02:34:44.0530 2984 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
02:34:44.0530 2984 srv2 - ok
02:34:44.0562 2984 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
02:34:44.0562 2984 srvnet - ok
02:34:44.0593 2984 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
02:34:44.0593 2984 SSDPSRV - ok
02:34:44.0640 2984 [ 1100066057FBF612B573EFD3B21383F1 ] ssmirrdr C:\windows\system32\DRIVERS\ssmirrdr.sys
02:34:44.0640 2984 ssmirrdr - ok
02:34:44.0655 2984 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
02:34:44.0655 2984 SstpSvc - ok
02:34:44.0686 2984 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
02:34:44.0686 2984 stexstor - ok
02:34:44.0733 2984 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
02:34:44.0733 2984 stisvc - ok
02:34:44.0796 2984 [ 63B2818651F111B08288B8AB7D2DEBF6 ] StMp3Recx64 C:\windows\system32\Drivers\StMp3Recx64.sys
02:34:44.0796 2984 StMp3Recx64 - ok
02:34:44.0827 2984 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
02:34:44.0827 2984 swenum - ok
02:34:44.0858 2984 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
02:34:44.0858 2984 swprv - ok
02:34:44.0920 2984 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
02:34:44.0936 2984 SysMain - ok
02:34:44.0983 2984 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
02:34:44.0983 2984 TabletInputService - ok
02:34:45.0030 2984 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
02:34:45.0045 2984 TapiSrv - ok
02:34:45.0061 2984 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
02:34:45.0061 2984 TBS - ok
02:34:45.0154 2984 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
02:34:45.0170 2984 Tcpip - ok
02:34:45.0232 2984 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
02:34:45.0248 2984 TCPIP6 - ok
02:34:45.0310 2984 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
02:34:45.0310 2984 tcpipreg - ok
02:34:45.0326 2984 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
02:34:45.0326 2984 TDPIPE - ok
02:34:45.0373 2984 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
02:34:45.0373 2984 TDTCP - ok
02:34:45.0404 2984 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
02:34:45.0420 2984 tdx - ok
02:34:45.0466 2984 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
02:34:45.0466 2984 TermDD - ok
02:34:45.0498 2984 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
02:34:45.0513 2984 TermService - ok
02:34:45.0529 2984 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
02:34:45.0544 2984 Themes - ok
02:34:45.0544 2984 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
02:34:45.0544 2984 THREADORDER - ok
02:34:45.0576 2984 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
02:34:45.0576 2984 TrkWks - ok
02:34:45.0638 2984 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
02:34:45.0638 2984 TrustedInstaller - ok
02:34:45.0685 2984 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
02:34:45.0700 2984 tssecsrv - ok
02:34:45.0747 2984 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
02:34:45.0763 2984 TsUsbFlt - ok
02:34:45.0825 2984 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
02:34:45.0825 2984 tunnel - ok
02:34:45.0856 2984 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
02:34:45.0856 2984 uagp35 - ok
02:34:45.0919 2984 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
02:34:45.0919 2984 udfs - ok
02:34:45.0950 2984 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
02:34:45.0950 2984 UI0Detect - ok
02:34:45.0997 2984 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
02:34:45.0997 2984 uliagpkx - ok
02:34:46.0044 2984 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
02:34:46.0059 2984 umbus - ok
02:34:46.0075 2984 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
02:34:46.0075 2984 UmPass - ok
02:34:46.0106 2984 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
02:34:46.0122 2984 upnphost - ok
02:34:46.0168 2984 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
02:34:46.0168 2984 USBAAPL64 - ok
02:34:46.0200 2984 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
02:34:46.0200 2984 usbccgp - ok
02:34:46.0215 2984 USBCCID - ok
02:34:46.0262 2984 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
02:34:46.0262 2984 usbcir - ok
02:34:46.0278 2984 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
02:34:46.0278 2984 usbehci - ok
02:34:46.0309 2984 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
02:34:46.0309 2984 usbhub - ok
02:34:46.0340 2984 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
02:34:46.0340 2984 usbohci - ok
02:34:46.0371 2984 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
02:34:46.0371 2984 usbprint - ok
02:34:46.0418 2984 [ DF4D962EC7D1C1109B121239712C1299 ] usbsmi C:\windows\system32\DRIVERS\SMIksdrv.sys
02:34:46.0418 2984 usbsmi - ok
02:34:46.0449 2984 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
02:34:46.0465 2984 USBSTOR - ok
02:34:46.0496 2984 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
02:34:46.0496 2984 usbuhci - ok
02:34:46.0543 2984 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
02:34:46.0543 2984 usbvideo - ok
02:34:46.0590 2984 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
02:34:46.0590 2984 UxSms - ok
02:34:46.0605 2984 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
02:34:46.0605 2984 VaultSvc - ok
02:34:46.0636 2984 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
02:34:46.0636 2984 vdrvroot - ok
02:34:46.0683 2984 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
02:34:46.0683 2984 vds - ok
02:34:46.0714 2984 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
02:34:46.0714 2984 vga - ok
02:34:46.0746 2984 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
02:34:46.0746 2984 VgaSave - ok
02:34:46.0792 2984 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
02:34:46.0792 2984 vhdmp - ok
02:34:46.0839 2984 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
02:34:46.0839 2984 viaide - ok
02:34:46.0855 2984 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
02:34:46.0855 2984 volmgr - ok
02:34:46.0902 2984 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
02:34:46.0902 2984 volmgrx - ok
02:34:46.0933 2984 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
02:34:46.0933 2984 volsnap - ok
02:34:46.0964 2984 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
02:34:46.0980 2984 vsmraid - ok
02:34:47.0042 2984 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
02:34:47.0073 2984 VSS - ok
02:34:47.0089 2984 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
02:34:47.0089 2984 vwifibus - ok
02:34:47.0120 2984 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
02:34:47.0120 2984 vwififlt - ok
02:34:47.0167 2984 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
02:34:47.0167 2984 vwifimp - ok
02:34:47.0198 2984 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
02:34:47.0198 2984 W32Time - ok
02:34:47.0229 2984 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
02:34:47.0229 2984 WacomPen - ok
02:34:47.0292 2984 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
02:34:47.0292 2984 WANARP - ok
02:34:47.0307 2984 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
02:34:47.0307 2984 Wanarpv6 - ok
02:34:47.0385 2984 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
02:34:47.0401 2984 WatAdminSvc - ok
02:34:47.0494 2984 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
02:34:47.0510 2984 wbengine - ok
02:34:47.0526 2984 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
02:34:47.0541 2984 WbioSrvc - ok
02:34:47.0572 2984 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
02:34:47.0588 2984 wcncsvc - ok
02:34:47.0604 2984 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
02:34:47.0604 2984 WcsPlugInService - ok
02:34:47.0635 2984 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
02:34:47.0635 2984 Wd - ok
02:34:47.0682 2984 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
02:34:47.0697 2984 Wdf01000 - ok
02:34:47.0713 2984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
02:34:47.0713 2984 WdiServiceHost - ok
02:34:47.0728 2984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
02:34:47.0728 2984 WdiSystemHost - ok
02:34:47.0744 2984 wdmirror - ok
02:34:47.0775 2984 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
02:34:47.0791 2984 WebClient - ok
02:34:47.0806 2984 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
02:34:47.0806 2984 Wecsvc - ok
02:34:47.0822 2984 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
02:34:47.0822 2984 wercplsupport - ok
02:34:47.0853 2984 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
02:34:47.0853 2984 WerSvc - ok
02:34:47.0884 2984 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
02:34:47.0900 2984 WfpLwf - ok
02:34:47.0931 2984 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
02:34:47.0931 2984 WimFltr - ok
02:34:47.0947 2984 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
02:34:47.0947 2984 WIMMount - ok
02:34:47.0978 2984 WinDefend - ok
02:34:47.0978 2984 WinHttpAutoProxySvc - ok
02:34:48.0040 2984 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
02:34:48.0040 2984 Winmgmt - ok
02:34:48.0056 2984 WinRing0_1_2_0 - ok
02:34:48.0134 2984 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
02:34:48.0165 2984 WinRM - ok
02:34:48.0228 2984 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
02:34:48.0243 2984 Wlansvc - ok
02:34:48.0274 2984 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
02:34:48.0274 2984 WmiAcpi - ok
02:34:48.0306 2984 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
02:34:48.0306 2984 wmiApSrv - ok
02:34:48.0337 2984 WMPNetworkSvc - ok
02:34:48.0352 2984 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
02:34:48.0352 2984 WPCSvc - ok
02:34:48.0399 2984 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
02:34:48.0399 2984 WPDBusEnum - ok
02:34:48.0415 2984 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
02:34:48.0415 2984 ws2ifsl - ok
02:34:48.0430 2984 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
02:34:48.0430 2984 wscsvc - ok
02:34:48.0446 2984 WSearch - ok
02:34:48.0477 2984 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
02:34:48.0477 2984 wsvd - ok
02:34:48.0555 2984 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
02:34:48.0586 2984 wuauserv - ok
02:34:48.0633 2984 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
02:34:48.0633 2984 WudfPf - ok
02:34:48.0664 2984 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
02:34:48.0664 2984 WUDFRd - ok
02:34:48.0711 2984 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
02:34:48.0711 2984 wudfsvc - ok
02:34:48.0758 2984 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
02:34:48.0758 2984 WwanSvc - ok
02:34:48.0820 2984 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
02:34:48.0820 2984 xusb21 - ok
02:34:48.0852 2984 ================ Scan global ===============================
02:34:48.0883 2984 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
02:34:48.0930 2984 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
02:34:48.0945 2984 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
02:34:48.0976 2984 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
02:34:49.0023 2984 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
02:34:49.0039 2984 [Global] - ok
02:34:49.0039 2984 ================ Scan MBR ==================================
02:34:49.0039 2984 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:34:49.0242 2984 \Device\Harddisk0\DR0 - ok
02:34:49.0242 2984 ================ Scan VBR ==================================
02:34:49.0257 2984 [ D616F3BAE803DB5FEC0C70E9ABA9D1F8 ] \Device\Harddisk0\DR0\Partition1
02:34:49.0257 2984 \Device\Harddisk0\DR0\Partition1 - ok
02:34:49.0304 2984 [ 950AC2CEB1AF732589206880AACF3F0B ] \Device\Harddisk0\DR0\Partition2
02:34:49.0304 2984 \Device\Harddisk0\DR0\Partition2 - ok
02:34:49.0335 2984 [ 433427DC3520BDF30D1419DBC861D52B ] \Device\Harddisk0\DR0\Partition3
02:34:49.0335 2984 \Device\Harddisk0\DR0\Partition3 - ok
02:34:49.0335 2984 ============================================================
02:34:49.0335 2984 Scan finished
02:34:49.0335 2984 ============================================================
02:34:49.0351 3044 Detected object count: 0
02:34:49.0351 3044 Actual detected object count: 0
02:35:01.0394 2684 Deinitialize success

Edited by alexander4, 08 February 2013 - 02:42 AM.

  • 0

#9
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Second TDSKiller log:

02:35:08.0407 1860 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:35:08.0422 1860 ============================================================
02:35:08.0422 1860 Current date / time: 2013/02/08 02:35:08.0422
02:35:08.0422 1860 SystemInfo:
02:35:08.0422 1860
02:35:08.0422 1860 OS Version: 6.1.7601 ServicePack: 1.0
02:35:08.0422 1860 Product type: Workstation
02:35:08.0422 1860 ComputerName: USER-PC
02:35:08.0422 1860 UserName: user
02:35:08.0422 1860 Windows directory: C:\windows
02:35:08.0422 1860 System windows directory: C:\windows
02:35:08.0422 1860 Running under WOW64
02:35:08.0422 1860 Processor architecture: Intel x64
02:35:08.0422 1860 Number of processors: 2
02:35:08.0422 1860 Page size: 0x1000
02:35:08.0422 1860 Boot type: Normal boot
02:35:08.0422 1860 ============================================================
02:35:08.0875 1860 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:35:08.0890 1860 ============================================================
02:35:08.0890 1860 \Device\Harddisk0\DR0:
02:35:08.0906 1860 MBR partitions:
02:35:08.0906 1860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
02:35:08.0906 1860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x177602C0
02:35:08.0953 1860 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x177C52C0, BlocksNum 0x3C7E000
02:35:08.0953 1860 ============================================================
02:35:09.0015 1860 C: <-> \Device\Harddisk0\DR0\Partition2
02:35:09.0046 1860 D: <-> \Device\HAarddisk0\DR0\Partition3
02:35:09.0046 1860 ============================================================
02:35:09.0046 1860 Initialize success
02:35:09.0046 1860 ============================================================
02:35:59.0169 1484 ============================================================
02:35:59.0169 1484 Scan started
02:35:59.0169 1484 Mode: Manual; SigCheck; TDLFS;
02:35:59.0169 1484 ============================================================
02:35:59.0497 1484 ================ Scan system memory ========================
02:35:59.0497 1484 System memory - ok
02:35:59.0497 1484 ================ Scan services =============================
02:35:59.0669 1484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
02:35:59.0762 1484 1394ohci - ok
02:35:59.0825 1484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
02:35:59.0856 1484 ACPI - ok
02:35:59.0903 1484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
02:36:00.0027 1484 AcpiPmi - ok
02:36:00.0074 1484 [ 2E68544BCE94DE6677F700CF1D582B6D ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
02:36:00.0168 1484 ACPIVPC - ok
02:36:00.0215 1484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
02:36:00.0230 1484 adp94xx - ok
02:36:00.0261 1484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
02:36:00.0293 1484 adpahci - ok
02:36:00.0324 1484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
02:36:00.0339 1484 adpu320 - ok
02:36:00.0371 1484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
02:36:00.0464 1484 AeLookupSvc - ok
02:36:00.0527 1484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
02:36:00.0605 1484 AFD - ok
02:36:00.0651 1484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
02:36:00.0683 1484 agp440 - ok
02:36:00.0714 1484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
02:36:00.0761 1484 ALG - ok
02:36:00.0792 1484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
02:36:00.0823 1484 aliide - ok
02:36:00.0839 1484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
02:36:00.0854 1484 amdide - ok
02:36:00.0901 1484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
02:36:00.0917 1484 AmdK8 - ok
02:36:00.0932 1484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
02:36:00.0948 1484 AmdPPM - ok
02:36:01.0010 1484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
02:36:01.0026 1484 amdsata - ok
02:36:01.0057 1484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
02:36:01.0073 1484 amdsbs - ok
02:36:01.0104 1484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
02:36:01.0119 1484 amdxata - ok
02:36:01.0166 1484 [ DA27258BC70C6924D60FCA7A5827E9EF ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
02:36:01.0229 1484 ApfiltrService - ok
02:36:01.0275 1484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
02:36:01.0353 1484 AppID - ok
02:36:01.0385 1484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
02:36:01.0463 1484 AppIDSvc - ok
02:36:01.0494 1484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
02:36:01.0525 1484 Appinfo - ok
02:36:01.0665 1484 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:36:01.0681 1484 Apple Mobile Device - ok
02:36:01.0743 1484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
02:36:01.0775 1484 arc - ok
02:36:01.0806 1484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
02:36:01.0837 1484 arcsas - ok
02:36:01.0853 1484 ASPI - ok
02:36:01.0899 1484 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
02:36:01.0993 1484 aswFsBlk - ok
02:36:02.0024 1484 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\windows\system32\drivers\aswFW.sys
02:36:02.0102 1484 aswFW - ok
02:36:02.0118 1484 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
02:36:02.0165 1484 aswKbd - ok
02:36:02.0211 1484 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
02:36:02.0258 1484 aswMonFlt - ok
02:36:02.0274 1484 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys
02:36:02.0336 1484 aswNdis - ok
02:36:02.0352 1484 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys
02:36:02.0399 1484 aswNdis2 - ok
02:36:02.0414 1484 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
02:36:02.0461 1484 aswRdr - ok
02:36:02.0492 1484 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys
02:36:02.0555 1484 aswSnx - ok
02:36:02.0586 1484 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys
02:36:02.0648 1484 aswSP - ok
02:36:02.0679 1484 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
02:36:02.0711 1484 aswTdi - ok
02:36:02.0757 1484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
02:36:02.0789 1484 AsyncMac - ok
02:36:02.0835 1484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
02:36:02.0867 1484 atapi - ok
02:36:02.0929 1484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
02:36:02.0991 1484 AudioEndpointBuilder - ok
02:36:03.0038 1484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
02:36:03.0085 1484 AudioSrv - ok
02:36:03.0163 1484 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:36:03.0257 1484 avast! Antivirus - ok
02:36:03.0288 1484 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
02:36:03.0381 1484 avast! Firewall - ok
02:36:03.0459 1484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
02:36:03.0522 1484 AxInstSV - ok
02:36:03.0553 1484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
02:36:03.0600 1484 b06bdrv - ok
02:36:03.0662 1484 [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
02:36:03.0740 1484 b57nd60a - ok
02:36:03.0834 1484 [ 830DFC7958ADBDDD40E0B61B461432B0 ] BASFND C:\Program Files\Broadcom\BACS\BASFND.sys
02:36:03.0927 1484 BASFND ( UnsignedFile.Multi.Generic ) - warning
02:36:03.0927 1484 BASFND - detected UnsignedFile.Multi.Generic (1)
02:36:04.0052 1484 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
02:36:04.0130 1484 BCM43XX - ok
02:36:04.0208 1484 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
02:36:04.0224 1484 BcmSqlStartupSvc - ok
02:36:04.0255 1484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
02:36:04.0286 1484 BDESVC - ok
02:36:04.0333 1484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
02:36:04.0380 1484 Beep - ok
02:36:04.0458 1484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
02:36:04.0505 1484 BFE - ok
02:36:04.0551 1484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
02:36:04.0614 1484 BITS - ok
02:36:04.0645 1484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
02:36:04.0692 1484 blbdrive - ok
02:36:04.0770 1484 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:36:04.0785 1484 Bonjour Service - ok
02:36:04.0832 1484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
02:36:04.0863 1484 bowser - ok
02:36:04.0910 1484 [ 63872B52C541BE4308A4FE0BA714B7B4 ] BPowMon C:\Program Files\Broadcom\BACS\BPowMon.exe
02:36:04.0926 1484 BPowMon - ok
02:36:04.0973 1484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
02:36:05.0035 1484 BrFiltLo - ok
02:36:05.0051 1484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
02:36:05.0066 1484 BrFiltUp - ok
02:36:05.0113 1484 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
02:36:05.0160 1484 BridgeMP - ok
02:36:05.0207 1484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
02:36:05.0238 1484 Browser - ok
02:36:05.0253 1484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
02:36:05.0300 1484 Brserid - ok
02:36:05.0331 1484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
02:36:05.0378 1484 BrSerWdm - ok
02:36:05.0409 1484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
02:36:05.0456 1484 BrUsbMdm - ok
02:36:05.0472 1484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
02:36:05.0487 1484 BrUsbSer - ok
02:36:05.0519 1484 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
02:36:05.0550 1484 BthEnum - ok
02:36:05.0597 1484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
02:36:05.0643 1484 BTHMODEM - ok
02:36:05.0675 1484 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
02:36:05.0706 1484 BthPan - ok
02:36:05.0737 1484 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
02:36:05.0799 1484 BTHPORT - ok
02:36:05.0846 1484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
02:36:05.0909 1484 bthserv - ok
02:36:05.0940 1484 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
02:36:05.0987 1484 BTHUSB - ok
02:36:06.0002 1484 catchme - ok
02:36:06.0033 1484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
02:36:06.0111 1484 cdfs - ok
02:36:06.0174 1484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
02:36:06.0189 1484 cdrom - ok
02:36:06.0236 1484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
02:36:06.0283 1484 CertPropSvc - ok
02:36:06.0330 1484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
02:36:06.0377 1484 circlass - ok
02:36:06.0408 1484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
02:36:06.0423 1484 CLFS - ok
02:36:06.0486 1484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:36:06.0517 1484 clr_optimization_v2.0.50727_32 - ok
02:36:06.0564 1484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:36:06.0579 1484 clr_optimization_v2.0.50727_64 - ok
02:36:06.0689 1484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:36:06.0704 1484 clr_optimization_v4.0.30319_32 - ok
02:36:06.0751 1484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:36:06.0767 1484 clr_optimization_v4.0.30319_64 - ok
02:36:06.0798 1484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
02:36:06.0829 1484 CmBatt - ok
02:36:06.0860 1484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
02:36:06.0876 1484 cmdide - ok
02:36:06.0923 1484 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
02:36:06.0969 1484 CNG - ok
02:36:07.0016 1484 [ 0D23C3312838EEA1ED55D5F135BCA613 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
02:36:07.0094 1484 CnxtHdAudService - ok
02:36:07.0125 1484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
02:36:07.0157 1484 Compbatt - ok
02:36:07.0203 1484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
02:36:07.0250 1484 CompositeBus - ok
02:36:07.0266 1484 COMSysApp - ok
02:36:07.0297 1484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
02:36:07.0297 1484 crcdisk - ok
02:36:07.0359 1484 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
02:36:07.0375 1484 CryptSvc - ok
02:36:07.0422 1484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
02:36:07.0469 1484 DcomLaunch - ok
02:36:07.0547 1484 [ CFF03EF53209704872C736EB4AF3EB26 ] DDNIMSGService C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
02:36:07.0578 1484 DDNIMSGService - ok
02:36:07.0625 1484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
02:36:07.0687 1484 defragsvc - ok
02:36:07.0734 1484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
02:36:07.0812 1484 DfsC - ok
02:36:07.0843 1484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
02:36:07.0890 1484 Dhcp - ok
02:36:07.0905 1484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
02:36:07.0952 1484 discache - ok
02:36:07.0983 1484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
02:36:07.0999 1484 Disk - ok
02:36:08.0030 1484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
02:36:08.0061 1484 Dnscache - ok
02:36:08.0108 1484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
02:36:08.0186 1484 dot3svc - ok
02:36:08.0233 1484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
02:36:08.0280 1484 DPS - ok
02:36:08.0311 1484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
02:36:08.0342 1484 drmkaud - ok
02:36:08.0405 1484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
02:36:08.0451 1484 DXGKrnl - ok
02:36:08.0483 1484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
02:36:08.0529 1484 EapHost - ok
02:36:08.0639 1484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
02:36:08.0717 1484 ebdrv - ok
02:36:08.0748 1484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
02:36:08.0763 1484 EFS - ok
02:36:08.0841 1484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
02:36:08.0873 1484 ehRecvr - ok
02:36:08.0888 1484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
02:36:08.0935 1484 ehSched - ok
02:36:08.0997 1484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
02:36:09.0029 1484 elxstor - ok
02:36:09.0060 1484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
02:36:09.0091 1484 ErrDev - ok
02:36:09.0153 1484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
02:36:09.0185 1484 EventSystem - ok
02:36:09.0216 1484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
02:36:09.0247 1484 exfat - ok
02:36:09.0278 1484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
02:36:09.0309 1484 fastfat - ok
02:36:09.0387 1484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
02:36:09.0434 1484 Fax - ok
02:36:09.0497 1484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
02:36:09.0528 1484 fdc - ok
02:36:09.0575 1484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
02:36:09.0637 1484 fdPHost - ok
02:36:09.0637 1484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
02:36:09.0699 1484 FDResPub - ok
02:36:09.0731 1484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
02:36:09.0746 1484 FileInfo - ok
02:36:09.0762 1484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
02:36:09.0809 1484 Filetrace - ok
02:36:09.0840 1484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
02:36:09.0855 1484 flpydisk - ok
02:36:09.0887 1484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
02:36:09.0918 1484 FltMgr - ok
02:36:09.0980 1484 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
02:36:10.0027 1484 FontCache - ok
02:36:10.0089 1484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:36:10.0105 1484 FontCache3.0.0.0 - ok
02:36:10.0136 1484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
02:36:10.0152 1484 FsDepends - ok
02:36:10.0183 1484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
02:36:10.0199 1484 Fs_Rec - ok
02:36:10.0245 1484 [ 6CCF66BCA3D24146CB8B0930DBA1448F ] funfrm C:\windows\system32\drivers\funfrm.sys
02:36:10.0339 1484 funfrm - ok
02:36:10.0386 1484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
02:36:10.0417 1484 fvevol - ok
02:36:10.0448 1484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
02:36:10.0464 1484 gagp30kx - ok
02:36:10.0557 1484 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:36:10.0573 1484 GEARAspiWDM - ok
02:36:10.0604 1484 [ 8172B3460291AE4C1D5209F8EA0F8868 ] GIDv2 C:\windows\system32\drivers\GIDv2.sys
02:36:10.0698 1484 GIDv2 - ok
02:36:10.0745 1484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
02:36:10.0823 1484 gpsvc - ok
02:36:10.0869 1484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
02:36:10.0869 1484 hcw85cir - ok
02:36:10.0932 1484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
02:36:10.0979 1484 HdAudAddService - ok
02:36:11.0041 1484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
02:36:11.0088 1484 HDAudBus - ok
02:36:11.0119 1484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
02:36:11.0150 1484 HidBatt - ok
02:36:11.0166 1484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
02:36:11.0213 1484 HidBth - ok
02:36:11.0244 1484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
02:36:11.0275 1484 HidIr - ok
02:36:11.0306 1484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
02:36:11.0384 1484 hidserv - ok
02:36:11.0431 1484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
02:36:11.0462 1484 HidUsb - ok
02:36:11.0493 1484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
02:36:11.0540 1484 hkmsvc - ok
02:36:11.0587 1484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
02:36:11.0603 1484 HomeGroupListener - ok
02:36:11.0634 1484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
02:36:11.0681 1484 HomeGroupProvider - ok
02:36:11.0727 1484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
02:36:11.0759 1484 HpSAMD - ok
02:36:11.0805 1484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
02:36:11.0883 1484 HTTP - ok
02:36:11.0915 1484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
02:36:11.0930 1484 hwpolicy - ok
02:36:11.0977 1484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
02:36:12.0008 1484 i8042prt - ok
02:36:12.0055 1484 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
02:36:12.0117 1484 IAANTMON - ok
02:36:12.0149 1484 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
02:36:12.0211 1484 iaStor - ok
02:36:12.0258 1484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
02:36:12.0289 1484 iaStorV - ok
02:36:12.0367 1484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:36:12.0414 1484 idsvc - ok
02:36:12.0461 1484 [ 87402686FB5588D20CC3BB8E919A0650 ] IDVaultSvc C:\Program Files (x86)\ID Vault\IDVaultSvc.exe
02:36:12.0476 1484 IDVaultSvc - ok
02:36:12.0648 1484 [ AC4B14E985B2BB19386CC8203FE49BCD ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
02:36:12.0741 1484 igfx - ok
02:36:12.0788 1484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
02:36:12.0804 1484 iirsp - ok
02:36:12.0866 1484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
02:36:12.0944 1484 IKEEXT - ok
02:36:12.0991 1484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
02:36:12.0991 1484 intelide - ok
02:36:13.0038 1484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
02:36:13.0069 1484 intelppm - ok
02:36:13.0100 1484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
02:36:13.0178 1484 IPBusEnum - ok
02:36:13.0209 1484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
02:36:13.0256 1484 IpFilterDriver - ok
02:36:13.0303 1484 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
02:36:13.0350 1484 iphlpsvc - ok
02:36:13.0397 1484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
02:36:13.0428 1484 IPMIDRV - ok
02:36:13.0443 1484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
02:36:13.0506 1484 IPNAT - ok
02:36:13.0599 1484 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:36:13.0646 1484 iPod Service - ok
02:36:13.0662 1484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
02:36:13.0755 1484 IRENUM - ok
02:36:13.0787 1484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
02:36:13.0818 1484 isapnp - ok
02:36:13.0849 1484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
02:36:13.0865 1484 iScsiPrt - ok
02:36:13.0896 1484 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
02:36:13.0927 1484 k57nd60a - ok
02:36:13.0974 1484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
02:36:13.0989 1484 kbdclass - ok
02:36:14.0005 1484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
02:36:14.0021 1484 kbdhid - ok
02:36:14.0052 1484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
02:36:14.0067 1484 KeyIso - ok
02:36:14.0099 1484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
02:36:14.0114 1484 KSecDD - ok
02:36:14.0145 1484 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
02:36:14.0161 1484 KSecPkg - ok
02:36:14.0192 1484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
02:36:14.0255 1484 ksthunk - ok
02:36:14.0286 1484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
02:36:14.0348 1484 KtmRm - ok
02:36:14.0426 1484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
02:36:14.0504 1484 LanmanServer - ok
02:36:14.0582 1484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
02:36:14.0660 1484 LanmanWorkstation - ok
02:36:14.0707 1484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
02:36:14.0754 1484 lltdio - ok
02:36:14.0801 1484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
02:36:14.0847 1484 lltdsvc - ok
02:36:14.0879 1484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
02:36:14.0910 1484 lmhosts - ok
02:36:14.0957 1484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
02:36:14.0972 1484 LSI_FC - ok
02:36:15.0019 1484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
02:36:15.0035 1484 LSI_SAS - ok
02:36:15.0066 1484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
02:36:15.0081 1484 LSI_SAS2 - ok
02:36:15.0097 1484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
02:36:15.0113 1484 LSI_SCSI - ok
02:36:15.0144 1484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
02:36:15.0206 1484 luafv - ok
02:36:15.0253 1484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
02:36:15.0315 1484 Mcx2Svc - ok
02:36:15.0378 1484 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
02:36:15.0409 1484 MDM - ok
02:36:15.0440 1484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
02:36:15.0471 1484 megasas - ok
02:36:15.0487 1484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
02:36:15.0503 1484 MegaSR - ok
02:36:15.0596 1484 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:36:15.0627 1484 Microsoft Office Groove Audit Service - ok
02:36:15.0659 1484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
02:36:15.0721 1484 MMCSS - ok
02:36:15.0752 1484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
02:36:15.0830 1484 Modem - ok
02:36:15.0861 1484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
02:36:15.0908 1484 monitor - ok
02:36:15.0939 1484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
02:36:15.0971 1484 mouclass - ok
02:36:16.0002 1484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
02:36:16.0017 1484 mouhid - ok
02:36:16.0080 1484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
02:36:16.0095 1484 mountmgr - ok
02:36:16.0142 1484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
02:36:16.0158 1484 mpio - ok
02:36:16.0189 1484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
02:36:16.0220 1484 mpsdrv - ok
02:36:16.0283 1484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
02:36:16.0361 1484 MpsSvc - ok
02:36:16.0392 1484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
02:36:16.0454 1484 MRxDAV - ok
02:36:16.0485 1484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
02:36:16.0548 1484 mrxsmb - ok
02:36:16.0595 1484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
02:36:16.0626 1484 mrxsmb10 - ok
02:36:16.0673 1484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
02:36:16.0688 1484 mrxsmb20 - ok
02:36:16.0735 1484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
02:36:16.0751 1484 msahci - ok
02:36:16.0797 1484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
02:36:16.0813 1484 msdsm - ok
02:36:16.0844 1484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
02:36:16.0860 1484 MSDTC - ok
02:36:16.0907 1484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
02:36:16.0938 1484 Msfs - ok
02:36:16.0953 1484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
02:36:16.0985 1484 mshidkmdf - ok
02:36:17.0016 1484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
02:36:17.0031 1484 msisadrv - ok
02:36:17.0063 1484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
02:36:17.0125 1484 MSiSCSI - ok
02:36:17.0125 1484 msiserver - ok
02:36:17.0172 1484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
02:36:17.0203 1484 MSKSSRV - ok
02:36:17.0219 1484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
02:36:17.0250 1484 MSPCLOCK - ok
02:36:17.0281 1484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
02:36:17.0328 1484 MSPQM - ok
02:36:17.0375 1484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
02:36:17.0406 1484 MsRPC - ok
02:36:17.0468 1484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
02:36:17.0484 1484 mssmbios - ok
02:36:17.0531 1484 MSSQL$MSSMLBIZ - ok
02:36:17.0593 1484 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
02:36:17.0609 1484 MSSQLServerADHelper - ok
02:36:17.0640 1484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
02:36:17.0671 1484 MSTEE - ok
02:36:17.0687 1484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
02:36:17.0702 1484 MTConfig - ok
02:36:17.0718 1484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
02:36:17.0733 1484 Mup - ok
02:36:17.0796 1484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
02:36:17.0843 1484 napagent - ok
02:36:17.0905 1484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
02:36:17.0967 1484 NativeWifiP - ok
02:36:18.0030 1484 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
02:36:18.0061 1484 NDIS - ok
02:36:18.0092 1484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
02:36:18.0123 1484 NdisCap - ok
02:36:18.0155 1484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
02:36:18.0186 1484 NdisTapi - ok
02:36:18.0233 1484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
02:36:18.0311 1484 Ndisuio - ok
02:36:18.0342 1484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
02:36:18.0420 1484 NdisWan - ok
02:36:18.0451 1484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
02:36:18.0482 1484 NDProxy - ok
02:36:18.0513 1484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
02:36:18.0576 1484 NetBIOS - ok
02:36:18.0607 1484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
02:36:18.0638 1484 NetBT - ok
02:36:18.0669 1484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
02:36:18.0685 1484 Netlogon - ok
02:36:18.0732 1484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
02:36:18.0779 1484 Netman - ok
02:36:18.0794 1484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
02:36:18.0857 1484 netprofm - ok
02:36:18.0888 1484 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:36:18.0903 1484 NetTcpPortSharing - ok
02:36:19.0059 1484 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
02:36:19.0137 1484 netw5v64 - ok
02:36:19.0184 1484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
02:36:19.0200 1484 nfrd960 - ok
02:36:19.0231 1484 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
02:36:19.0262 1484 NlaSvc - ok
02:36:19.0278 1484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
02:36:19.0309 1484 Npfs - ok
02:36:19.0340 1484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
02:36:19.0387 1484 nsi - ok
02:36:19.0418 1484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
02:36:19.0465 1484 nsiproxy - ok
02:36:19.0527 1484 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
02:36:19.0590 1484 Ntfs - ok
02:36:19.0621 1484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
02:36:19.0652 1484 Null - ok
02:36:19.0699 1484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
02:36:19.0730 1484 nvraid - ok
02:36:19.0761 1484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
02:36:19.0777 1484 nvstor - ok
02:36:19.0824 1484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
02:36:19.0855 1484 nv_agp - ok
02:36:19.0933 1484 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:36:19.0964 1484 odserv - ok
02:36:19.0980 1484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
02:36:19.0995 1484 ohci1394 - ok
02:36:20.0027 1484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:36:20.0042 1484 ose - ok
02:36:20.0089 1484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
02:36:20.0136 1484 p2pimsvc - ok
02:36:20.0167 1484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
02:36:20.0183 1484 p2psvc - ok
02:36:20.0214 1484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
02:36:20.0229 1484 Parport - ok
02:36:20.0261 1484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
02:36:20.0276 1484 partmgr - ok
02:36:20.0276 1484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
02:36:20.0339 1484 PcaSvc - ok
02:36:20.0385 1484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
02:36:20.0417 1484 pci - ok
02:36:20.0463 1484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
02:36:20.0495 1484 pciide - ok
02:36:20.0526 1484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
02:36:20.0541 1484 pcmcia - ok
02:36:20.0604 1484 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
02:36:20.0697 1484 pcouffin - ok
02:36:20.0744 1484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
02:36:20.0775 1484 pcw - ok
02:36:20.0853 1484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
02:36:20.0931 1484 PEAUTH - ok
02:36:21.0025 1484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
02:36:21.0072 1484 PerfHost - ok
02:36:21.0134 1484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
02:36:21.0197 1484 pla - ok
02:36:21.0243 1484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
02:36:21.0275 1484 PlugPlay - ok
02:36:21.0306 1484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
02:36:21.0321 1484 PNRPAutoReg - ok
02:36:21.0337 1484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
02:36:21.0353 1484 PNRPsvc - ok
02:36:21.0399 1484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
02:36:21.0477 1484 PolicyAgent - ok
02:36:21.0509 1484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
02:36:21.0571 1484 Power - ok
02:36:21.0602 1484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
02:36:21.0633 1484 PptpMiniport - ok
02:36:21.0665 1484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
02:36:21.0696 1484 Processor - ok
02:36:21.0727 1484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
02:36:21.0758 1484 ProfSvc - ok
02:36:21.0774 1484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
02:36:21.0789 1484 ProtectedStorage - ok
02:36:21.0836 1484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
02:36:21.0914 1484 Psched - ok
02:36:22.0008 1484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
02:36:22.0055 1484 ql2300 - ok
02:36:22.0070 1484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
02:36:22.0086 1484 ql40xx - ok
02:36:22.0117 1484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
02:36:22.0164 1484 QWAVE - ok
02:36:22.0195 1484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
02:36:22.0226 1484 QWAVEdrv - ok
02:36:22.0257 1484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
02:36:22.0304 1484 RasAcd - ok
02:36:22.0351 1484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
02:36:22.0382 1484 RasAgileVpn - ok
02:36:22.0413 1484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
02:36:22.0476 1484 RasAuto - ok
02:36:22.0507 1484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
02:36:22.0569 1484 Rasl2tp - ok
02:36:22.0601 1484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
02:36:22.0647 1484 RasMan - ok
02:36:22.0679 1484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
02:36:22.0710 1484 RasPppoe - ok
02:36:22.0725 1484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
02:36:22.0772 1484 RasSstp - ok
02:36:22.0819 1484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
02:36:22.0881 1484 rdbss - ok
02:36:22.0913 1484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
02:36:22.0959 1484 rdpbus - ok
02:36:22.0991 1484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
02:36:23.0053 1484 RDPCDD - ok
02:36:23.0100 1484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
02:36:23.0147 1484 RDPENCDD - ok
02:36:23.0178 1484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
02:36:23.0225 1484 RDPREFMP - ok
02:36:23.0256 1484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
02:36:23.0287 1484 RDPWD - ok
02:36:23.0365 1484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
02:36:23.0381 1484 rdyboost - ok
02:36:23.0412 1484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
02:36:23.0490 1484 RemoteAccess - ok
02:36:23.0505 1484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
02:36:23.0552 1484 RemoteRegistry - ok
02:36:23.0583 1484 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
02:36:23.0615 1484 RFCOMM - ok
02:36:23.0646 1484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
02:36:23.0693 1484 RpcEptMapper - ok
02:36:23.0724 1484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
02:36:23.0739 1484 RpcLocator - ok
02:36:23.0786 1484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
02:36:23.0833 1484 RpcSs - ok
02:36:23.0880 1484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
02:36:23.0911 1484 rspndr - ok
02:36:23.0927 1484 RSUSBSTOR - ok
02:36:23.0942 1484 RtsUIR - ok
02:36:23.0958 1484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
02:36:23.0973 1484 SamSs - ok
02:36:24.0005 1484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
02:36:24.0020 1484 sbp2port - ok
02:36:24.0051 1484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
02:36:24.0129 1484 SCardSvr - ok
02:36:24.0161 1484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
02:36:24.0192 1484 scfilter - ok
02:36:24.0239 1484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
02:36:24.0301 1484 Schedule - ok
02:36:24.0332 1484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
02:36:24.0363 1484 SCPolicySvc - ok
02:36:24.0395 1484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
02:36:24.0457 1484 SDRSVC - ok
02:36:24.0504 1484 [ 3EA8A16169C26AFBEB544E0E48421186 ] Secdrv C:\windows\system32\drivers\SECDRV.SYS
02:36:24.0551 1484 Secdrv - ok
02:36:24.0597 1484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
02:36:24.0629 1484 seclogon - ok
02:36:24.0660 1484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
02:36:24.0707 1484 SENS - ok
02:36:24.0738 1484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
02:36:24.0769 1484 SensrSvc - ok
02:36:24.0816 1484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
02:36:24.0847 1484 Serenum - ok
02:36:24.0909 1484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
02:36:24.0941 1484 Serial - ok
02:36:24.0987 1484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
02:36:25.0003 1484 sermouse - ok
02:36:25.0050 1484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
02:36:25.0097 1484 SessionEnv - ok
02:36:25.0128 1484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
02:36:25.0143 1484 sffdisk - ok
02:36:25.0175 1484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
02:36:25.0206 1484 sffp_mmc - ok
02:36:25.0237 1484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
02:36:25.0268 1484 sffp_sd - ok
02:36:25.0299 1484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
02:36:25.0346 1484 sfloppy - ok
02:36:25.0393 1484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
02:36:25.0440 1484 SharedAccess - ok
02:36:25.0487 1484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
02:36:25.0533 1484 ShellHWDetection - ok
02:36:25.0565 1484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
02:36:25.0580 1484 SiSRaid2 - ok
02:36:25.0611 1484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
02:36:25.0627 1484 SiSRaid4 - ok
02:36:25.0658 1484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
02:36:25.0736 1484 Smb - ok
02:36:25.0799 1484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
02:36:25.0830 1484 SNMPTRAP - ok
02:36:25.0861 1484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
02:36:25.0877 1484 spldr - ok
02:36:25.0923 1484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
02:36:25.0939 1484 Spooler - ok
02:36:26.0048 1484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
02:36:26.0142 1484 sppsvc - ok
02:36:26.0189 1484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
02:36:26.0251 1484 sppuinotify - ok
02:36:26.0313 1484 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:36:26.0345 1484 SQLBrowser - ok
02:36:26.0423 1484 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:36:26.0438 1484 SQLWriter - ok
02:36:26.0485 1484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
02:36:26.0563 1484 srv - ok
02:36:26.0594 1484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
02:36:26.0641 1484 srv2 - ok
02:36:26.0672 1484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
02:36:26.0703 1484 srvnet - ok
02:36:26.0750 1484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
02:36:26.0797 1484 SSDPSRV - ok
02:36:26.0828 1484 [ 1100066057FBF612B573EFD3B21383F1 ] ssmirrdr C:\windows\system32\DRIVERS\ssmirrdr.sys
02:36:26.0844 1484 ssmirrdr - ok
02:36:26.0859 1484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
02:36:26.0891 1484 SstpSvc - ok
02:36:26.0922 1484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
02:36:26.0937 1484 stexstor - ok
02:36:26.0984 1484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
02:36:27.0047 1484 stisvc - ok
02:36:27.0093 1484 [ 63B2818651F111B08288B8AB7D2DEBF6 ] StMp3Recx64 C:\windows\system32\Drivers\StMp3Recx64.sys
02:36:27.0125 1484 StMp3Recx64 - ok
02:36:27.0156 1484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
02:36:27.0187 1484 swenum - ok
02:36:27.0218 1484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
02:36:27.0281 1484 swprv - ok
02:36:27.0359 1484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
02:36:27.0437 1484 SysMain - ok
02:36:27.0499 1484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
02:36:27.0546 1484 TabletInputService - ok
02:36:27.0561 1484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
02:36:27.0608 1484 TapiSrv - ok
02:36:27.0624 1484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
02:36:27.0671 1484 TBS - ok
02:36:27.0764 1484 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
02:36:27.0827 1484 Tcpip - ok
02:36:27.0873 1484 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
02:36:27.0920 1484 TCPIP6 - ok
02:36:27.0936 1484 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
02:36:27.0967 1484 tcpipreg - ok
02:36:27.0998 1484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
02:36:28.0045 1484 TDPIPE - ok
02:36:28.0076 1484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
02:36:28.0123 1484 TDTCP - ok
02:36:28.0170 1484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
02:36:28.0232 1484 tdx - ok
02:36:28.0279 1484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
02:36:28.0295 1484 TermDD - ok
02:36:28.0357 1484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
02:36:28.0404 1484 TermService - ok
02:36:28.0435 1484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
02:36:28.0451 1484 Themes - ok
02:36:28.0466 1484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
02:36:28.0513 1484 THREADORDER - ok
02:36:28.0529 1484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
02:36:28.0560 1484 TrkWks - ok
02:36:28.0622 1484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
02:36:28.0700 1484 TrustedInstaller - ok
02:36:28.0747 1484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
02:36:28.0825 1484 tssecsrv - ok
02:36:28.0887 1484 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
02:36:28.0903 1484 TsUsbFlt - ok
02:36:28.0965 1484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
02:36:29.0043 1484 tunnel - ok
02:36:29.0090 1484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
02:36:29.0090 1484 uagp35 - ok
02:36:29.0137 1484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
02:36:29.0215 1484 udfs - ok
02:36:29.0262 1484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
02:36:29.0309 1484 UI0Detect - ok
02:36:29.0371 1484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
02:36:29.0387 1484 uliagpkx - ok
02:36:29.0449 1484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
02:36:29.0496 1484 umbus - ok
02:36:29.0543 1484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
02:36:29.0589 1484 UmPass - ok
02:36:29.0636 1484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
02:36:29.0683 1484 upnphost - ok
02:36:29.0730 1484 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
02:36:29.0745 1484 USBAAPL64 - ok
02:36:29.0777 1484 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
02:36:29.0792 1484 usbccgp - ok
02:36:29.0808 1484 USBCCID - ok
02:36:29.0855 1484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
02:36:29.0870 1484 usbcir - ok
02:36:29.0917 1484 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
02:36:29.0933 1484 usbehci - ok
02:36:29.0964 1484 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
02:36:29.0995 1484 usbhub - ok
02:36:30.0026 1484 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
02:36:30.0057 1484 usbohci - ok
02:36:30.0104 1484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
02:36:30.0151 1484 usbprint - ok
02:36:30.0198 1484 [ DF4D962EC7D1C1109B121239712C1299 ] usbsmi C:\windows\system32\DRIVERS\SMIksdrv.sys
02:36:30.0229 1484 usbsmi - ok
02:36:30.0276 1484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
02:36:30.0354 1484 USBSTOR - ok
02:36:30.0385 1484 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
02:36:30.0432 1484 usbuhci - ok
02:36:30.0494 1484 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
02:36:30.0525 1484 usbvideo - ok
02:36:30.0541 1484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
02:36:30.0603 1484 UxSms - ok
02:36:30.0619 1484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
02:36:30.0635 1484 VaultSvc - ok
02:36:30.0681 1484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
02:36:30.0713 1484 vdrvroot - ok
02:36:30.0744 1484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
02:36:30.0822 1484 vds - ok
02:36:30.0869 1484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
02:36:30.0884 1484 vga - ok
02:36:30.0900 1484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
02:36:30.0962 1484 VgaSave - ok
02:36:30.0993 1484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
02:36:31.0009 1484 vhdmp - ok
02:36:31.0040 1484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
02:36:31.0056 1484 viaide - ok
02:36:31.0071 1484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
02:36:31.0087 1484 volmgr - ok
02:36:31.0134 1484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
02:36:31.0165 1484 volmgrx - ok
02:36:31.0181 1484 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
02:36:31.0196 1484 volsnap - ok
02:36:31.0227 1484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
02:36:31.0243 1484 vsmraid - ok
02:36:31.0321 1484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
02:36:31.0399 1484 VSS - ok
02:36:31.0430 1484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
02:36:31.0446 1484 vwifibus - ok
02:36:31.0477 1484 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
02:36:31.0524 1484 vwififlt - ok
02:36:31.0555 1484 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
02:36:31.0586 1484 vwifimp - ok
02:36:31.0633 1484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
02:36:31.0695 1484 W32Time - ok
02:36:31.0727 1484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
02:36:31.0773 1484 WacomPen - ok
02:36:31.0836 1484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
02:36:31.0914 1484 WANARP - ok
02:36:31.0929 1484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
02:36:31.0961 1484 Wanarpv6 - ok
02:36:32.0039 1484 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
02:36:32.0085 1484 WatAdminSvc - ok
02:36:32.0163 1484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
02:36:32.0226 1484 wbengine - ok
02:36:32.0273 1484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
02:36:32.0304 1484 WbioSrvc - ok
02:36:32.0351 1484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
02:36:32.0366 1484 wcncsvc - ok
02:36:32.0382 1484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
02:36:32.0397 1484 WcsPlugInService - ok
02:36:32.0429 1484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
02:36:32.0429 1484 Wd - ok
02:36:32.0491 1484 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
02:36:32.0507 1484 Wdf01000 - ok
02:36:32.0522 1484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
02:36:32.0600 1484 WdiServiceHost - ok
02:36:32.0616 1484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
02:36:32.0647 1484 WdiSystemHost - ok
02:36:32.0647 1484 wdmirror - ok
02:36:32.0694 1484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
02:36:32.0725 1484 WebClient - ok
02:36:32.0772 1484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
02:36:32.0819 1484 Wecsvc - ok
02:36:32.0850 1484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
02:36:32.0881 1484 wercplsupport - ok
02:36:32.0912 1484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
02:36:32.0975 1484 WerSvc - ok
02:36:33.0021 1484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
02:36:33.0068 1484 WfpLwf - ok
02:36:33.0099 1484 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
02:36:33.0115 1484 WimFltr - ok
02:36:33.0131 1484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
02:36:33.0146 1484 WIMMount - ok
02:36:33.0146 1484 WinDefend - ok
02:36:33.0162 1484 WinHttpAutoProxySvc - ok
02:36:33.0209 1484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
02:36:33.0302 1484 Winmgmt - ok
02:36:33.0318 1484 WinRing0_1_2_0 - ok
02:36:33.0396 1484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
02:36:33.0458 1484 WinRM - ok
02:36:33.0505 1484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
02:36:33.0567 1484 Wlansvc - ok
02:36:33.0599 1484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
02:36:33.0645 1484 WmiAcpi - ok
02:36:33.0677 1484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
02:36:33.0723 1484 wmiApSrv - ok
02:36:33.0755 1484 WMPNetworkSvc - ok
02:36:33.0770 1484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
02:36:33.0786 1484 WPCSvc - ok
02:36:33.0817 1484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
02:36:33.0864 1484 WPDBusEnum - ok
02:36:33.0864 1484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
02:36:33.0911 1484 ws2ifsl - ok
02:36:33.0926 1484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
02:36:33.0973 1484 wscsvc - ok
02:36:33.0973 1484 WSearch - ok
02:36:34.0020 1484 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
02:36:34.0067 1484 wsvd - ok
02:36:34.0160 1484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
02:36:34.0223 1484 wuauserv - ok
02:36:34.0269 1484 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
02:36:34.0301 1484 WudfPf - ok
02:36:34.0347 1484 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
02:36:34.0379 1484 WUDFRd - ok
02:36:34.0425 1484 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
02:36:34.0457 1484 wudfsvc - ok
02:36:34.0488 1484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
02:36:34.0535 1484 WwanSvc - ok
02:36:34.0613 1484 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
02:36:34.0644 1484 xusb21 - ok
02:36:34.0675 1484 ================ Scan global ===============================
02:36:34.0706 1484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
02:36:34.0753 1484 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
02:36:34.0769 1484 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
02:36:34.0800 1484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
02:36:34.0831 1484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
02:36:34.0831 1484 [Global] - ok
02:36:34.0831 1484 ================ Scan MBR ==================================
02:36:34.0847 1484 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:36:35.0221 1484 \Device\Harddisk0\DR0 - ok
02:36:35.0221 1484 ================ Scan VBR ==================================
02:36:35.0221 1484 [ D616F3BAE803DB5FEC0C70E9ABA9D1F8 ] \Device\Harddisk0\DR0\Partition1
02:36:35.0237 1484 \Device\Harddisk0\DR0\Partition1 - ok
02:36:35.0268 1484 [ 950AC2CEB1AF732589206880AACF3F0B ] \Device\Harddisk0\DR0\Partition2
02:36:35.0268 1484 \Device\Harddisk0\DR0\Partition2 - ok
02:36:35.0299 1484 [ 433427DC3520BDF30D1419DBC861D52B ] \Device\Harddisk0\DR0\Partition3
02:36:35.0299 1484 \Device\Harddisk0\DR0\Partition3 - ok
02:36:35.0299 1484 ============================================================
02:36:35.0299 1484 Scan finished
02:36:35.0299 1484 ============================================================
02:36:35.0393 1464 Detected object count: 1
02:36:35.0393 1464 Actual detected object count: 1
02:36:52.0677 1464 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
02:36:52.0677 1464 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:36:56.0421 2992 Deinitialize success
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
aswMBR and Combofix both seem fairly clean. I've got to get to bed now. It's after midnight here. Will look at the other logs tomorrow. Before you go to bed tonight, set up Avast to do a boot-time scan:


Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It will take hours which is why I suggeswt you run it while you sleep. Mute the speakers before you start the scan so it doesn't wake you up when it loads windows.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version of the report is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt Please copy and paste it if it found anything.

I'm thinking that the zoomex stuff was probably the bad guy. We removed most of it in the uninstall and first OTL fix so hopefully things have improved.
  • 0

Advertisements


#11
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Malwarebytes Log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.08.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

2/8/2013 2:53:37 AM
mbam-log-2013-02-08 (02-53-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213608
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thanks again Ron. I work overnights, so I'll plug away at this for a while longer. I know this is on your free time, so no hurries. Get some sleep!
  • 0

#13
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
No log for sfc /scannow. It reported no problems with integrity.

VEW System log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/02/2013 3:23:46 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/02/2013 9:18:09 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_112&REV_1.00#00142225A589C0A155150961&0#.

Log: 'System' Date/Time: 08/02/2013 9:17:41 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60a
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 08/02/2013 9:17:08 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#14
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
VEW Application Log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/02/2013 3:25:19 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/02/2013 9:17:49 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 08/02/2013 9:17:08 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 08/02/2013 9:17:07 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
  • 0

#15
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL log:

OTL logfile created on: 2/8/2013 3:31:23 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 76.78% Memory free
7.87 Gb Paging File | 6.90 Gb Available in Paging File | 87.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 187.69 Gb Total Space | 85.66 Gb Free Space | 45.64% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.53 Gb Free Space | 82.02% Space Free | Partition Type: FAT

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/07 20:44:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2008/01/11 11:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/30 17:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/06 17:59:24 | 000,117,568 | ---- | M] (Broadcom Corp.) [Disabled | Stopped] -- C:\Program Files\Broadcom\BACS\BPowMon.exe -- (BPowMon)
SRV - [2010/12/04 13:00:44 | 000,042,312 | ---- | M] (White Sky, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ID Vault\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/23 04:23:32 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/11 11:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 17:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/21 03:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/12 19:11:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/09/20 09:09:22 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\gidv2.sys -- (GIDv2)
DRV:64bit: - [2010/06/17 01:51:34 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2010/05/07 08:58:08 | 000,058,896 | ---- | M] () [Kernel | System | Running] -- C:\windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2009/10/16 12:37:34 | 000,197,376 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009/09/14 11:40:28 | 000,259,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/21 08:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 17:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/06 17:59:20 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV:64bit: - [2009/07/02 19:42:08 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/14 20:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/30 19:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/19 07:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/08/06 06:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/01/12 09:23:08 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
DRV - [2000/09/19 18:55:00 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{ED145575-455A-4DCD-8657-93E3D5E4BD8C}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Privitize VPN (Enabled)
CHR - default_search_provider: search_url = http://searchab.com/...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Vid-Saver = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.65_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.65_0\

O1 HOSTS File: ([2013/02/08 01:35:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D09DF77-2863-4319-B587-ABEEC89DEAF3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ID Vault.lnk - C:\Program Files (x86)\ID Vault\IDVault.exe - (White Sky, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: avast - hkey= - key= - C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Energy Management - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
MsConfig:64bit - StartUpReg: EnergyUtility - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
MsConfig:64bit - StartUpReg: GIDDesktop - hkey= - key= - C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IdeaNotesUser - hkey= - key= - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SmartAudio - hkey= - key= - C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: VeriFaceManager - hkey= - key= - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-1Reg - GuardedID
ActiveX: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-2Help - GuardedID
ActiveX: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - xvidvfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/08 02:45:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/08 02:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/08 02:40:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/02/08 02:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/08 02:39:14 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/08 02:32:25 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013/02/08 01:38:07 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/02/08 01:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/02/08 01:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/02/08 01:28:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/02/08 01:27:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/08 01:27:37 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/02/08 01:24:39 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/02/08 00:26:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/02/08 00:21:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/08 00:08:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/02/08 00:03:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Lenovo
[2013/02/07 20:49:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/07 06:47:03 | 002,769,400 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\BCMWL664.SYS
[2013/02/07 06:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Broadcom Wireless
[2013/02/07 06:46:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\InstallShield
[2013/02/07 05:12:08 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/02/07 04:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
[2013/02/07 04:22:34 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2013/02/07 04:03:18 | 000,000,000 | ---D | C] -- C:\Drivers
[2013/02/07 02:12:20 | 000,370,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/02/07 02:12:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/02/07 02:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/02/07 02:12:12 | 000,132,864 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFW.sys
[2013/02/07 02:11:38 | 000,262,656 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdis2.sys
[2013/02/07 02:11:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/02/07 02:11:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/02/07 02:11:36 | 000,021,136 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys
[2013/02/07 02:11:35 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/02/07 02:11:28 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/02/07 02:11:27 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/02/07 02:10:54 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\windows\SysNative\drivers\aswNdis.sys
[2013/02/07 02:10:28 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/02/07 02:10:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2013/02/07 02:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/07 02:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/22 17:59:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013/01/22 17:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/22 17:58:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/01/22 17:58:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Updater3491
[2013/01/22 01:10:50 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2013/01/22 01:10:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2013/01/22 00:58:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/01/22 00:58:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/01/22 00:58:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/01/22 00:58:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/01/22 00:58:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/01/22 00:58:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/01/22 00:58:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/01/22 00:58:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/01/22 00:58:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/01/22 00:58:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/01/22 00:58:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/01/22 00:58:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/01/22 00:58:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/01/22 00:58:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/01/22 00:58:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/01/22 00:57:10 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/01/22 00:57:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/01/22 00:57:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/01/22 00:57:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/01/22 00:56:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2013/01/22 00:56:40 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2013/01/22 00:56:40 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2013/01/22 00:56:40 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2013/01/21 21:53:42 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/21 21:53:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/21 21:52:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/21 21:52:48 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/21 21:52:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/21 21:52:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/21 21:52:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/21 21:52:39 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/21 21:52:39 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/21 21:52:39 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/21 21:52:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/21 21:52:39 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/21 21:52:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/21 21:52:39 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/21 21:52:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/21 21:52:39 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/21 21:52:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/21 21:52:39 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/21 21:52:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/21 21:52:39 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/21 21:52:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/21 21:52:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/21 21:52:39 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/21 21:52:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/21 21:52:38 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/21 21:52:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/21 21:52:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/21 21:52:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/21 21:52:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/21 21:52:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/21 21:52:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/21 21:52:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/21 21:52:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/21 21:50:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/21 21:50:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/21 21:50:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/21 21:50:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/21 21:50:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/21 21:50:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/21 21:50:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/21 21:50:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/21 21:50:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/21 21:50:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/21 21:50:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/21 21:50:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/21 21:50:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/21 21:50:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/21 21:50:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/21 21:50:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/21 21:50:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/21 21:50:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/21 21:50:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/21 21:50:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/21 21:50:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/21 21:50:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/21 21:44:55 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2010/11/12 19:11:16 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/02/08 03:33:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/08 03:25:16 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 03:25:16 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 03:22:14 | 000,792,128 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/08 03:22:14 | 000,671,120 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/08 03:22:14 | 000,124,278 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/08 03:22:13 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496846423-2674535317-2042609940-1004UA.job
[2013/02/08 03:18:11 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2013/02/08 03:17:35 | 3168,219,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/08 02:40:18 | 000,001,137 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/08 01:35:41 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/02/08 00:32:48 | 000,061,440 | ---- | M] ( ) -- C:\Users\user\Desktop\VEW.exe
[2013/02/08 00:31:12 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/08 00:29:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013/02/08 00:16:10 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/02/08 00:14:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/02/07 20:44:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/07 06:47:20 | 000,675,958 | ---- | M] () -- C:\windows\SysNative\oem6.inf
[2013/02/07 02:12:20 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/07 02:11:28 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/02/03 17:22:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2496846423-2674535317-2042609940-1004Core.job
[2013/01/22 17:10:58 | 000,438,520 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/21 21:33:49 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2013/01/15 21:42:32 | 000,125,178 | ---- | M] () -- C:\Users\user\Documents\Publication1.jpg

========== Files Created - No Company Name ==========

[2013/02/08 03:19:02 | 000,061,440 | ---- | C] ( ) -- C:\Users\user\Desktop\VEW.exe
[2013/02/08 02:40:18 | 000,001,137 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/08 01:28:04 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/02/08 01:28:04 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/02/08 01:28:04 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/02/08 01:28:04 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/02/08 01:28:04 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/02/07 02:12:20 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/02/07 02:11:28 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/01/22 01:10:53 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/22 00:56:40 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/15 21:42:31 | 000,125,178 | ---- | C] () -- C:\Users\user\Documents\Publication1.jpg
[2012/11/23 23:34:08 | 000,000,254 | ---- | C] () -- C:\windows\RomeTW.ini
[2010/11/12 19:11:16 | 000,007,859 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2010/11/12 19:11:16 | 000,001,167 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9250315AS
Partitions: 4
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Kingston DataTraveler 112 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 188.00GB
Starting Offset: 210763776
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 30.00GB
Starting Offset: 201739042816
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 234216587264
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/08/08 04:02:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2012/04/21 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer
[2012/10/04 21:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2011/02/16 02:22:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVS4YOU
[2010/08/01 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CyberLink
[2011/07/02 22:03:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2010/08/01 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EasyCapture
[2011/03/23 23:41:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ID Vault
[2010/07/07 00:55:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2013/02/07 06:46:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InstallShield
[2013/02/08 00:03:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lenovo
[2010/07/07 01:17:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2013/01/22 17:59:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2009/07/29 01:23:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2013/01/22 17:51:36 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2011/03/18 23:35:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oberon Media
[2011/04/06 02:22:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rovio
[2011/07/09 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\runic games
[2010/07/06 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\supportdotcom
[2011/02/09 13:58:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\U3
[2010/11/12 19:11:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vso
[2010/08/10 23:46:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 19:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009/07/13 19:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/01/12 16:33:27 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/01/12 16:33:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/01/12 16:33:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/01/12 16:33:27 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 19:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 07:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/20 07:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\windows\SysNative\mswsock.dll
[2010/11/20 07:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 19:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 19:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 19:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 19:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\windows\SysNative\NapiNSP.dll
[2009/07/13 19:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 19:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 01:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 01:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 06:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 10:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 07:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 11:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\windows\SysNative\nlaapi.dll
[2012/10/03 11:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 19:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 11:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 19:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 19:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 19:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\windows\SysNative\pnrpnsp.dll
[2009/07/13 19:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 19:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\windows\SysNative\PrintIsolationHost.exe
[2009/07/13 19:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 19:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\windows\SysNative\winrnr.dll
[2009/07/13 19:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 19:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 19:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 19:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/13 19:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/23 03:21:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/23 03:21:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/23 03:21:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/23 03:21:33 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/23 03:21:33 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/23 03:21:33 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2011/02/11 11:18:33 | 000,035,734 | ---- | M] ()(C:\Users\user\Documents\Fl?veni Character Sketch.docx) -- C:\Users\user\Documents\Flάveni Character Sketch.docx
[2011/02/10 20:36:31 | 000,035,734 | ---- | C] ()(C:\Users\user\Documents\Fl?veni Character Sketch.docx) -- C:\Users\user\Documents\Flάveni Character Sketch.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EBE00DD2

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP