Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mouse is slow when internet is used [Solved]

Started by Marcusmmc23 , Mar 14 2013 12:07 PM

  • This topic is locked This topic is locked

#1
Marcusmmc23
Posted 14 March 2013 - 12:07 PM

Marcusmmc23

    Member

  • Member
  • PipPip
  • 57 posts
I've been posting in the Windows 7 forum here but it was suggested that I come here for a bit more help trying to locate a problem.

I've searched the forum for others who have seemingly the same problems as me. I was not really able to find anything that would help me out so from what I've read, I'll provide you this information.

I am using a W7 Ultimate 64 bit install on a custom built machine. EVGA Z68 SLI motherboard with an Intel i7 2700K and 16 GB of RAM. I'm not overclocking and don't have any heat issues being reported on the system including my GPU.

My problem is baffling me. If I were to steam a movie on my system, my perfomance seems to drop significantly. My mouse will jump all over the screen if I try to close a window. Strangly enough, if my kids stream a movie on my wife's laptop, my mouse performance drops as if the movie were streaming on my computer. The issue only seems to be affecting my mouse.

I've done speedtests on my PC while streaming a movie on my wife's laptop and I am getting good results. I don't know where to begin.

I understand you pros are all volunteers and I certainly appreciate all the help you provide. I look forward to hearing from you to figure out this strange issue.

Marcus
  • 0

Advertisements

#2
Marcusmmc23
Posted 14 March 2013 - 12:09 PM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I did not read the instructions about the Malware and Spyware cleaning guide. I will do them and report back.

OTL logfile created on: 3/14/2013 12:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.13 Gb Available Physical Memory | 82.18% Memory free
31.96 Gb Paging File | 29.13 Gb Available in Paging File | 91.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.64 Gb Total Space | 258.41 Gb Free Space | 36.99% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 145.82 Gb Free Space | 15.65% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 94.86 Gb Free Space | 40.74% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 70.95 Gb Free Space | 30.47% Space Free | Partition Type: NTFS

Computer Name: MARCUS-CUSTOM | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/14 12:09:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Downloads\OTL.exe
PRC - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/02/21 04:35:28 | 000,607,048 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
PRC - [2013/02/18 19:39:46 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/02/18 19:39:46 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/04/19 21:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/18 15:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/21 04:35:28 | 000,607,048 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
MOD - [2013/02/18 19:39:47 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/18 19:39:46 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/02/08 10:35:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
MOD - [2013/02/08 10:35:46 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
MOD - [2013/02/08 10:35:32 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll
MOD - [2013/02/08 10:35:24 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll
MOD - [2013/02/08 10:35:18 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/01 00:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll
MOD - [2010/07/07 12:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/03/06 10:46:06 | 000,069,632 | ---- | M] (Just Flight Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe -- (Just Flight Limited License Service)
SRV - [2013/02/27 14:57:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/18 19:39:46 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/29 04:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/28 15:38:59 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/26 15:44:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/17 19:39:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/06/17 19:36:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/18 19:39:47 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/26 19:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/23 10:46:45 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/07/17 18:48:59 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/07/09 23:09:10 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/18 21:57:38 | 000,126,912 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/19 18:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/12/11 19:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 19:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/23 03:11:28 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/08/10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/02/03 12:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/12 05:19:32 | 000,095,744 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 18:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 18:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 17:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/02/15 17:50:02 | 000,178,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH0763.sys -- (SaiH0763)
DRV:64bit: - [2007/09/14 08:47:06 | 000,176,128 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV - [2013/02/21 04:35:26 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2011/04/19 21:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 C9 9F 98 C0 3F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-01 20:46:04&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: qmatcginyn%40qmatcginyn.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/03/06 10:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 19:39:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 14:57:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/08 22:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions
[2012/11/14 11:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\extensions
[1624/03/04 05:47:50 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\extensions\[email protected]
[2013/02/27 14:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/27 14:57:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/18 19:40:01 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/02/06 11:42:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 14:57:55 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/04/30 15:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://jeffco.us/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{000C7415-417B-4D4E-AC90-02E1B16B3349}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BF91E8A-0620-4700-98C9-4B8184FAA31D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{750142CB-77F2-410C-A2A6-1F457B8EE88F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6033A31-EE9F-46B0-9435-B51BF129FC13}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Installer_Windows.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Installer_Windows.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Installer_Windows.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/13 03:28:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/13 03:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/03/12 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\Flash Cards
[2013/03/06 11:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
[2013/03/06 11:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Just Flight Limited
[2013/03/06 10:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/06 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Just Flight Limited Shared
[2013/03/03 18:51:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\TechSmith
[2013/03/03 18:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/03/01 12:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MILVIZ
[2013/03/01 10:55:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilViz - Northrop T-38 Talon
[2013/02/27 14:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/25 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\Football Helmets
[2013/02/23 21:09:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\OverlayEditor
[2013/02/23 21:09:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\marginal.org
[2013/02/23 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverlayEditor
[2013/02/23 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2013/02/21 15:21:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/21 15:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/21 15:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/18 12:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/17 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\The Movies
[2013/02/17 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Lionhead Studios
[2013/02/17 15:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies
[2013/02/17 15:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios
[2013/02/15 16:07:41 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2013/02/15 16:07:41 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2013/02/15 16:07:41 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2013/02/14 17:08:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logs
[2013/02/14 16:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PilotEdge
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/14 11:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/14 11:52:03 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/14 11:52:03 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/14 11:50:29 | 017,455,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/14 11:50:29 | 000,746,118 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/03/14 11:50:29 | 000,745,962 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/03/14 11:50:29 | 000,743,832 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/03/14 11:50:29 | 000,740,656 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013/03/14 11:50:29 | 000,740,654 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/03/14 11:50:29 | 000,729,654 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013/03/14 11:50:29 | 000,725,186 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013/03/14 11:50:29 | 000,714,442 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/03/14 11:50:29 | 000,697,402 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/14 11:50:29 | 000,684,140 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013/03/14 11:50:29 | 000,669,158 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013/03/14 11:50:29 | 000,664,402 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013/03/14 11:50:29 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/14 11:50:29 | 000,657,416 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/03/14 11:50:29 | 000,607,338 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/03/14 11:50:29 | 000,509,960 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013/03/14 11:50:29 | 000,495,236 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013/03/14 11:50:29 | 000,482,100 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013/03/14 11:50:29 | 000,479,880 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013/03/14 11:50:29 | 000,430,038 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013/03/14 11:50:29 | 000,418,444 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/03/14 11:50:29 | 000,402,870 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013/03/14 11:50:29 | 000,393,446 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013/03/14 11:50:29 | 000,385,768 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013/03/14 11:50:29 | 000,170,668 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013/03/14 11:50:29 | 000,158,008 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/03/14 11:50:29 | 000,155,284 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013/03/14 11:50:29 | 000,152,600 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/03/14 11:50:29 | 000,152,572 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013/03/14 11:50:29 | 000,150,164 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013/03/14 11:50:29 | 000,148,976 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/03/14 11:50:29 | 000,148,466 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/14 11:50:29 | 000,147,164 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/03/14 11:50:29 | 000,146,472 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/03/14 11:50:29 | 000,142,158 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013/03/14 11:50:29 | 000,140,780 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013/03/14 11:50:29 | 000,139,562 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/03/14 11:50:29 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/03/14 11:50:29 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/14 11:50:29 | 000,120,166 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013/03/14 11:50:29 | 000,119,738 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013/03/14 11:50:29 | 000,114,824 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013/03/14 11:50:29 | 000,110,676 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/03/14 11:50:29 | 000,100,816 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013/03/14 11:50:29 | 000,098,156 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013/03/14 11:50:29 | 000,094,966 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013/03/14 11:50:29 | 000,094,474 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013/03/14 11:50:29 | 000,084,584 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013/03/14 11:44:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/14 11:44:39 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/14 11:44:21 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/03/14 11:44:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/14 11:44:09 | 4281,307,134 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/14 11:43:08 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/14 11:43:08 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/14 11:43:08 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/14 08:58:49 | 113,274,633 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/03/12 22:04:40 | 000,000,077 | ---- | M] () -- C:\Windows\ACSim.ini
[2013/03/12 19:27:11 | 000,000,132 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/03/12 16:21:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/03/12 16:21:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/03/11 18:42:22 | 000,770,104 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/03/11 16:52:52 | 000,133,920 | ---- | M] () -- C:\Users\Marcus\Desktop\ZLA Cheat Sheet.pdf
[2013/03/10 22:40:26 | 000,000,073 | ---- | M] () -- C:\Users\Marcus\AppData\Local\X-Plane_drm.prf
[2013/03/08 16:33:55 | 000,001,092 | ---- | M] () -- C:\Users\Marcus\Desktop\EVGA Precision X.lnk
[2013/03/06 11:10:03 | 000,000,575 | ---- | M] () -- C:\Users\Public\Desktop\AirHauler.lnk
[2013/03/03 21:48:59 | 000,000,080 | ---- | M] () -- C:\Users\Marcus\AppData\Local\X-Plane Installer.prf
[2013/03/02 21:06:44 | 000,007,168 | ---- | M] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/27 21:23:31 | 000,000,270 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\OpenSceneryX Installer.plist
[2013/02/27 15:22:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/02/26 01:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/21 15:21:52 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/18 19:39:47 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/15 16:55:22 | 004,994,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 21:53:29 | 000,001,351 | ---- | M] () -- C:\Users\Marcus\Desktop\Sector Datastore 2.0 - Shortcut.lnk
[2013/02/13 21:50:36 | 000,000,132 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Adobe GIF Format CS5 Prefs
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/11 16:52:51 | 000,133,920 | ---- | C] () -- C:\Users\Marcus\Desktop\ZLA Cheat Sheet.pdf
[2013/03/06 11:10:03 | 000,000,575 | ---- | C] () -- C:\Users\Public\Desktop\AirHauler.lnk
[2013/03/01 10:57:08 | 000,272,896 | ---- | C] () -- C:\Windows\mvalkdj.dll
[2013/02/27 21:23:31 | 000,000,270 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\OpenSceneryX Installer.plist
[2013/02/23 21:08:50 | 000,001,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverlayEditor.lnk
[2013/02/15 16:07:41 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/13 21:53:29 | 000,001,351 | ---- | C] () -- C:\Users\Marcus\Desktop\Sector Datastore 2.0 - Shortcut.lnk
[2013/02/13 21:50:36 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/01/24 23:01:35 | 000,026,900 | ---- | C] () -- C:\Users\Marcus\AppData\Local\dt.dat
[2012/10/27 16:42:58 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/26 11:13:53 | 000,905,031 | ---- | C] () -- C:\Users\Marcus\AppData\Local\census.cache
[2012/10/26 11:13:44 | 000,145,930 | ---- | C] () -- C:\Users\Marcus\AppData\Local\ars.cache
[2012/10/26 11:01:21 | 000,000,036 | ---- | C] () -- C:\Users\Marcus\AppData\Local\housecall.guid.cache
[2012/10/25 05:07:35 | 000,000,176 | ---- | C] () -- C:\ProgramData\qfetncklmbgfgjv
[2012/10/19 21:31:27 | 000,000,116 | ---- | C] () -- C:\Users\Marcus\Adobe Encore_AME.pref
[2012/10/19 17:00:53 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/10/18 17:24:29 | 000,036,864 | ---- | C] () -- C:\Windows\unslive.exe
[2012/10/02 20:21:17 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/09/29 17:15:28 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/09/18 13:22:38 | 000,007,605 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2012/08/31 15:43:06 | 000,196,828 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/13 12:58:54 | 000,000,899 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\XAddonManager.plist
[2012/07/02 12:09:26 | 000,000,073 | ---- | C] () -- C:\Users\Marcus\AppData\Local\X-Plane_drm.prf
[2012/07/02 12:08:34 | 000,000,080 | ---- | C] () -- C:\Users\Marcus\AppData\Local\X-Plane Installer.prf
[2012/06/17 19:32:27 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/06/17 19:32:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/06/16 19:23:38 | 000,007,168 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 08:35:04 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/13 14:56:27 | 000,000,077 | ---- | C] () -- C:\Windows\ACSim.ini
[2012/06/02 15:23:30 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012/06/01 21:49:44 | 017,292,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/23 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Acronis
[2012/09/17 15:59:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ASE
[2012/06/01 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AVG2012
[2013/01/25 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Celemony Software GmbH
[2012/10/19 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/19 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/09 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FileZilla
[2012/07/28 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Flight1
[2012/06/25 13:56:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HiFi
[2012/08/09 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ieSpell
[2013/02/17 15:42:25 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Lionhead Studios
[2013/02/23 21:09:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\marginal.org
[2012/10/26 10:23:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\MonkeyJam
[2012/10/19 17:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PACE Anti-Piracy
[2012/06/02 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PolyView
[2012/06/01 23:23:00 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Publish Providers
[2012/10/04 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\QualityWings
[2012/10/26 10:23:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Research In Motion
[2012/06/17 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Smart Recorder
[2012/12/18 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sony
[2012/10/19 17:02:15 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/23 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2013/03/13 09:08:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client
[2013/02/05 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TuneUp Software
[2013/03/13 17:36:46 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
[2012/09/07 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\VAT-Spy

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1095 bytes -> C:\ProgramData\Microsoft:aVKadyq3fOmtrlmWLJ9OD
@Alternate Data Stream - 1063 bytes -> C:\Users\Marcus\AppData\Local\u5my1SgthXdM:hbx9fdRTxgI2EumHbfbwkHs

< End of report >

Edited by Marcusmmc23, 14 March 2013 - 12:55 PM.

  • 0

#3
godawgs
Posted 17 March 2013 - 12:51 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Marcus, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from (C:\Users\Marcus\Downloads). Please post the contents of that file.

I noticed that you installed the Microsoft Mouse and Keyboard Center on your system on March 3rd as evidenced by this line in the OTL log:

[2013/03/03 18:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

This was before you posted your problem in the Windows 7 forum. Is that about when the problem started? My research indicates that although this program will work on Windows 7 is was primarily designed for Windows 8. See the Microsoft articehere for trouble shooting.

Also see the articles here and here for a list of unsupported devices.

I see a couple of things on the system that we will address and I want some files scanned.
The UAC (User Account Control) has been turned off. Did you do this on purpose?


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
FF - prefs.js..extensions.enabledAddons: qmatcginyn%40qmatcginyn.org:2.5
[1624/03/04 05:47:50 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\extensions\[email protected]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Installer_Windows.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Installer_Windows.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Installer_Windows.exe
[2013/03/14 11:44:39 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/14 11:44:21 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/10/25 05:07:35 | 000,000,176 | ---- | C] () -- C:\ProgramData\qfetncklmbgfgjv
@Alternate Data Stream - 1095 bytes -> C:\ProgramData\Microsoft:aVKadyq3fOmtrlmWLJ9OD
@Alternate Data Stream - 1063 bytes -> C:\Users\Marcus\AppData\Local\u5my1SgthXdM:hbx9fdRTxgI2EumHbfbwkHs

FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Now let's get a fresh OTL scan including all users.

Step-2.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.*
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\SysWow64\APOMngr.DLL
    C:\Windows\SysWow64\CmdRtr.DLL
    C:\Windows\SysWow64\wpcap.dll
    C:\Windows\SysWow64\Packet.dll
    C:\Windows\SysNative\drivers\npf.sys
    C:\Windows\mvalkdj.dll
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 6 for each file listed.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question about the UAC
2. The OTL fixes log
3. The new OTL.txt log
4. The Extras.txt log
5. The links to the VirusTotal results
  • 0

#4
Marcusmmc23
Posted 18 March 2013 - 12:18 PM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
STEP 1:
I installed the Microsoft Mouse software to see if the problem was mouse software software related. It didn't fix anything and I eventually made it here.
I turned off UAC on purpose as it affects a program I use daily. So, yes it is off on my account and would like to continue leaving it off if possible.

STEP 2:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: qmatcginyn%40qmatcginyn.org:2.5 removed from extensions.enabledAddons
C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\extensions\[email protected] moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\Installer_Windows.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\Installer_Windows.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\Installer_Windows.exe not found.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job moved successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\ProgramData\qfetncklmbgfgjv moved successfully.
ADS C:\ProgramData\Microsoft:aVKadyq3fOmtrlmWLJ9OD deleted successfully.
ADS C:\Users\Marcus\AppData\Local\u5my1SgthXdM:hbx9fdRTxgI2EumHbfbwkHs deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marcus
->Temp folder emptied: 45548646 bytes
->Temporary Internet Files folder emptied: 400287853 bytes
->Java cache emptied: 3064483 bytes
->FireFox cache emptied: 395426657 bytes
->Flash cache emptied: 60186 bytes

User: Public

User: UpdatusUser

User: UpdatusUser.Marcus-Custom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2177704 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 584065 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 6769553 bytes

Total Files Cleaned = 815.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03182013_101444

Files\Folders moved on Reboot...
C:\Users\Marcus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marcus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKWOWW3E\page__pid__2274109[1].htm moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

STEP 3:
OTL logfile created on: 3/18/2013 10:47:20 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.38 Gb Available Physical Memory | 83.70% Memory free
31.96 Gb Paging File | 29.35 Gb Available in Paging File | 91.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.64 Gb Total Space | 258.14 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 146.15 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 94.86 Gb Free Space | 40.74% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 70.95 Gb Free Space | 30.47% Space Free | Partition Type: NTFS

Computer Name: MARCUS-CUSTOM | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/14 12:09:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/02/21 04:35:28 | 000,607,048 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
PRC - [2013/02/18 19:39:46 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/02/18 19:39:46 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/04/19 21:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/18 15:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/21 04:35:28 | 000,607,048 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
MOD - [2013/02/18 19:39:47 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/18 19:39:46 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/02/08 10:35:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
MOD - [2013/02/08 10:35:46 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
MOD - [2013/02/08 10:35:32 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll
MOD - [2013/02/08 10:35:24 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll
MOD - [2013/02/08 10:35:18 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/01 00:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll
MOD - [2010/07/07 12:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/03/06 10:46:06 | 000,069,632 | ---- | M] (Just Flight Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe -- (Just Flight Limited License Service)
SRV - [2013/02/27 14:57:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/18 19:39:46 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/29 04:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/28 15:38:59 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/26 15:44:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/17 19:39:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/06/17 19:36:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/18 19:39:47 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/26 19:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/23 10:46:45 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/07/17 18:48:59 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/07/09 23:09:10 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/18 21:57:38 | 000,126,912 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/19 18:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/12/11 19:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 19:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/23 03:11:28 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/08/10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/02/03 12:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/12 05:19:32 | 000,095,744 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 18:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 18:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 17:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/02/15 17:50:02 | 000,178,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH0763.sys -- (SaiH0763)
DRV:64bit: - [2007/09/14 08:47:06 | 000,176,128 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV - [2013/02/21 04:35:26 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2011/04/19 21:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 C9 9F 98 C0 3F CD 01 [binary data]
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-01 20:46:04&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/03/06 10:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 19:39:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 14:57:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/08 22:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions
[2013/03/18 10:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\extensions
[2013/02/27 14:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\17S8W51E.DEFAULT\EXTENSIONS\[email protected]
[2013/02/27 14:57:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/18 19:40:01 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/02/06 11:42:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 14:57:55 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/04/30 15:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2454372500-3351072776-1793313849-1006..\Run: [ROC_JAN2013_TB] C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe ()
O4 - HKU\S-1-5-21-2454372500-3351072776-1793313849-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2454372500-3351072776-1793313849-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2454372500-3351072776-1793313849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://jeffco.us/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{000C7415-417B-4D4E-AC90-02E1B16B3349}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BF91E8A-0620-4700-98C9-4B8184FAA31D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{750142CB-77F2-410C-A2A6-1F457B8EE88F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6033A31-EE9F-46B0-9435-B51BF129FC13}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 10:14:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/14 12:09:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013/03/13 03:28:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/13 03:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/03/12 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\Flash Cards
[2013/03/06 11:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
[2013/03/06 11:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Just Flight Limited
[2013/03/06 10:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/06 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Just Flight Limited Shared
[2013/03/03 18:51:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\TechSmith
[2013/03/03 18:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/03/03 17:01:02 | 002,558,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013/03/01 12:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MILVIZ
[2013/03/01 10:55:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilViz - Northrop T-38 Talon
[2013/02/27 14:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/26 01:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/26 01:32:42 | 015,129,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/02/26 01:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/26 01:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/26 01:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/26 01:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/26 01:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/26 01:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/26 01:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/26 01:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/26 01:32:08 | 012,641,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/26 01:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/26 01:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/26 01:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/25 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\Football Helmets
[2013/02/23 21:09:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\OverlayEditor
[2013/02/23 21:09:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\marginal.org
[2013/02/23 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverlayEditor
[2013/02/23 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2013/02/21 15:21:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/21 15:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/21 15:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/18 12:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/18 12:28:41 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/18 12:28:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/18 12:28:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/18 12:28:33 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/02/17 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\The Movies
[2013/02/17 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Lionhead Studios
[2013/02/17 15:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies
[2013/02/17 15:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios

========== Files - Modified Within 30 Days ==========

[2013/03/18 10:42:27 | 113,789,323 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/03/18 10:30:53 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 10:30:53 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 10:29:10 | 017,455,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/18 10:29:10 | 000,746,118 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/03/18 10:29:10 | 000,745,962 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/03/18 10:29:10 | 000,743,832 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/03/18 10:29:10 | 000,740,656 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013/03/18 10:29:10 | 000,740,654 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/03/18 10:29:10 | 000,729,654 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013/03/18 10:29:10 | 000,725,186 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013/03/18 10:29:10 | 000,714,442 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/03/18 10:29:10 | 000,697,402 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/18 10:29:10 | 000,684,140 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013/03/18 10:29:10 | 000,669,158 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013/03/18 10:29:10 | 000,664,402 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013/03/18 10:29:10 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/18 10:29:10 | 000,657,416 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/03/18 10:29:10 | 000,607,338 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/03/18 10:29:10 | 000,509,960 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013/03/18 10:29:10 | 000,495,236 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013/03/18 10:29:10 | 000,482,100 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013/03/18 10:29:10 | 000,479,880 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013/03/18 10:29:10 | 000,430,038 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013/03/18 10:29:10 | 000,418,444 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/03/18 10:29:10 | 000,402,870 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013/03/18 10:29:10 | 000,393,446 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013/03/18 10:29:10 | 000,385,768 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013/03/18 10:29:10 | 000,170,668 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013/03/18 10:29:10 | 000,158,008 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/03/18 10:29:10 | 000,155,284 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013/03/18 10:29:10 | 000,152,600 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/03/18 10:29:10 | 000,152,572 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013/03/18 10:29:10 | 000,150,164 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013/03/18 10:29:10 | 000,148,976 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/03/18 10:29:10 | 000,148,466 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/18 10:29:10 | 000,147,164 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/03/18 10:29:10 | 000,146,472 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/03/18 10:29:10 | 000,142,158 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013/03/18 10:29:10 | 000,140,780 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013/03/18 10:29:10 | 000,139,562 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/03/18 10:29:10 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/03/18 10:29:10 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/18 10:29:10 | 000,120,166 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013/03/18 10:29:10 | 000,119,738 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013/03/18 10:29:10 | 000,114,824 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013/03/18 10:29:10 | 000,110,676 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/03/18 10:29:10 | 000,100,816 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013/03/18 10:29:10 | 000,098,156 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013/03/18 10:29:10 | 000,094,966 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013/03/18 10:29:10 | 000,094,474 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013/03/18 10:29:10 | 000,084,584 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013/03/18 10:23:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/18 10:22:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/18 10:22:48 | 4281,307,134 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 10:21:54 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/18 10:21:54 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/18 10:21:54 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/18 09:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 09:06:46 | 000,245,226 | ---- | M] () -- C:\Users\Marcus\Documents\PVH-U DCE.pdf
[2013/03/17 15:41:56 | 000,000,073 | ---- | M] () -- C:\Users\Marcus\AppData\Local\X-Plane_drm.prf
[2013/03/17 13:43:47 | 000,007,597 | ---- | M] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2013/03/16 10:42:49 | 000,771,808 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/03/14 12:09:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2013/03/12 22:04:40 | 000,000,077 | ---- | M] () -- C:\Windows\ACSim.ini
[2013/03/12 19:27:11 | 000,000,132 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/03/12 16:21:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/03/12 16:21:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/03/11 16:52:52 | 000,133,920 | ---- | M] () -- C:\Users\Marcus\Desktop\ZLA Cheat Sheet.pdf
[2013/03/08 16:33:55 | 000,001,092 | ---- | M] () -- C:\Users\Marcus\Desktop\EVGA Precision X.lnk
[2013/03/06 11:10:03 | 000,000,575 | ---- | M] () -- C:\Users\Public\Desktop\AirHauler.lnk
[2013/03/03 21:48:59 | 000,000,080 | ---- | M] () -- C:\Users\Marcus\AppData\Local\X-Plane Installer.prf
[2013/03/02 21:06:44 | 000,007,168 | ---- | M] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/27 21:23:31 | 000,000,270 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\OpenSceneryX Installer.plist
[2013/02/27 15:22:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/02/26 01:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/26 01:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/02/26 01:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/02/26 01:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/26 01:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/02/26 01:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/02/26 01:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013/02/26 01:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/26 01:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/26 01:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/26 01:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/26 01:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013/02/26 01:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/26 01:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/26 01:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/02/26 01:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/26 01:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/26 01:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/26 01:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/26 01:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/26 01:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/21 15:21:52 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/18 19:39:47 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/18 12:28:30 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/18 12:28:30 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/02/18 12:28:30 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/02/18 12:28:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/02/18 12:28:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/02/18 12:28:30 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files Created - No Company Name ==========

[2013/03/18 09:06:46 | 000,245,226 | ---- | C] () -- C:\Users\Marcus\Documents\PVH-U DCE.pdf
[2013/03/11 16:52:51 | 000,133,920 | ---- | C] () -- C:\Users\Marcus\Desktop\ZLA Cheat Sheet.pdf
[2013/03/06 11:10:03 | 000,000,575 | ---- | C] () -- C:\Users\Public\Desktop\AirHauler.lnk
[2013/03/01 10:57:08 | 000,272,896 | ---- | C] () -- C:\Windows\mvalkdj.dll
[2013/02/27 21:23:31 | 000,000,270 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\OpenSceneryX Installer.plist
[2013/02/23 21:08:50 | 000,001,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverlayEditor.lnk
[2013/02/15 16:07:41 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/13 21:50:36 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/01/24 23:01:35 | 000,026,900 | ---- | C] () -- C:\Users\Marcus\AppData\Local\dt.dat
[2012/10/27 16:42:58 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/26 11:13:53 | 000,905,031 | ---- | C] () -- C:\Users\Marcus\AppData\Local\census.cache
[2012/10/26 11:13:44 | 000,145,930 | ---- | C] () -- C:\Users\Marcus\AppData\Local\ars.cache
[2012/10/26 11:01:21 | 000,000,036 | ---- | C] () -- C:\Users\Marcus\AppData\Local\housecall.guid.cache
[2012/10/19 21:31:27 | 000,000,116 | ---- | C] () -- C:\Users\Marcus\Adobe Encore_AME.pref
[2012/10/19 17:00:53 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/10/18 17:24:29 | 000,036,864 | ---- | C] () -- C:\Windows\unslive.exe
[2012/10/02 20:21:17 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/09/29 17:15:28 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/09/18 13:22:38 | 000,007,597 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2012/08/31 15:43:06 | 000,196,828 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/13 12:58:54 | 000,000,899 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\XAddonManager.plist
[2012/07/02 12:09:26 | 000,000,073 | ---- | C] () -- C:\Users\Marcus\AppData\Local\X-Plane_drm.prf
[2012/07/02 12:08:34 | 000,000,080 | ---- | C] () -- C:\Users\Marcus\AppData\Local\X-Plane Installer.prf
[2012/06/17 19:32:27 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/06/17 19:32:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/06/16 19:23:38 | 000,007,168 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 08:35:04 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/13 14:56:27 | 000,000,077 | ---- | C] () -- C:\Windows\ACSim.ini
[2012/06/02 15:23:30 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012/06/01 21:49:44 | 017,292,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/30 10:48:11 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/30 10:48:11 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/07/23 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Acronis
[2012/09/17 15:59:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ASE
[2012/06/01 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AVG2012
[2013/01/25 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Celemony Software GmbH
[2012/10/19 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/19 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/09 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FileZilla
[2012/07/28 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Flight1
[2012/06/25 13:56:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HiFi
[2012/08/09 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ieSpell
[2013/02/17 15:42:25 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Lionhead Studios
[2013/02/23 21:09:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\marginal.org
[2012/10/26 10:23:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\MonkeyJam
[2012/10/19 17:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PACE Anti-Piracy
[2012/06/02 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PolyView
[2012/06/01 23:23:00 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Publish Providers
[2012/10/04 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\QualityWings
[2012/10/26 10:23:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Research In Motion
[2012/06/17 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Smart Recorder
[2012/12/18 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sony
[2012/10/19 17:02:15 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/23 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2013/03/17 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client
[2013/02/05 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TuneUp Software
[2013/03/16 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
[2012/09/07 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\VAT-Spy

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 07:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 18:50:56 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=00AB3621DF742387F851752C2C8BEABF -- C:\Windows\SysNative\pl-PL\services.exe.mui
[2009/07/13 18:50:56 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=00AB3621DF742387F851752C2C8BEABF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_c53a849eadd09e23\services.exe.mui
[2009/07/13 18:56:04 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=03B4952EC0933EBB9F8DEA9C8A812C29 -- C:\Windows\SysNative\fi-FI\services.exe.mui
[2009/07/13 18:56:04 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=03B4952EC0933EBB9F8DEA9C8A812C29 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_64d89a4f34e71837\services.exe.mui
[2009/07/13 18:56:16 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=06F1D18489683D6A92DC1708DDAB1F57 -- C:\Windows\SysNative\nb-NO\services.exe.mui
[2009/07/13 18:56:16 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=06F1D18489683D6A92DC1708DDAB1F57 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_80bededec782269a\services.exe.mui
[2009/07/13 18:59:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=11387BE13068750A0D7A9E4CA9649373 -- C:\Windows\SysNative\cs-CZ\services.exe.mui
[2009/07/13 18:59:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=11387BE13068750A0D7A9E4CA9649373 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_829bed6258abd80a\services.exe.mui
[2009/07/13 19:19:58 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=130B7341F5446430B3FFB7DCD9A786E3 -- C:\Windows\SysNative\ja-JP\services.exe.mui
[2009/07/13 19:19:58 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=130B7341F5446430B3FFB7DCD9A786E3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8\services.exe.mui
[2009/07/13 19:00:48 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=18A525B3727F2AE7E8D440F42FC82C2E -- C:\Windows\SysNative\fr-FR\services.exe.mui
[2009/07/13 19:00:48 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=18A525B3727F2AE7E8D440F42FC82C2E -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68750ba1329f3c6f\services.exe.mui
[2009/07/13 18:59:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\Windows\SysNative\it-IT\services.exe.mui
[2009/07/13 18:59:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed\services.exe.mui
[2009/07/13 18:59:26 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=41DB03418DF56EF7DCCA75086DBEB772 -- C:\Windows\SysNative\pt-PT\services.exe.mui
[2009/07/13 18:59:26 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=41DB03418DF56EF7DCCA75086DBEB772 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_c8703eaeabc9a1e3\services.exe.mui
[2009/07/13 20:08:24 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=424DA2137012397299C94B7342F3D19E -- C:\Windows\SysNative\ko-KR\services.exe.mui
[2009/07/13 20:08:24 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=424DA2137012397299C94B7342F3D19E -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_982c5da9ef5cfade\services.exe.mui
[2009/07/13 18:54:14 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=42A149B4C86CD8B535532CEF34F70414 -- C:\Windows\SysNative\sl-SI\services.exe.mui
[2009/07/13 18:54:14 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=42A149B4C86CD8B535532CEF34F70414 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_ad4076d7865f351c\services.exe.mui
[2009/07/13 19:00:08 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=45DB0782754B0C2AAFE0722AD2BD5B93 -- C:\Windows\SysNative\ro-RO\services.exe.mui
[2009/07/13 19:00:08 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=45DB0782754B0C2AAFE0722AD2BD5B93 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0cab04e692306d3f\services.exe.mui
[2009/07/13 18:51:58 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=4CF36013D04041D604E21CC6F80B73F7 -- C:\Windows\SysNative\sk-SK\services.exe.mui
[2009/07/13 18:51:58 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=4CF36013D04041D604E21CC6F80B73F7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_ae2e551f85c52239\services.exe.mui
[2009/07/13 19:06:48 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=4FF00357C23A9DB81045B9B0FB593920 -- C:\Windows\SysNative\hu-HU\services.exe.mui
[2009/07/13 19:06:48 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=4FF00357C23A9DB81045B9B0FB593920 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_afe58be916ff0b8b\services.exe.mui
[2009/07/13 18:53:44 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=504F8B0A67D4AE3E981C09C1F25CEF75 -- C:\Windows\SysNative\lt-LT\services.exe.mui
[2009/07/13 18:53:44 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=504F8B0A67D4AE3E981C09C1F25CEF75 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_3bf789aae184c67b\services.exe.mui
[2009/07/13 18:50:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\SysNative\pt-BR\services.exe.mui
[2009/07/13 18:50:42 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=50535783545434F9F2AB62A53C706EFA -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207\services.exe.mui
[2009/07/13 18:56:16 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=507399F526A76481E3CDA23445955929 -- C:\Windows\SysNative\he-IL\services.exe.mui
[2009/07/13 18:56:16 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=507399F526A76481E3CDA23445955929 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_he-il_ac94b343190e3d5d\services.exe.mui
[2009/07/13 18:55:50 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5FFB6A441A1CA12DF3B280CFCF153DB9 -- C:\Windows\SysNative\el-GR\services.exe.mui
[2009/07/13 18:55:50 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5FFB6A441A1CA12DF3B280CFCF153DB9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_c59790583fdd9131\services.exe.mui
[2009/07/13 19:03:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\SysNative\da-DK\services.exe.mui
[2009/07/13 19:03:04 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2009/07/13 19:02:44 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=6CE5201E3CF600E0AF21C1BF2C0DD1D0 -- C:\Windows\SysNative\hr-HR\services.exe.mui
[2009/07/13 19:02:44 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=6CE5201E3CF600E0AF21C1BF2C0DD1D0 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_aeb1662317c1aa23\services.exe.mui
[2009/07/13 20:08:38 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=80715CABC9EC87D30CCBF3E5BF704332 -- C:\Windows\SysNative\zh-CN\services.exe.mui
[2009/07/13 20:08:38 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=80715CABC9EC87D30CCBF3E5BF704332 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_2578a32c26c80e7a\services.exe.mui
[2009/07/13 18:47:52 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8C88453F39470BA09029BDFC7A9A6D95 -- C:\Windows\SysNative\bg-BG\services.exe.mui
[2009/07/13 18:47:52 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8C88453F39470BA09029BDFC7A9A6D95 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_d79276c76b23fbdf\services.exe.mui
[2009/07/13 18:59:12 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A4880BDF654678A0C2D3BB1243BC4D45 -- C:\Windows\SysNative\sv-SE\services.exe.mui
[2009/07/13 18:59:12 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=A4880BDF654678A0C2D3BB1243BC4D45 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_ab0e3ae787d43a6a\services.exe.mui
[2009/07/13 18:53:46 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A503B769811E6B548E1DF08670E32B04 -- C:\Windows\SysNative\th-TH\services.exe.mui
[2009/07/13 18:53:46 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A503B769811E6B548E1DF08670E32B04 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_th-th_50185c9a7918f7ab\services.exe.mui
[2009/07/13 18:53:54 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=AA7C40AA8928D17BEB293741C5ABC200 -- C:\Windows\SysNative\lv-LV\services.exe.mui
[2009/07/13 18:53:54 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=AA7C40AA8928D17BEB293741C5ABC200 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_3cc4f82ee103076b\services.exe.mui
[2009/07/13 18:57:50 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=B84CF40C8CF1DA44A95CC37E360EB977 -- C:\Windows\SysNative\nl-NL\services.exe.mui
[2009/07/13 18:57:50 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=B84CF40C8CF1DA44A95CC37E360EB977 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_7efe2a1cc8ae306f\services.exe.mui
[2009/07/13 18:57:54 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=BF100C8718B2AD137ACCD16DAFD107DF -- C:\Windows\SysNative\tr-TR\services.exe.mui
[2009/07/13 18:57:54 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=BF100C8718B2AD137ACCD16DAFD107DF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_541b852e76903c5b\services.exe.mui
[2009/07/13 20:08:42 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D08F9475A0A87D2D9A6870B61C3092E1 -- C:\Windows\SysNative\zh-TW\services.exe.mui
[2009/07/13 20:08:42 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D08F9475A0A87D2D9A6870B61C3092E1 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_2974e0822438eaea\services.exe.mui
[2009/07/13 18:53:38 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=D6C519FD0BF69F3265646DAFC3547BA9 -- C:\Windows\SysNative\sr-Latn-CS\services.exe.mui
[2009/07/13 18:53:38 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=D6C519FD0BF69F3265646DAFC3547BA9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4cc9f369ffb79864\services.exe.mui
[2009/07/13 18:55:22 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=E0D92FB3A7311468FFAA5EED4F3196E6 -- C:\Windows\SysNative\et-EE\services.exe.mui
[2009/07/13 18:55:22 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=E0D92FB3A7311468FFAA5EED4F3196E6 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_bf7d613243d3029c\services.exe.mui
[2009/07/13 19:04:24 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E9D0900772B52AB3F1B0EA2BB08C4E6C -- C:\Windows\SysNative\ar-SA\services.exe.mui
[2009/07/13 19:04:24 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E9D0900772B52AB3F1B0EA2BB08C4E6C -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_3152953e7aa3aa88\services.exe.mui
[2009/07/13 19:07:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=EB63EE0FD3C4826F45845C6E83058570 -- C:\Windows\SysNative\ru-RU\services.exe.mui
[2009/07/13 19:07:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=EB63EE0FD3C4826F45845C6E83058570 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_0f13507290ab300f\services.exe.mui
[2009/07/13 18:59:22 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=EBD7B77F4CAF420799840882B179ADC6 -- C:\Windows\SysNative\es-ES\services.exe.mui
[2009/07/13 18:59:22 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=EBD7B77F4CAF420799840882B179ADC6 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5bd95a23fcd260d\services.exe.mui
[2009/07/13 19:08:26 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui
[2009/07/13 19:08:26 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui
[2009/07/13 18:53:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F8127D4883A37938A3DD86F0D7EB086A -- C:\Windows\SysNative\uk-UA\services.exe.mui
[2009/07/13 18:53:38 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F8127D4883A37938A3DD86F0D7EB086A -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_effb67d56dc162a7\services.exe.mui

< MD5 for: SERVICES.JS >
[2013/03/07 17:23:26 | 000,001,083 | ---- | M] () MD5=18272708A717583EBB2AE9712FDA65CD -- C:\Program Files (x86)\Microsoft\BingDesktop\Apps\runtime\mocks\services.js

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 18:51:46 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\SysNative\he-IL\services.msc
[2009/07/13 18:39:56 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\SysWOW64\he-IL\services.msc
[2009/07/13 18:51:46 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_he-il_e6d6832eef77d750\services.msc
[2009/07/13 18:39:56 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_he-il_8ab7e7ab371a661a\services.msc
[2009/07/13 18:55:24 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysNative\it-IT\services.msc
[2009/07/13 18:35:22 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysWOW64\it-IT\services.msc
[2009/07/13 18:55:24 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cded1d3e03abbe0\services.msc
[2009/07/13 18:35:22 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_30c0365027dd4aaa\services.msc
[2009/07/13 18:56:12 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysNative\fr-FR\services.msc
[2009/07/13 18:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysWOW64\fr-FR\services.msc
[2009/07/13 18:56:12 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2b6db8d0908d662\services.msc
[2009/07/13 18:36:16 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/07/13 19:03:56 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\SysNative\ru-RU\services.msc
[2009/07/13 18:36:10 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\SysWOW64\ru-RU\services.msc
[2009/07/13 19:03:56 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_4955205e6714ca02\services.msc
[2009/07/13 18:36:10 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ed3684daaeb758cc\services.msc
[2009/07/13 18:59:12 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysNative\da-DK\services.msc
[2009/07/13 18:41:10 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysWOW64\da-DK\services.msc
[2009/07/13 18:59:12 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_5a179d75255b6dfc\services.msc
[2009/07/13 18:41:10 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_fdf901f16cfdfcc6\services.msc
[2009/07/13 18:59:42 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\SysNative\nb-NO\services.msc
[2009/07/13 18:32:32 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\SysWOW64\nb-NO\services.msc
[2009/07/13 18:59:42 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_bb00aeca9debc08d\services.msc
[2009/07/13 18:32:32 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_5ee21346e58e4f57\services.msc
[2009/07/13 18:55:46 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\SysNative\sv-SE\services.msc
[2009/07/13 18:43:06 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\SysWOW64\sv-SE\services.msc
[2009/07/13 18:55:46 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_e5500ad35e3dd45d\services.msc
[2009/07/13 18:43:06 | 000,092,744 | ---- | M] () MD5=6DCF2D33F252AA7C694AFE0848D9F066 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_89316f4fa5e06327\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 19:03:38 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc
[2009/07/13 18:43:52 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc
[2009/07/13 19:03:38 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc
[2009/07/13 18:43:52 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc
[2009/07/13 20:11:30 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\SysNative\zh-CN\services.msc
[2009/07/13 19:49:54 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\SysWOW64\zh-CN\services.msc
[2009/07/13 20:11:30 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_5fba7317fd31a86d\services.msc
[2009/07/13 19:49:54 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_039bd79444d43737\services.msc
[2009/07/13 18:55:20 | 000,092,783 | ---- | M] () MD5=83D67501F523432693756799EEA7F1A0 -- C:\Windows\SysNative\cs-CZ\services.msc
[2009/07/13 18:35:18 | 000,092,783 | ---- | M] () MD5=83D67501F523432693756799EEA7F1A0 -- C:\Windows\SysWOW64\cs-CZ\services.msc
[2009/07/13 18:55:20 | 000,092,783 | ---- | M] () MD5=83D67501F523432693756799EEA7F1A0 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_bcddbd4e2f1571fd\services.msc
[2009/07/13 18:35:18 | 000,092,783 | ---- | M] () MD5=83D67501F523432693756799EEA7F1A0 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_60bf21ca76b800c7\services.msc
[2009/07/13 18:59:34 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\SysNative\fi-FI\services.msc
[2009/07/13 18:39:12 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\SysWOW64\fi-FI\services.msc
[2009/07/13 18:59:34 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_9f1a6a3b0b50b22a\services.msc
[2009/07/13 18:39:12 | 000,092,750 | ---- | M] () MD5=8A6DD808404612551AEC9BD5C6D88208 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_42fbceb752f340f4\services.msc
[2009/07/13 19:00:06 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\SysNative\ar-SA\services.msc
[2009/07/13 18:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\SysWOW64\ar-SA\services.msc
[2009/07/13 19:00:06 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_6b94652a510d447b\services.msc
[2009/07/13 18:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_0f75c9a698afd345\services.msc
[2009/07/13 20:05:18 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\SysNative\zh-TW\services.msc
[2009/07/13 19:55:40 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\SysWOW64\zh-TW\services.msc
[2009/07/13 20:05:18 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_63b6b06dfaa284dd\services.msc
[2009/07/13 19:55:40 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_079814ea424513a7\services.msc
[2009/07/13 19:02:30 | 000,092,763 | ---- | M] () MD5=8EF69E13C021F7C1D060E22019990830 -- C:\Windows\SysNative\hu-HU\services.msc
[2009/07/13 18:44:10 | 000,092,763 | ---- | M] () MD5=8EF69E13C021F7C1D060E22019990830 -- C:\Windows\SysWOW64\hu-HU\services.msc
[2009/07/13 19:02:30 | 000,092,763 | ---- | M] () MD5=8EF69E13C021F7C1D060E22019990830 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_ea275bd4ed68a57e\services.msc
[2009/07/13 18:44:10 | 000,092,763 | ---- | M] () MD5=8EF69E13C021F7C1D060E22019990830 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_8e08c051350b3448\services.msc
[2009/07/13 18:59:38 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\SysNative\el-GR\services.msc
[2009/07/13 18:31:56 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\SysWOW64\el-GR\services.msc
[2009/07/13 18:59:38 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_ffd9604416472b24\services.msc
[2009/07/13 18:31:56 | 000,092,794 | ---- | M] () MD5=986A55E3C6B948BD2809C14D0FBB6825 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_a3bac4c05de9b9ee\services.msc
[2009/07/13 18:54:14 | 000,092,758 | ---- | M] () MD5=A513B67E9C7A17FEE1126FDD0677434E -- C:\Windows\SysNative\tr-TR\services.msc
[2009/07/13 18:45:44 | 000,092,758 | ---- | M] () MD5=A513B67E9C7A17FEE1126FDD0677434E -- C:\Windows\SysWOW64\tr-TR\services.msc
[2009/07/13 18:54:14 | 000,092,758 | ---- | M] () MD5=A513B67E9C7A17FEE1126FDD0677434E -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_8e5d551a4cf9d64e\services.msc
[2009/07/13 18:45:44 | 000,092,758 | ---- | M] () MD5=A513B67E9C7A17FEE1126FDD0677434E -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_323eb996949c6518\services.msc
[2009/07/13 18:54:02 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\SysNative\pl-PL\services.msc
[2009/07/13 18:37:46 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\SysWOW64\pl-PL\services.msc
[2009/07/13 18:54:02 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_ff7c548a843a3816\services.msc
[2009/07/13 18:37:46 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_a35db906cbdcc6e0\services.msc
[2009/07/13 19:02:40 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\SysNative\es-ES\services.msc
[2009/07/13 18:35:32 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\SysWOW64\es-ES\services.msc
[2009/07/13 19:02:40 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ffff658e1636c000\services.msc
[2009/07/13 18:35:32 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3e0ca0a5dd94eca\services.msc
[2009/07/13 19:02:28 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\SysNative\pt-PT\services.msc
[2009/07/13 18:44:26 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\SysWOW64\pt-PT\services.msc
[2009/07/13 19:02:28 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_02b20e9a82333bd6\services.msc
[2009/07/13 18:44:26 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_a6937316c9d5caa0\services.msc
[2009/07/13 18:54:28 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysNative\pt-BR\services.msc
[2009/07/13 18:46:26 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysWOW64\pt-BR\services.msc
[2009/07/13 18:54:28 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01d03f2e82c3cbfa\services.msc
[2009/07/13 18:46:26 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
[2009/07/13 19:11:32 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\SysNative\ja-JP\services.msc
[2009/07/13 19:29:36 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\SysWOW64\ja-JP\services.msc
[2009/07/13 19:11:32 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2f0450e0d355cdbb\services.msc
[2009/07/13 19:29:36 | 000,092,779 | ---- | M] () MD5=DD14A9FE7CD992573F40FC169551BBAB -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d2e5b55d1af85c85\services.msc
[2009/07/13 18:46:50 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysNative\nl-NL\services.msc
[2009/07/13 18:45:48 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysWOW64\nl-NL\services.msc
[2009/07/13 18:46:50 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_b93ffa089f17ca62\services.msc
[2009/07/13 18:45:48 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_5d215e84e6ba592c\services.msc
[2009/07/13 20:05:18 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\SysNative\ko-KR\services.msc
[2009/07/13 19:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\SysWOW64\ko-KR\services.msc
[2009/07/13 20:05:18 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_d26e2d95c5c694d1\services.msc
[2009/07/13 19:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_764f92120d69239b\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

STEP 4:
OTL Extras logfile created on: 3/14/2013 12:11:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.13 Gb Available Physical Memory | 82.18% Memory free
31.96 Gb Paging File | 29.13 Gb Available in Paging File | 91.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.64 Gb Total Space | 258.41 Gb Free Space | 36.99% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 145.82 Gb Free Space | 15.65% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 94.86 Gb Free Space | 40.74% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 70.95 Gb Free Space | 30.47% Space Free | Partition Type: NTFS

Computer Name: MARCUS-CUSTOM | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{03EFC5C9-E507-4A80-A7E4-A67AAE976446}" = KMEM v1.1.2 for FSX
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{31CE1406-5C12-44C5-B6C5-0F55F2039DE3}" = AVG 2012
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B9AE6C1-60A6-483D-8C47-69CA0E995A08}" = KLAX v1.1.2 for FSX
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}" = Smart Technology Programming Software 7.0.2.7
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B408139D-04D6-4464-A979-D335E48F7063}" = NaturalPoint USB Drivers x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Celemony Melodyne_is1" = Celemony Melodyne version 2.1
"EVGA E-LEET TUNING UTILITY_is1" = EVGA E-LEET TUNING UTILITY 1.10.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02F744CB-0E04-40DA-A50C-58F49D8E5A0C}_is1" = CaptainSim 727 PRO FULL PACK 2.1
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{05997FF8-244D-474F-89C1-42B4F734B578}" = Real Environment Xtreme for X-Plane
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C5E2C25-5095-4160-9CAC-DD731863EEFE}" = PMDGMD11XF_PW_5XF
"{1ED28734-E9EF-4DF5-A0EB-7EAFC97B6B02}" = Saitek Pro Flight Panels 6.6.6.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22DA31EE-2DEA-4DB7-9301-3222F91826F7}" = PMDGMD11XF_PW_FXF
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2a58f1bf-a8fe-4f80-81e9-3bdefc981713}" = TrackIR 5
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A8DED06-80E7-4555-AA1F-FF4A2A4D353C}" = Aerosoft's - DHC-6 Twin Otter X
"{3D88DF20-8778-422F-933D-4C4D74210045}" = Aerosoft's - Anchorage X
"{415826DA-CC9C-4836-AFDB-E67104272C52}" = PMDGMD11X_PW_DL2
"{433974CD-9707-489F-8C06-DFFC23C65C68}" = PMDGMD11X_GE_KL
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4843A9B1-335C-4a13-8CFC-9B986AEBE1E2}_is1" = :spam: Video Converter 6.1.32
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66EBD70F-A42C-475F-AEDF-277378151033}" = Nero 7 Essentials
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}" = Aerosoft's - Manhattan X
"{70389F30-F9E7-4D46-89F5-08A1196A161E}" = The Movies™ - Bonus Costumes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757F55B9-A5B6-41D6-A126-2B1C0066EA91}" = Aerosoft's - AspenX
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E2A370A-C3CC-4C15-BA51-81500F451D77}" = PMDG_BAe_JS4100_DH
"{8F00580B-19EC-4709-896D-D21E542630DD}" = Aerosoft's - Piper Cheyenne FSX
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93878DDD-E621-4AFF-8203-2658451A3636}" = EuroScope 3.1d
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97C97546-024D-40E1-A16E-255C3BAAAC16}" = PMDGMD11X_GE_CO
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{986D9CAB-8D68-462C-A408-3B254362A6F5}" = PMDG_BAe_JS4100_AX4
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA
"{9EB00E7F-336D-4D51-A0B0-CA2A12A8397A}_is1" = CLS Repaint Manager version 1.0
"{9F6688C3-FE8A-4F13-8162-E5DEAE6F0980}_is1" = 1.1
"{A4095642-9995-42B1-B589-D8E7AD6B11DA}" = Just Flight - Air Hauler
"{A47FC79E-FEC9-4E55-8317-538E8D3647F8}" = X Graphics
"{A663BED9-978C-4A04-82A3-3029245055BE}" = Aerosoft's - F-16 Fighting Falcon
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C7C8A6-22A5-2012-8E5A-F77D709A9489}_is1" = Active Sky 2012
"{A9FF3B7B-F4BC-4F74-AF6B-BC4925682D3D}" = aerosoft's - USCitiesX - Chicago
"{ABB4DB59-0284-414D-9346-4992E1856E7F}" = PMDGMD11X_GE_AA
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended
"{AE7D97BE-1BCE-4F9A-B892-80C285F05933}" = PMDGMD11X_GE_KL1
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4
"{C1E2F394-F52F-41E9-8D97-1F89AD04147A}" = PMDGMD11X_PW_UA3
"{C1F599B7-17ED-4E3B-8AF2-CE79C7B42BB5}" = WorldACARS
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CBF03F04-7F9F-439F-BA2E-ADD45F494798}_is1" = JRollon Planes CRJ-200 version 1.4.5
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}" = PMDG_MD11_FSX
"{CF56984D-35C6-4ADB-9075-394978A427FB}" = Microsoft Flight Simulator X: Acceleration SDK
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23021A1-F9B5-41DD-8B2E-9F886327E242}" = FS Repaint v2.23
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF91C497-0315-43F9-BB85-24D82FE5B11A}" = aerosoft's - USCitiesX - San Francisco
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1 for FSX
"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0B8271B-1FC0-48AA-A4E7-8991AEDAEC1A}" = Sony DVD Architect Studio 3.0b
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F941AABE-E868-42D9-9F38-884250F7898A}" = aerosoft's - FlightSim Commander 9
"{FB647DBE-2231-405D-AC36-C73246CBE305}" = PMDG BAe JS4100
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"767CAPTAIN" = 767 Captain (767-300 Base Pack)
"ADESetup_is1" = Airport Design Editor Version 1.40.7.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"afxdemo" = AFX Demo
"Airbus X Extended - FSX" = Aerosoft's - Airbus X Extended - FSX
"Aircraft Situation Editor" = Aircraft Situation Editor
"AudioCS" = Creative Audio Control Panel
"AVG Secure Search" = AVG Security Toolbar
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"B200 King Air HD SERIES FSX/P3D" = B200 King Air HD SERIES FSX/P3D
"B752PRO_FSX" = 757-200 Base Pack
"Beech B60 Duke Rip" = Beech B60 Duke Rip
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"C337H SKYMASTER HD SERIES FSX" = C337H SKYMASTER HD SERIES FSX
"C90B King Air HD SERIES FSX" = C90B King Air HD SERIES FSX
"Carenado A36 Bonanza FSX" = Carenado A36 Bonanza FSX
"Carenado Baron 58 FSX" = Carenado Baron 58 FSX
"Carenado C208B Grand Caravan" = Carenado C208B Grand Caravan
"Carenado C340 II FSX" = Carenado C340 II FSX
"Carenado Commander 114 FSX" = Carenado Commander 114 FSX
"Carenado SR22T HD SERIES FSX/P3D" = Carenado SR22T HD SERIES FSX/P3D
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Citation X for FSX" = Citation X for FSX
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"FileZilla Client" = FileZilla Client 3.6.0.2
"FlightBeam San Francisco International FSX 2.0.1" = FlightBeam San Francisco International FSX 2.0.1
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FS Global 2010" = FS Global 2010
"FSFDT FSCopilot" = FSFDT FSCopilot
"FSFDT FSInn" = FSFDT FSInn
"FSX Beechcraft 1900D" = FSX Beechcraft 1900D
"Ground Environment X North America" = Ground Environment X North America
"ieSpell" = ieSpell
"iFly Jets - 737NG for FSX Feature Pack" = iFly Jets - 737NG for FSX Feature Pack
"iFly Jets - The 737NG for FSX" = iFly Jets - The 737NG for FSX
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"JustFlight DC-3 Legends of Flight" = JustFlight DC-3 Legends of Flight
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"MilViz - Northrop T-38 Talon1.1 Full" = MilViz - Northrop T-38 Talon
"MILVIZ F-15E Strike Eagle_is1" = 1.01
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OverlayEditor" = OverlayEditor
"P46T Malibu 1.sp1" = P46T Malibu 1.sp1
"p732" = 737 Captain (737-200) 1.0
"PA32R SARATOGA SP FSX" = PA32R SARATOGA SP FSX
"PA34 200T SENECA II FSX" = PA34 200T SENECA II FSX
"PilotEdge" = PilotEdge
"Pole to Pole FSX" = Pole to Pole FSX
"PolyView" = PolyView 4.45
"PowerISO" = PowerISO
"PrecisionX" = EVGA Precision X 4.0.0
"QualityWings Ultimate 146 Collection FSX" = QualityWings Ultimate 146 Collection FSX
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"ScenalyzerLive" = ScenalyzerLive (remove)
"Sky Simulations DC-9" = Sky Simulations DC-9
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"SysInfo" = Creative System Information
"TWRTrainer" = TWRTrainer
"Uninstaller_B72FF000_Air Hauler" = Air Hauler (Shared Components)
"US Cities X - Las Vegas 1.00" = US Cities X - Las Vegas 1.00
"uTorrent" = µTorrent
"VATSpy" = VAT-Spy
"VLC media player" = VLC media player 2.0.2
"VRC" = VRC
"WinLiveSuite" = Windows Live Essentials
"x701" = 707 Captain (707-300) 1.3
"x702" = 707 Captain (707-300C Expansion Model) 1.3
"X753CAPTAIN_FSX" = 757-300 Expansion Model
"X754CAPTAIN_FSX" = 757 Freighter Captain Expansion Model
"x772" = 777 Captain (777-200) 1.1
"Xtreme FSX PC" = Xtreme FSX PC 2.8.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"097dbf5de184dfda" = FS Economy client for FSX
"0ce75967662162c6" = VideoVelocity 3
"Airbus Series Vol.1 (FS X)" = Airbus Series Vol.1 (FS X)
"Airbus Series Vol.2 (FS X)" = Airbus Series Vol.2 (FS X)
"Carenado C185F SKYWAGON FSX" = Carenado C185F SKYWAGON FSX
"Carenado C208B Super Cargomaster Expansion Pack HD" = Carenado C208B Super Cargomaster Expansion Pack HD
"e16201be0cba039f" = vroute.info premium
"Eaglesoft Development Group Citation CII 1.5 " = Eaglesoft Development Group Citation CII 1.5
"E-Jets Series (FSX)" = E-Jets Series (FSX)
"FeelThere ERJ v.2 SP2" = FeelThere ERJ v.2 SP2
"Flight Replicas Super Cub - Complete for FSX" = Flight Replicas Super Cub - Complete for FSX
"FSX Repaint Manager" = FSX Repaint Manager
"PA-28-181 ARCHER II FSX" = PA-28-181 ARCHER II FSX
"PMDG 747X World Airliners COMBI v1.0b000" = PMDG 747X World Airliners COMBI v1.0b000
"PMDG MD11 World Airliners 1 v1.0b011" = PMDG MD11 World Airliners 1 v1.0b011
"PMDG MD11 World Airliners 3 v1.0b003" = PMDG MD11 World Airliners 3 v1.0b003
"PMDG MD11 World Airliners 4 v1.1b002" = PMDG MD11 World Airliners 4 v1.1b002
"Quest Kodiak 2.4b" = Quest Kodiak 2.4b
"Ultimate Airliners - Super 80 Professional" = Ultimate Airliners - Super 80 Professional
"Ultimate Terrain X - USA" = Ultimate Terrain X - USA

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2013 3:07:01 AM | Computer Name = Marcus-Custom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9907

Error - 3/12/2013 5:12:58 PM | Computer Name = Marcus-Custom | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2013 11:37:40 AM | Computer Name = Marcus-Custom | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2013 2:59:28 PM | Computer Name = Marcus-Custom | Source = AirHauler1.54 (SP4.1) | ID = 0
Description = AC Parsing: Empty path name is not legal. mscorlib

Error - 3/13/2013 3:00:53 PM | Computer Name = Marcus-Custom | Source = AirHauler1.54 (SP4.1) | ID = 0
Description = AC Parsing: Empty path name is not legal. mscorlib

Error - 3/13/2013 3:23:21 PM | Computer Name = Marcus-Custom | Source = AirHauler1.54 (SP4.1) | ID = 0
Description = AC Parsing: Empty path name is not legal. mscorlib

Error - 3/13/2013 10:06:33 PM | Computer Name = Marcus-Custom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/13/2013 10:06:33 PM | Computer Name = Marcus-Custom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9969

Error - 3/13/2013 10:06:33 PM | Computer Name = Marcus-Custom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9969

Error - 3/14/2013 1:32:59 PM | Computer Name = Marcus-Custom | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2013 1:45:32 PM | Computer Name = Marcus-Custom | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/30/2012 4:00:52 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/30/2012 4:00:52 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/30/2012 4:00:52 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/30/2012 4:02:35 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/30/2012 4:07:04 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/30/2012 4:07:05 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/30/2012 7:51:31 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/30/2012 7:51:31 PM | Computer Name = Marcus-Custom | Source = DCOM | ID = 10005
Description =

Error - 10/30/2012 7:51:31 PM | Computer Name = Marcus-Custom | Source = DCOM | ID = 10005
Description =

Error - 10/30/2012 7:56:19 PM | Computer Name = Marcus-Custom | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060


< End of report >


STEP 5:
APOMngr.DLL gave no results
CmdRtr.DLL gave no results
wpcap.dll gave no results
Packet.dll gave no results
npf.sys gave no results
mvalkdj.dll gave:
Agnitum Packed/Execryptor 20130318
CAT-QuickHeal (Suspicious) - DNAScan 20130318
Malwarebytes Trojan.Scar 20130318
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.C!81 20130318
TrendMicro-HouseCall TROJ_GEN.F47V0725 20130318
  • 0

#5
godawgs
Posted 18 March 2013 - 01:53 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.


Step-1.

Malicious program uninstalls and Optional Removals


1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

uTorrent

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\Marcus\AppData\Roaming\uTorrent

2. Close Windows Explorer.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 64bits (x64) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Do Not fix anything at this time.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The aswMBR log
2. The RKreport.txt log
3. The AdwCleaner[R1].txt log
  • 0

#6
Marcusmmc23
Posted 18 March 2013 - 07:55 PM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thank you very much for taking the time to help not only me but all you do.

1. The aswMBR log
Attached

2. The RKreport.txt log
Attached

3. The AdwCleaner[R1].txt log
Attached

Thanks again.

Attached Files


  • 0

#7
godawgs
Posted 19 March 2013 - 05:09 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thank you very much for taking the time to help not only me but all you do.

You are welcome.

In the future please do not attach files unless I request that. It makes them harder to research. Just copy and paste them into your reply.

aswMBR found an unknown sptd.sys file. This is most likely related to a CD/DVD emulating program, or programs like Daemon tools or Alcohol120. And there are some internet service providers that use that file with their trouble shooting programs. We will run an ARK tool to make sure.

Rogue Killer didn't show anything that needed attention. But AdwCleaner did.


Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Vista and 7 users: Right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-2.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Right click on TDSSKiller.exe and click Run as Administrator to run the application, then click on Change parameters. (See the image below)

    Posted Image
  • Make sure the boxes under Objects to scan are checked like the image below.
  • In the Additionak options section, check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system. (See the image below)

    Posted Image
  • Click OK
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by clicking Report

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S1].txt log
2. The TDSSKiller log
3. The FSS.txt log
  • 0

#8
Marcusmmc23
Posted 19 March 2013 - 10:42 AM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
The AdwCleaner has been running for almost 3 hours and hasn't shown progress past about 10-15%. Is this normal?
  • 0

#9
Marcusmmc23
Posted 19 March 2013 - 11:49 AM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
1. The AdwCleaner[S1].txt log

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 11:30:01
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (64 bits)
# User : Marcus - MARCUS-CUSTOM
# Boot Mode : Normal
# Running from : C:\Users\Marcus\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Users\Marcus\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Marcus\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [358 octets] - [19/03/2013 08:54:58]
AdwCleaner[S2].txt - [5591 octets] - [19/03/2013 11:30:01]

########## EOF - C:\AdwCleaner[S2].txt - [5651 octets] ##########


2. The TDSSKiller log

11:37:51.0603 3768 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:37:52.0613 3768 ============================================================
11:37:52.0613 3768 Current date / time: 2013/03/19 11:37:52.0613
11:37:52.0613 3768 SystemInfo:
11:37:52.0613 3768
11:37:52.0613 3768 OS Version: 6.1.7601 ServicePack: 1.0
11:37:52.0613 3768 Product type: Workstation
11:37:52.0613 3768 ComputerName: MARCUS-CUSTOM
11:37:52.0613 3768 UserName: Marcus
11:37:52.0613 3768 Windows directory: C:\Windows
11:37:52.0613 3768 System windows directory: C:\Windows
11:37:52.0613 3768 Running under WOW64
11:37:52.0613 3768 Processor architecture: Intel x64
11:37:52.0613 3768 Number of processors: 4
11:37:52.0613 3768 Page size: 0x1000
11:37:52.0613 3768 Boot type: Normal boot
11:37:52.0613 3768 ============================================================
11:37:54.0414 3768 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:37:54.0424 3768 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:37:54.0444 3768 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:37:54.0444 3768 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:37:54.0454 3768 ============================================================
11:37:54.0454 3768 \Device\Harddisk2\DR2:
11:37:54.0454 3768 MBR partitions:
11:37:54.0454 3768 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
11:37:54.0454 3768 \Device\Harddisk3\DR3:
11:37:54.0454 3768 MBR partitions:
11:37:54.0454 3768 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
11:37:54.0454 3768 \Device\Harddisk0\DR0:
11:37:54.0454 3768 MBR partitions:
11:37:54.0454 3768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1A8800
11:37:54.0454 3768 \Device\Harddisk1\DR1:
11:37:54.0454 3768 MBR partitions:
11:37:54.0454 3768 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1A8000
11:37:54.0454 3768 ============================================================
11:37:54.0464 3768 C: <-> \Device\Harddisk2\DR2\Partition1
11:37:54.0484 3768 D: <-> \Device\Harddisk3\DR3\Partition1
11:37:54.0504 3768 E: <-> \Device\Harddisk0\DR0\Partition1
11:37:54.0514 3768 F: <-> \Device\Harddisk1\DR1\Partition1
11:37:54.0514 3768 ============================================================
11:37:54.0514 3768 Initialize success
11:37:54.0514 3768 ============================================================
11:38:21.0846 2924 ============================================================
11:38:21.0846 2924 Scan started
11:38:21.0846 2924 Mode: Manual; SigCheck; TDLFS;
11:38:21.0846 2924 ============================================================
11:38:23.0296 2924 ================ Scan system memory ========================
11:38:23.0296 2924 System memory - ok
11:38:23.0296 2924 ================ Scan services =============================
11:38:23.0456 2924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:38:23.0556 2924 1394ohci - ok
11:38:23.0596 2924 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
11:38:23.0656 2924 61883 - ok
11:38:23.0686 2924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:38:23.0706 2924 ACPI - ok
11:38:23.0726 2924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:38:23.0786 2924 AcpiPmi - ok
11:38:23.0846 2924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:38:23.0866 2924 adp94xx - ok
11:38:23.0876 2924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:38:23.0896 2924 adpahci - ok
11:38:23.0906 2924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:38:23.0916 2924 adpu320 - ok
11:38:23.0946 2924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:38:24.0066 2924 AeLookupSvc - ok
11:38:24.0106 2924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:38:24.0166 2924 AFD - ok
11:38:24.0196 2924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:38:24.0206 2924 agp440 - ok
11:38:24.0226 2924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:38:24.0256 2924 ALG - ok
11:38:24.0266 2924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:38:24.0276 2924 aliide - ok
11:38:24.0286 2924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:38:24.0286 2924 amdide - ok
11:38:24.0296 2924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:38:24.0336 2924 AmdK8 - ok
11:38:24.0346 2924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:38:24.0376 2924 AmdPPM - ok
11:38:24.0416 2924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:38:24.0436 2924 amdsata - ok
11:38:24.0446 2924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:38:24.0466 2924 amdsbs - ok
11:38:24.0476 2924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:38:24.0486 2924 amdxata - ok
11:38:24.0516 2924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:38:24.0626 2924 AppID - ok
11:38:24.0646 2924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:38:24.0696 2924 AppIDSvc - ok
11:38:24.0746 2924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:38:24.0806 2924 Appinfo - ok
11:38:24.0926 2924 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:38:24.0936 2924 Apple Mobile Device - ok
11:38:24.0976 2924 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:38:25.0016 2924 AppMgmt - ok
11:38:25.0046 2924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:38:25.0066 2924 arc - ok
11:38:25.0076 2924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:38:25.0086 2924 arcsas - ok
11:38:25.0206 2924 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:38:25.0236 2924 aspnet_state - ok
11:38:25.0266 2924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:38:25.0326 2924 AsyncMac - ok
11:38:25.0356 2924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:38:25.0366 2924 atapi - ok
11:38:25.0416 2924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:38:25.0476 2924 AudioEndpointBuilder - ok
11:38:25.0496 2924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:38:25.0526 2924 AudioSrv - ok
11:38:25.0546 2924 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
11:38:25.0576 2924 Avc - ok
11:38:25.0626 2924 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
11:38:25.0636 2924 Avgfwfd - ok
11:38:25.0726 2924 [ 6C469E3CB15CF33AD3E757096E6C7026 ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
11:38:25.0766 2924 avgfws - ok
11:38:25.0866 2924 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
11:38:25.0916 2924 AVGIDSAgent - ok
11:38:25.0936 2924 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:38:25.0936 2924 AVGIDSDriver - ok
11:38:25.0956 2924 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:38:25.0956 2924 AVGIDSFilter - ok
11:38:25.0976 2924 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
11:38:25.0986 2924 AVGIDSHA - ok
11:38:26.0006 2924 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
11:38:26.0006 2924 Avgldx64 - ok
11:38:26.0016 2924 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
11:38:26.0026 2924 Avgmfx64 - ok
11:38:26.0036 2924 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
11:38:26.0046 2924 Avgrkx64 - ok
11:38:26.0056 2924 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
11:38:26.0066 2924 Avgtdia - ok
11:38:26.0106 2924 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
11:38:26.0126 2924 avgtp - ok
11:38:26.0156 2924 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:38:26.0166 2924 avgwd - ok
11:38:26.0196 2924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:38:26.0266 2924 AxInstSV - ok
11:38:26.0296 2924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:38:26.0346 2924 b06bdrv - ok
11:38:26.0376 2924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:38:26.0406 2924 b57nd60a - ok
11:38:26.0456 2924 [ 44E6E51AEDBF3E0B38A6CD5432649E57 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
11:38:26.0496 2924 BCMH43XX - ok
11:38:26.0526 2924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:38:26.0566 2924 BDESVC - ok
11:38:26.0576 2924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:38:26.0626 2924 Beep - ok
11:38:26.0697 2924 [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
11:38:26.0717 2924 BingDesktopUpdate - ok
11:38:26.0757 2924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:38:26.0827 2924 BITS - ok
11:38:26.0837 2924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:38:26.0867 2924 blbdrive - ok
11:38:26.0957 2924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:38:26.0977 2924 Bonjour Service - ok
11:38:27.0007 2924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:38:27.0047 2924 bowser - ok
11:38:27.0067 2924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:38:27.0097 2924 BrFiltLo - ok
11:38:27.0117 2924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:38:27.0147 2924 BrFiltUp - ok
11:38:27.0177 2924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:38:27.0217 2924 Browser - ok
11:38:27.0247 2924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:38:27.0327 2924 Brserid - ok
11:38:27.0337 2924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:38:27.0367 2924 BrSerWdm - ok
11:38:27.0387 2924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:38:27.0417 2924 BrUsbMdm - ok
11:38:27.0437 2924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:38:27.0467 2924 BrUsbSer - ok
11:38:27.0487 2924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:38:27.0527 2924 BTHMODEM - ok
11:38:27.0567 2924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:38:27.0617 2924 bthserv - ok
11:38:27.0647 2924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:38:27.0697 2924 cdfs - ok
11:38:27.0737 2924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:38:27.0767 2924 cdrom - ok
11:38:27.0817 2924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:38:27.0857 2924 CertPropSvc - ok
11:38:27.0867 2924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:38:27.0887 2924 circlass - ok
11:38:27.0937 2924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:38:27.0947 2924 CLFS - ok
11:38:28.0047 2924 [ 4AA6694FB767BBFF6A8EF080806447BD ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
11:38:28.0057 2924 CLHNServiceForPowerDVD - ok
11:38:28.0117 2924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:38:28.0127 2924 clr_optimization_v2.0.50727_32 - ok
11:38:28.0187 2924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:38:28.0197 2924 clr_optimization_v2.0.50727_64 - ok
11:38:28.0277 2924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:38:28.0377 2924 clr_optimization_v4.0.30319_32 - ok
11:38:28.0397 2924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:38:28.0437 2924 clr_optimization_v4.0.30319_64 - ok
11:38:28.0467 2924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:38:28.0497 2924 CmBatt - ok
11:38:28.0527 2924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:38:28.0547 2924 cmdide - ok
11:38:28.0587 2924 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
11:38:28.0617 2924 CNG - ok
11:38:28.0647 2924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:38:28.0667 2924 Compbatt - ok
11:38:28.0697 2924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:38:28.0727 2924 CompositeBus - ok
11:38:28.0747 2924 COMSysApp - ok
11:38:28.0787 2924 [ CCB09EB78E047C931708149992C2E435 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
11:38:28.0807 2924 cpuz135 - ok
11:38:28.0807 2924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:38:28.0827 2924 crcdisk - ok
11:38:28.0867 2924 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
11:38:28.0887 2924 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:38:28.0887 2924 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:38:28.0907 2924 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:38:28.0927 2924 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:38:28.0927 2924 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:38:28.0957 2924 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:38:29.0007 2924 CryptSvc - ok
11:38:29.0057 2924 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:38:29.0107 2924 CSC - ok
11:38:29.0147 2924 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:38:29.0187 2924 CscService - ok
11:38:29.0217 2924 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
11:38:29.0237 2924 CT20XUT - ok
11:38:29.0257 2924 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
11:38:29.0267 2924 CT20XUT.SYS - ok
11:38:29.0307 2924 [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
11:38:29.0327 2924 ctac32k - ok
11:38:29.0347 2924 [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
11:38:29.0367 2924 ctaud2k - ok
11:38:29.0437 2924 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
11:38:29.0467 2924 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
11:38:29.0467 2924 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
11:38:29.0497 2924 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
11:38:29.0527 2924 CTEXFIFX - ok
11:38:29.0557 2924 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
11:38:29.0567 2924 CTEXFIFX.SYS - ok
11:38:29.0577 2924 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
11:38:29.0577 2924 CTHWIUT - ok
11:38:29.0587 2924 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
11:38:29.0587 2924 CTHWIUT.SYS - ok
11:38:29.0597 2924 [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
11:38:29.0607 2924 ctprxy2k - ok
11:38:29.0617 2924 [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
11:38:29.0617 2924 ctsfm2k - ok
11:38:29.0677 2924 [ D3484412EAE43685E3AD304C9979F30E ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
11:38:29.0687 2924 CyberLink PowerDVD 11.0 Monitor Service - ok
11:38:29.0717 2924 [ 4B0F03AF88FF89441EF57175849C3961 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
11:38:29.0737 2924 CyberLink PowerDVD 11.0 Service - ok
11:38:29.0777 2924 [ BA25D4B9B067248F7CAC416E855D706B ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:38:29.0797 2924 dc3d - ok
11:38:29.0847 2924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:38:29.0917 2924 DcomLaunch - ok
11:38:29.0967 2924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:38:30.0017 2924 defragsvc - ok
11:38:30.0047 2924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:38:30.0077 2924 DfsC - ok
11:38:30.0127 2924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:38:30.0167 2924 Dhcp - ok
11:38:30.0197 2924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:38:30.0257 2924 discache - ok
11:38:30.0287 2924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:38:30.0297 2924 Disk - ok
11:38:30.0327 2924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:38:30.0377 2924 Dnscache - ok
11:38:30.0397 2924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:38:30.0447 2924 dot3svc - ok
11:38:30.0467 2924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:38:30.0537 2924 DPS - ok
11:38:30.0577 2924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:38:30.0607 2924 drmkaud - ok
11:38:30.0647 2924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:38:30.0667 2924 DXGKrnl - ok
11:38:30.0727 2924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:38:30.0787 2924 EapHost - ok
11:38:30.0837 2924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:38:30.0937 2924 ebdrv - ok
11:38:30.0967 2924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:38:31.0007 2924 EFS - ok
11:38:31.0107 2924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:38:31.0147 2924 ehRecvr - ok
11:38:31.0177 2924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:38:31.0257 2924 ehSched - ok
11:38:31.0387 2924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:38:31.0417 2924 elxstor - ok
11:38:31.0447 2924 [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia C:\Windows\system32\drivers\emupia2k.sys
11:38:31.0447 2924 emupia - ok
11:38:31.0457 2924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:38:31.0477 2924 ErrDev - ok
11:38:31.0517 2924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:38:31.0577 2924 EventSystem - ok
11:38:31.0667 2924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:38:31.0707 2924 exfat - ok
11:38:31.0727 2924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:38:31.0797 2924 fastfat - ok
11:38:31.0857 2924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:38:31.0917 2924 Fax - ok
11:38:31.0957 2924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:38:32.0007 2924 fdc - ok
11:38:32.0067 2924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:38:32.0127 2924 fdPHost - ok
11:38:32.0147 2924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:38:32.0197 2924 FDResPub - ok
11:38:32.0217 2924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:38:32.0227 2924 FileInfo - ok
11:38:32.0237 2924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:38:32.0267 2924 Filetrace - ok
11:38:32.0317 2924 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:38:32.0337 2924 FLEXnet Licensing Service - ok
11:38:32.0347 2924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:38:32.0367 2924 flpydisk - ok
11:38:32.0407 2924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:38:32.0417 2924 FltMgr - ok
11:38:32.0457 2924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:38:32.0537 2924 FontCache - ok
11:38:32.0637 2924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:38:32.0647 2924 FontCache3.0.0.0 - ok
11:38:32.0657 2924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:38:32.0677 2924 FsDepends - ok
11:38:32.0717 2924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:38:32.0737 2924 Fs_Rec - ok
11:38:32.0797 2924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:38:32.0817 2924 fvevol - ok
11:38:32.0847 2924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:38:32.0857 2924 gagp30kx - ok
11:38:32.0897 2924 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:38:32.0907 2924 GEARAspiWDM - ok
11:38:33.0047 2924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:38:33.0117 2924 gpsvc - ok
11:38:33.0367 2924 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:38:33.0377 2924 gupdate - ok
11:38:33.0447 2924 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:38:33.0457 2924 gupdatem - ok
11:38:33.0537 2924 [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
11:38:33.0557 2924 ha20x22k - ok
11:38:33.0607 2924 [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
11:38:33.0637 2924 ha20x2k - ok
11:38:33.0687 2924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:38:33.0767 2924 hcw85cir - ok
11:38:33.0887 2924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:38:33.0927 2924 HdAudAddService - ok
11:38:33.0967 2924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:38:34.0007 2924 HDAudBus - ok
11:38:34.0037 2924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:38:34.0067 2924 HidBatt - ok
11:38:34.0077 2924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:38:34.0107 2924 HidBth - ok
11:38:34.0127 2924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:38:34.0157 2924 HidIr - ok
11:38:34.0177 2924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:38:34.0237 2924 hidserv - ok
11:38:34.0287 2924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:38:34.0307 2924 HidUsb - ok
11:38:34.0367 2924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:38:34.0417 2924 hkmsvc - ok
11:38:34.0447 2924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:38:34.0487 2924 HomeGroupListener - ok
11:38:34.0517 2924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:38:34.0557 2924 HomeGroupProvider - ok
11:38:34.0587 2924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:38:34.0597 2924 HpSAMD - ok
11:38:34.0637 2924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:38:34.0687 2924 HTTP - ok
11:38:34.0707 2924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:38:34.0717 2924 hwpolicy - ok
11:38:34.0747 2924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:38:34.0767 2924 i8042prt - ok
11:38:34.0797 2924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:38:34.0827 2924 iaStorV - ok
11:38:34.0917 2924 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:38:34.0937 2924 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:38:34.0937 2924 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:38:34.0987 2924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:38:35.0017 2924 idsvc - ok
11:38:35.0047 2924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:38:35.0057 2924 iirsp - ok
11:38:35.0087 2924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:38:35.0157 2924 IKEEXT - ok
11:38:35.0267 2924 [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:38:35.0347 2924 IntcAzAudAddService - ok
11:38:35.0357 2924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:38:35.0367 2924 intelide - ok
11:38:35.0377 2924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:38:35.0407 2924 intelppm - ok
11:38:35.0447 2924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:38:35.0497 2924 IPBusEnum - ok
11:38:35.0517 2924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:38:35.0557 2924 IpFilterDriver - ok
11:38:35.0597 2924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:38:35.0637 2924 IPMIDRV - ok
11:38:35.0657 2924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:38:35.0707 2924 IPNAT - ok
11:38:35.0747 2924 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:38:35.0767 2924 iPod Service - ok
11:38:35.0787 2924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:38:35.0847 2924 IRENUM - ok
11:38:35.0867 2924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:38:35.0887 2924 isapnp - ok
11:38:35.0917 2924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:38:35.0937 2924 iScsiPrt - ok
11:38:35.0987 2924 [ BACBC6BF74BE30CB98DB29AF1FA0EE3C ] Just Flight Limited License Service C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
11:38:36.0007 2924 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - warning
11:38:36.0007 2924 Just Flight Limited License Service - detected UnsignedFile.Multi.Generic (1)
11:38:36.0047 2924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:38:36.0057 2924 kbdclass - ok
11:38:36.0067 2924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:38:36.0097 2924 kbdhid - ok
11:38:36.0107 2924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:38:36.0127 2924 KeyIso - ok
11:38:36.0137 2924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:38:36.0147 2924 KSecDD - ok
11:38:36.0177 2924 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:38:36.0187 2924 KSecPkg - ok
11:38:36.0207 2924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:38:36.0267 2924 ksthunk - ok
11:38:36.0317 2924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:38:36.0367 2924 KtmRm - ok
11:38:36.0417 2924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:38:36.0467 2924 LanmanServer - ok
11:38:36.0497 2924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:38:36.0547 2924 LanmanWorkstation - ok
11:38:36.0577 2924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:38:36.0617 2924 lltdio - ok
11:38:36.0647 2924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:38:36.0687 2924 lltdsvc - ok
11:38:36.0707 2924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:38:36.0727 2924 lmhosts - ok
11:38:36.0787 2924 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:38:36.0807 2924 LMS - ok
11:38:36.0827 2924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:38:36.0837 2924 LSI_FC - ok
11:38:36.0867 2924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:38:36.0887 2924 LSI_SAS - ok
11:38:36.0897 2924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:38:36.0907 2924 LSI_SAS2 - ok
11:38:36.0917 2924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:38:36.0927 2924 LSI_SCSI - ok
11:38:36.0937 2924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:38:36.0977 2924 luafv - ok
11:38:37.0027 2924 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
11:38:37.0037 2924 LVRS64 - ok
11:38:37.0177 2924 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
11:38:37.0337 2924 LVUVC64 - ok
11:38:37.0357 2924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:38:37.0377 2924 Mcx2Svc - ok
11:38:37.0397 2924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:38:37.0397 2924 megasas - ok
11:38:37.0417 2924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:38:37.0427 2924 MegaSR - ok
11:38:37.0457 2924 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:38:37.0467 2924 MEIx64 - ok
11:38:37.0497 2924 [ 8D0E52F36A153D099DE7D5A1E233FAC7 ] mf C:\Windows\system32\DRIVERS\mf.sys
11:38:37.0517 2924 mf - ok
11:38:37.0557 2924 Microsoft SharePoint Workspace Audit Service - ok
11:38:37.0577 2924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:38:37.0627 2924 MMCSS - ok
11:38:37.0637 2924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:38:37.0687 2924 Modem - ok
11:38:37.0717 2924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:38:37.0737 2924 monitor - ok
11:38:37.0787 2924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:38:37.0797 2924 mouclass - ok
11:38:37.0817 2924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:38:37.0847 2924 mouhid - ok
11:38:37.0887 2924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:38:37.0897 2924 mountmgr - ok
11:38:37.0967 2924 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:38:37.0977 2924 MozillaMaintenance - ok
11:38:37.0997 2924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:38:38.0007 2924 mpio - ok
11:38:38.0037 2924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:38:38.0067 2924 mpsdrv - ok
11:38:38.0087 2924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:38:38.0127 2924 MRxDAV - ok
11:38:38.0147 2924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:38:38.0187 2924 mrxsmb - ok
11:38:38.0197 2924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:38:38.0227 2924 mrxsmb10 - ok
11:38:38.0247 2924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:38:38.0277 2924 mrxsmb20 - ok
11:38:38.0307 2924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:38:38.0317 2924 msahci - ok
11:38:38.0347 2924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:38:38.0367 2924 msdsm - ok
11:38:38.0387 2924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:38:38.0417 2924 MSDTC - ok
11:38:38.0447 2924 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
11:38:38.0477 2924 MSDV - ok
11:38:38.0477 2924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:38:38.0527 2924 Msfs - ok
11:38:38.0547 2924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:38:38.0597 2924 mshidkmdf - ok
11:38:38.0617 2924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:38:38.0627 2924 msisadrv - ok
11:38:38.0657 2924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:38:38.0708 2924 MSiSCSI - ok
11:38:38.0718 2924 msiserver - ok
11:38:38.0738 2924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:38:38.0768 2924 MSKSSRV - ok
11:38:38.0788 2924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:38:38.0818 2924 MSPCLOCK - ok
11:38:38.0828 2924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:38:38.0848 2924 MSPQM - ok
11:38:38.0878 2924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:38:38.0898 2924 MsRPC - ok
11:38:38.0908 2924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:38:38.0918 2924 mssmbios - ok
11:38:38.0928 2924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:38:38.0968 2924 MSTEE - ok
11:38:38.0978 2924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:38:39.0008 2924 MTConfig - ok
11:38:39.0028 2924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:38:39.0038 2924 Mup - ok
11:38:39.0068 2924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:38:39.0128 2924 napagent - ok
11:38:39.0178 2924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:38:39.0218 2924 NativeWifiP - ok
11:38:39.0308 2924 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
11:38:39.0338 2924 NBService - ok
11:38:39.0388 2924 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:38:39.0418 2924 NDIS - ok
11:38:39.0428 2924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:38:39.0468 2924 NdisCap - ok
11:38:39.0488 2924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:38:39.0528 2924 NdisTapi - ok
11:38:39.0558 2924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:38:39.0598 2924 Ndisuio - ok
11:38:39.0628 2924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:38:39.0668 2924 NdisWan - ok
11:38:39.0698 2924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:38:39.0758 2924 NDProxy - ok
11:38:39.0768 2924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:38:39.0828 2924 NetBIOS - ok
11:38:39.0848 2924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:38:39.0878 2924 NetBT - ok
11:38:39.0888 2924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:38:39.0898 2924 Netlogon - ok
11:38:39.0928 2924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:38:39.0978 2924 Netman - ok
11:38:40.0028 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:40.0078 2924 NetMsmqActivator - ok
11:38:40.0088 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:40.0098 2924 NetPipeActivator - ok
11:38:40.0118 2924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:38:40.0178 2924 netprofm - ok
11:38:40.0178 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:40.0188 2924 NetTcpActivator - ok
11:38:40.0188 2924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:40.0198 2924 NetTcpPortSharing - ok
11:38:40.0218 2924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:38:40.0218 2924 nfrd960 - ok
11:38:40.0258 2924 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:38:40.0308 2924 NlaSvc - ok
11:38:40.0378 2924 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
11:38:40.0388 2924 NMIndexingService - ok
11:38:40.0428 2924 [ 2F48AB72B6D554A41817020171DC53D6 ] NmPar C:\Windows\system32\DRIVERS\NmPar.sys
11:38:40.0468 2924 NmPar - ok
11:38:40.0498 2924 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
11:38:40.0508 2924 NPF - ok
11:38:40.0518 2924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:38:40.0558 2924 Npfs - ok
11:38:40.0598 2924 [ B785BC959F7B0514971A317CA86A2628 ] npusbio C:\Windows\system32\Drivers\npusbio_x64.sys
11:38:40.0628 2924 npusbio - ok
11:38:40.0648 2924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:38:40.0718 2924 nsi - ok
11:38:40.0728 2924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:38:40.0758 2924 nsiproxy - ok
11:38:40.0808 2924 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:38:40.0848 2924 Ntfs - ok
11:38:40.0918 2924 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
11:38:40.0928 2924 ntk_PowerDVD - ok
11:38:40.0948 2924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:38:41.0018 2924 Null - ok
11:38:41.0058 2924 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
11:38:41.0118 2924 nusb3hub - ok
11:38:41.0148 2924 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:38:41.0198 2924 nusb3xhc - ok
11:38:41.0388 2924 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:38:41.0498 2924 nvlddmkm - ok
11:38:41.0538 2924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:38:41.0548 2924 nvraid - ok
11:38:41.0568 2924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:38:41.0578 2924 nvstor - ok
11:38:41.0648 2924 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:38:41.0678 2924 nvsvc - ok
11:38:41.0738 2924 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:38:41.0768 2924 nvUpdatusService - ok
11:38:41.0798 2924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:38:41.0808 2924 nv_agp - ok
11:38:41.0838 2924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:38:41.0868 2924 ohci1394 - ok
11:38:41.0908 2924 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:38:41.0928 2924 ose - ok
11:38:42.0058 2924 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:38:42.0188 2924 osppsvc - ok
11:38:42.0218 2924 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
11:38:42.0238 2924 ossrv - ok
11:38:42.0268 2924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:38:42.0298 2924 p2pimsvc - ok
11:38:42.0338 2924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:38:42.0378 2924 p2psvc - ok
11:38:42.0408 2924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:38:42.0428 2924 Parport - ok
11:38:42.0458 2924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:38:42.0468 2924 partmgr - ok
11:38:42.0488 2924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:38:42.0518 2924 PcaSvc - ok
11:38:42.0548 2924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:38:42.0568 2924 pci - ok
11:38:42.0578 2924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:38:42.0588 2924 pciide - ok
11:38:42.0608 2924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:38:42.0618 2924 pcmcia - ok
11:38:42.0638 2924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:38:42.0638 2924 pcw - ok
11:38:42.0668 2924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:38:42.0708 2924 PEAUTH - ok
11:38:42.0748 2924 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:38:42.0798 2924 PeerDistSvc - ok
11:38:42.0888 2924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:38:42.0918 2924 PerfHost - ok
11:38:42.0968 2924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:38:43.0048 2924 pla - ok
11:38:43.0098 2924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:38:43.0138 2924 PlugPlay - ok
11:38:43.0148 2924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:38:43.0168 2924 PNRPAutoReg - ok
11:38:43.0198 2924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:38:43.0218 2924 PNRPsvc - ok
11:38:43.0268 2924 [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:38:43.0278 2924 Point64 - ok
11:38:43.0308 2924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:38:43.0368 2924 PolicyAgent - ok
11:38:43.0408 2924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:38:43.0468 2924 Power - ok
11:38:43.0508 2924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:38:43.0558 2924 PptpMiniport - ok
11:38:43.0588 2924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:38:43.0618 2924 Processor - ok
11:38:43.0648 2924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:38:43.0688 2924 ProfSvc - ok
11:38:43.0718 2924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:38:43.0738 2924 ProtectedStorage - ok
11:38:43.0778 2924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:38:43.0818 2924 Psched - ok
11:38:43.0878 2924 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:38:43.0888 2924 PxHlpa64 - ok
11:38:43.0918 2924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:38:43.0958 2924 ql2300 - ok
11:38:43.0968 2924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:38:43.0978 2924 ql40xx - ok
11:38:44.0008 2924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:38:44.0038 2924 QWAVE - ok
11:38:44.0048 2924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:38:44.0078 2924 QWAVEdrv - ok
11:38:44.0088 2924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:38:44.0128 2924 RasAcd - ok
11:38:44.0168 2924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:38:44.0228 2924 RasAgileVpn - ok
11:38:44.0238 2924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:38:44.0268 2924 RasAuto - ok
11:38:44.0298 2924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:38:44.0328 2924 Rasl2tp - ok
11:38:44.0358 2924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:38:44.0388 2924 RasMan - ok
11:38:44.0418 2924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:38:44.0448 2924 RasPppoe - ok
11:38:44.0468 2924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:38:44.0498 2924 RasSstp - ok
11:38:44.0528 2924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:38:44.0558 2924 rdbss - ok
11:38:44.0558 2924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:38:44.0598 2924 rdpbus - ok
11:38:44.0618 2924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:38:44.0668 2924 RDPCDD - ok
11:38:44.0688 2924 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:38:44.0728 2924 RDPDR - ok
11:38:44.0738 2924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:38:44.0798 2924 RDPENCDD - ok
11:38:44.0818 2924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:38:44.0888 2924 RDPREFMP - ok
11:38:44.0938 2924 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:38:44.0978 2924 RdpVideoMiniport - ok
11:38:45.0008 2924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:38:45.0048 2924 RDPWD - ok
11:38:45.0078 2924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:38:45.0098 2924 rdyboost - ok
11:38:45.0128 2924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:38:45.0188 2924 RemoteAccess - ok
11:38:45.0208 2924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:38:45.0278 2924 RemoteRegistry - ok
11:38:45.0308 2924 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:38:45.0358 2924 RimUsb - ok
11:38:45.0388 2924 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:38:45.0428 2924 RimVSerPort - ok
11:38:45.0468 2924 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
11:38:45.0518 2924 ROOTMODEM - ok
11:38:45.0528 2924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:38:45.0568 2924 RpcEptMapper - ok
11:38:45.0588 2924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:38:45.0618 2924 RpcLocator - ok
11:38:45.0648 2924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:38:45.0698 2924 RpcSs - ok
11:38:45.0708 2924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:38:45.0758 2924 rspndr - ok
11:38:45.0818 2924 [ A1EBBF0EE62278F8392CB3899710E631 ] RTCore64 C:\Program Files (x86)\EVGA Precision X\RTCore64.sys
11:38:45.0828 2924 RTCore64 - ok
11:38:45.0858 2924 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:38:45.0898 2924 s3cap - ok
11:38:45.0938 2924 [ 45C0B193065219189772A038E6C29D49 ] SaiH0763 C:\Windows\system32\DRIVERS\SaiH0763.sys
11:38:45.0948 2924 SaiH0763 - ok
11:38:45.0978 2924 [ 231A3700154B1A49C2F05CB0DA4B2747 ] SaiH0BAC C:\Windows\system32\DRIVERS\SaiH0BAC.sys
11:38:45.0988 2924 SaiH0BAC - ok
11:38:46.0028 2924 [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
11:38:46.0048 2924 SaiMini - ok
11:38:46.0078 2924 [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
11:38:46.0088 2924 SaiNtBus - ok
11:38:46.0098 2924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:38:46.0098 2924 SamSs - ok
11:38:46.0128 2924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:38:46.0138 2924 sbp2port - ok
11:38:46.0168 2924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:38:46.0228 2924 SCardSvr - ok
11:38:46.0278 2924 [ 741B338D675FE20B779E7EFFA55032FE ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
11:38:46.0298 2924 SCDEmu - ok
11:38:46.0318 2924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:38:46.0358 2924 scfilter - ok
11:38:46.0398 2924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:38:46.0438 2924 Schedule - ok
11:38:46.0458 2924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:38:46.0488 2924 SCPolicySvc - ok
11:38:46.0508 2924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:38:46.0548 2924 SDRSVC - ok
11:38:46.0588 2924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:38:46.0638 2924 secdrv - ok
11:38:46.0668 2924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:38:46.0718 2924 seclogon - ok
11:38:46.0728 2924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:38:46.0768 2924 SENS - ok
11:38:46.0778 2924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:38:46.0818 2924 SensrSvc - ok
11:38:46.0838 2924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:38:46.0878 2924 Serenum - ok
11:38:46.0898 2924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:38:46.0928 2924 Serial - ok
11:38:46.0968 2924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:38:46.0998 2924 sermouse - ok
11:38:47.0058 2924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:38:47.0108 2924 SessionEnv - ok
11:38:47.0138 2924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:38:47.0178 2924 sffdisk - ok
11:38:47.0198 2924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:38:47.0218 2924 sffp_mmc - ok
11:38:47.0238 2924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:38:47.0268 2924 sffp_sd - ok
11:38:47.0278 2924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:38:47.0308 2924 sfloppy - ok
11:38:47.0348 2924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:38:47.0398 2924 ShellHWDetection - ok
11:38:47.0418 2924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:38:47.0428 2924 SiSRaid2 - ok
11:38:47.0438 2924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:38:47.0448 2924 SiSRaid4 - ok
11:38:47.0498 2924 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:38:47.0508 2924 SkypeUpdate - ok
11:38:47.0538 2924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:38:47.0588 2924 Smb - ok
11:38:47.0628 2924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:38:47.0638 2924 SNMPTRAP - ok
11:38:47.0658 2924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:38:47.0668 2924 spldr - ok
11:38:47.0678 2924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:38:47.0718 2924 Spooler - ok
11:38:47.0798 2924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:38:47.0908 2924 sppsvc - ok
11:38:47.0918 2924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:38:47.0958 2924 sppuinotify - ok
11:38:48.0028 2924 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
11:38:48.0048 2924 sptd - ok
11:38:48.0088 2924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:38:48.0138 2924 srv - ok
11:38:48.0178 2924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:38:48.0208 2924 srv2 - ok
11:38:48.0228 2924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:38:48.0258 2924 srvnet - ok
11:38:48.0288 2924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:38:48.0368 2924 SSDPSRV - ok
11:38:48.0378 2924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:38:48.0428 2924 SstpSvc - ok
11:38:48.0458 2924 Steam Client Service - ok
11:38:48.0548 2924 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:38:48.0558 2924 Stereo Service - ok
11:38:48.0588 2924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:38:48.0598 2924 stexstor - ok
11:38:48.0638 2924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:38:48.0728 2924 stisvc - ok
11:38:48.0798 2924 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:38:48.0808 2924 storflt - ok
11:38:48.0878 2924 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:38:48.0888 2924 storvsc - ok
11:38:48.0938 2924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:38:48.0938 2924 swenum - ok
11:38:49.0268 2924 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:38:49.0318 2924 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:38:49.0318 2924 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:38:49.0348 2924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:38:49.0408 2924 swprv - ok
11:38:49.0428 2924 Synth3dVsc - ok
11:38:49.0488 2924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:38:49.0528 2924 SysMain - ok
11:38:49.0558 2924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:38:49.0578 2924 TabletInputService - ok
11:38:49.0608 2924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:38:49.0668 2924 TapiSrv - ok
11:38:49.0698 2924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:38:49.0758 2924 TBS - ok
11:38:49.0798 2924 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:38:49.0828 2924 Tcpip - ok
11:38:49.0868 2924 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:38:49.0908 2924 TCPIP6 - ok
11:38:49.0938 2924 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:38:49.0958 2924 tcpipreg - ok
11:38:49.0988 2924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:38:50.0028 2924 TDPIPE - ok
11:38:50.0058 2924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:38:50.0088 2924 TDTCP - ok
11:38:50.0128 2924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:38:50.0168 2924 tdx - ok
11:38:50.0198 2924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:38:50.0208 2924 TermDD - ok
11:38:50.0368 2924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:38:50.0428 2924 TermService - ok
11:38:50.0448 2924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:38:50.0468 2924 Themes - ok
11:38:50.0498 2924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:38:50.0528 2924 THREADORDER - ok
11:38:50.0548 2924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:38:50.0598 2924 TrkWks - ok
11:38:50.0658 2924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:38:50.0708 2924 TrustedInstaller - ok
11:38:50.0728 2924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:38:50.0758 2924 tssecsrv - ok
11:38:50.0798 2924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:38:50.0848 2924 TsUsbFlt - ok
11:38:50.0848 2924 tsusbhub - ok
11:38:50.0898 2924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:38:50.0948 2924 tunnel - ok
11:38:50.0978 2924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:38:50.0998 2924 uagp35 - ok
11:38:51.0028 2924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:38:51.0078 2924 udfs - ok
11:38:51.0118 2924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:38:51.0148 2924 UI0Detect - ok
11:38:51.0178 2924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:38:51.0188 2924 uliagpkx - ok
11:38:51.0228 2924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:38:51.0258 2924 umbus - ok
11:38:51.0288 2924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:38:51.0308 2924 UmPass - ok
11:38:51.0338 2924 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:38:51.0378 2924 UmRdpService - ok
11:38:51.0478 2924 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:38:51.0558 2924 UNS - ok
11:38:51.0598 2924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:38:51.0638 2924 upnphost - ok
11:38:51.0688 2924 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:38:51.0719 2924 USBAAPL64 - ok
11:38:51.0759 2924 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:38:51.0779 2924 usbaudio - ok
11:38:51.0819 2924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:38:51.0859 2924 usbccgp - ok
11:38:51.0879 2924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:38:51.0899 2924 usbcir - ok
11:38:51.0939 2924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:38:51.0959 2924 usbehci - ok
11:38:51.0989 2924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:38:52.0009 2924 usbhub - ok
11:38:52.0029 2924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:38:52.0049 2924 usbohci - ok
11:38:52.0089 2924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:38:52.0119 2924 usbprint - ok
11:38:52.0139 2924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:38:52.0189 2924 USBSTOR - ok
11:38:52.0209 2924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:38:52.0239 2924 usbuhci - ok
11:38:52.0259 2924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:38:52.0319 2924 UxSms - ok
11:38:52.0329 2924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:38:52.0339 2924 VaultSvc - ok
11:38:52.0359 2924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:38:52.0359 2924 vdrvroot - ok
11:38:52.0399 2924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:38:52.0449 2924 vds - ok
11:38:52.0459 2924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:38:52.0479 2924 vga - ok
11:38:52.0499 2924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:38:52.0529 2924 VgaSave - ok
11:38:52.0539 2924 VGPU - ok
11:38:52.0569 2924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:38:52.0579 2924 vhdmp - ok
11:38:52.0609 2924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:38:52.0629 2924 viaide - ok
11:38:52.0659 2924 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
11:38:52.0669 2924 vidsflt53 - ok
11:38:52.0699 2924 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:38:52.0720 2924 vmbus - ok
11:38:52.0750 2924 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:38:52.0770 2924 VMBusHID - ok
11:38:52.0800 2924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:38:52.0820 2924 volmgr - ok
11:38:52.0860 2924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:38:52.0880 2924 volmgrx - ok
11:38:52.0910 2924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:38:52.0930 2924 volsnap - ok
11:38:52.0960 2924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:38:52.0980 2924 vsmraid - ok
11:38:53.0040 2924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:38:53.0130 2924 VSS - ok
11:38:53.0220 2924 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
11:38:53.0250 2924 vToolbarUpdater14.2.0 - ok
11:38:53.0260 2924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:38:53.0280 2924 vwifibus - ok
11:38:53.0300 2924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:38:53.0340 2924 vwififlt - ok
11:38:53.0380 2924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:38:53.0430 2924 W32Time - ok
11:38:53.0440 2924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:38:53.0460 2924 WacomPen - ok
11:38:53.0490 2924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:38:53.0540 2924 WANARP - ok
11:38:53.0550 2924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:38:53.0580 2924 Wanarpv6 - ok
11:38:53.0640 2924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:38:53.0670 2924 WatAdminSvc - ok
11:38:53.0710 2924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:38:53.0770 2924 wbengine - ok
11:38:53.0780 2924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:38:53.0810 2924 WbioSrvc - ok
11:38:53.0830 2924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:38:53.0860 2924 wcncsvc - ok
11:38:53.0880 2924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:38:53.0930 2924 WcsPlugInService - ok
11:38:53.0940 2924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:38:53.0950 2924 Wd - ok
11:38:53.0990 2924 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:38:54.0020 2924 Wdf01000 - ok
11:38:54.0030 2924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:38:54.0100 2924 WdiServiceHost - ok
11:38:54.0100 2924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:38:54.0120 2924 WdiSystemHost - ok
11:38:54.0160 2924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:38:54.0190 2924 WebClient - ok
11:38:54.0210 2924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:38:54.0270 2924 Wecsvc - ok
11:38:54.0280 2924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:38:54.0320 2924 wercplsupport - ok
11:38:54.0340 2924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:38:54.0390 2924 WerSvc - ok
11:38:54.0410 2924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:38:54.0440 2924 WfpLwf - ok
11:38:54.0460 2924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:38:54.0460 2924 WIMMount - ok
11:38:54.0470 2924 WinHttpAutoProxySvc - ok
11:38:54.0530 2924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:38:54.0580 2924 Winmgmt - ok
11:38:54.0630 2924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:38:54.0700 2924 WinRM - ok
11:38:54.0770 2924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:38:54.0780 2924 WinUsb - ok
11:38:54.0820 2924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:38:54.0860 2924 Wlansvc - ok
11:38:54.0970 2924 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:38:55.0040 2924 wlidsvc - ok
11:38:55.0070 2924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:38:55.0100 2924 WmiAcpi - ok
11:38:55.0130 2924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:38:55.0150 2924 wmiApSrv - ok
11:38:55.0200 2924 WMPNetworkSvc - ok
11:38:55.0230 2924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:38:55.0260 2924 WPCSvc - ok
11:38:55.0290 2924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:38:55.0310 2924 WPDBusEnum - ok
11:38:55.0340 2924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:38:55.0390 2924 ws2ifsl - ok
11:38:55.0390 2924 WSearch - ok
11:38:55.0460 2924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:38:55.0540 2924 wuauserv - ok
11:38:55.0570 2924 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:38:55.0600 2924 WudfPf - ok
11:38:55.0620 2924 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:38:55.0660 2924 WUDFRd - ok
11:38:55.0690 2924 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:38:55.0720 2924 wudfsvc - ok
11:38:55.0740 2924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:38:55.0770 2924 WwanSvc - ok
11:38:55.0810 2924 [ E793283BDEC1AF93E00CA71767B9934C ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
11:38:55.0830 2924 yukonw7 - ok
11:38:55.0850 2924 ================ Scan global ===============================
11:38:55.0890 2924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:38:55.0910 2924 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:38:55.0920 2924 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:38:55.0960 2924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:38:55.0990 2924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:38:56.0000 2924 [Global] - ok
11:38:56.0000 2924 ================ Scan MBR ==================================
11:38:56.0010 2924 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
11:38:56.0260 2924 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
11:38:56.0260 2924 \Device\Harddisk2\DR2 - detected TDSS File System (1)
11:38:56.0280 2924 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
11:38:56.0350 2924 \Device\Harddisk3\DR3 - ok
11:38:56.0350 2924 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:38:56.0420 2924 \Device\Harddisk0\DR0 - ok
11:38:56.0420 2924 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:38:56.0490 2924 \Device\Harddisk1\DR1 - ok
11:38:56.0490 2924 ================ Scan VBR ==================================
11:38:56.0490 2924 [ 8BCA520A9BF160479FA2C1DE7F6104CF ] \Device\Harddisk2\DR2\Partition1
11:38:56.0490 2924 \Device\Harddisk2\DR2\Partition1 - ok
11:38:56.0520 2924 [ FE55A0AFB0BD9CE5780E77782ED5CFF6 ] \Device\Harddisk3\DR3\Partition1
11:38:56.0520 2924 \Device\Harddisk3\DR3\Partition1 - ok
11:38:56.0520 2924 [ CCBEC61F34F269C3021953164873472C ] \Device\Harddisk0\DR0\Partition1
11:38:56.0520 2924 \Device\Harddisk0\DR0\Partition1 - ok
11:38:56.0530 2924 [ 1011C0FAAC776AC971E171EDA393E663 ] \Device\Harddisk1\DR1\Partition1
11:38:56.0530 2924 \Device\Harddisk1\DR1\Partition1 - ok
11:38:56.0530 2924 ============================================================
11:38:56.0530 2924 Scan finished
11:38:56.0530 2924 ============================================================
11:38:56.0540 4324 Detected object count: 7
11:38:56.0540 4324 Actual detected object count: 7
11:39:40.0584 4324 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:40.0584 4324 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:40.0584 4324 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:40.0584 4324 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:40.0584 4324 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:40.0584 4324 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:40.0584 4324 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:40.0584 4324 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:40.0584 4324 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:40.0584 4324 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:40.0584 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:40.0594 4324 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:40.0594 4324 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
11:39:40.0594 4324 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
11:40:20.0488 4232 Deinitialize success


3. The FSS.txt log

Farbar Service Scanner Version: 03-03-2013
Ran by Marcus (administrator) on 19-03-2013 at 11:41:43
Running from "C:\Users\Marcus\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#10
godawgs
Posted 19 March 2013 - 01:31 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Marcus,

You have remnants of a TDSS rootkit. And a bunch of service Registry keys missing.


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.

If you want to continue, we will clear the TDSS file system and then scan for residual malware. Then we will work on the Registry keys that are missing. First we will create a system restore point.
After this round let me know how the system is running. There is a good amount of things to do so take your time and if you have any questions stop and ask me. :thumbsup:


Step-1

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

For Vista and Windows 7:
  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • In the Available Disks box put a check mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name for the restore point, i.e: Before TDSS delete
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel

Step-2.

Delete the TDSS File System

  • Re-run TDSSKiller please with the same settings
  • On the Threats Detected screen, look for the following entry:
    \Device\Harddisk2\DR2 ( TDSS File System )
  • Change the action from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

    Posted Image
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV:64bit: - [2012/07/17 18:48:59 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
File not found (No name found) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\17S8W51E.DEFAULT\EXTENSIONS\[email protected]
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2454372500-3351072776-1793313849-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/03/01 10:57:08 | 000,272,896 | ---- | C] () -- C:\Windows\mvalkdj.dll

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


NOTE: Before completing Steps 4 and 5 I want you to disable any screen saver you might have running.

Step-4.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer.

Right click the MalwareBytes icon and click Run As Administrator, then click the Continue button on the UAC window.). You will now be at the main program as shown below.

Posted Image

  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore, and click Remove Selected.<---Very Improtant
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-5.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-6.

Run OTL again and click the Posted Image button. Post the Extras.txtlog it produces in your next reply.


Step-7

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
2. The OTL fixes log
3. The MalwareBytes log
4. The ESET scan log (IF it found anything). IF it didn't just let me know.
5. The new OTL.txt log
  • 0

Advertisements

#11
Marcusmmc23
Posted 19 March 2013 - 01:49 PM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I figured this was the case and a re-install would be required. I would like to try to repair what is broken before we get to that point if you are still willing to help, however I understand that there is a possibility of not being able to. I will continue with the steps you have suggested and will report back when able. Thank you.
  • 0

#12
godawgs
Posted 19 March 2013 - 10:24 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Understood
  • 0

#13
Marcusmmc23
Posted 20 March 2013 - 07:24 PM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
1. The TDSSKiller log

13:49:51.0613 3952 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:49:52.0793 3952 ============================================================
13:49:52.0793 3952 Current date / time: 2013/03/19 13:49:52.0793
13:49:52.0793 3952 SystemInfo:
13:49:52.0793 3952
13:49:52.0793 3952 OS Version: 6.1.7601 ServicePack: 1.0
13:49:52.0793 3952 Product type: Workstation
13:49:52.0793 3952 ComputerName: MARCUS-CUSTOM
13:49:52.0793 3952 UserName: Marcus
13:49:52.0793 3952 Windows directory: C:\Windows
13:49:52.0793 3952 System windows directory: C:\Windows
13:49:52.0793 3952 Running under WOW64
13:49:52.0793 3952 Processor architecture: Intel x64
13:49:52.0793 3952 Number of processors: 4
13:49:52.0793 3952 Page size: 0x1000
13:49:52.0793 3952 Boot type: Normal boot
13:49:52.0793 3952 ============================================================
13:49:53.0904 3952 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:49:53.0924 3952 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:49:53.0924 3952 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:49:53.0924 3952 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:49:53.0934 3952 ============================================================
13:49:53.0934 3952 \Device\Harddisk2\DR2:
13:49:53.0934 3952 MBR partitions:
13:49:53.0934 3952 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
13:49:53.0934 3952 \Device\Harddisk3\DR3:
13:49:53.0934 3952 MBR partitions:
13:49:53.0934 3952 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:49:53.0934 3952 \Device\Harddisk0\DR0:
13:49:53.0934 3952 MBR partitions:
13:49:53.0934 3952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1A8800
13:49:53.0934 3952 \Device\Harddisk1\DR1:
13:49:53.0934 3952 MBR partitions:
13:49:53.0934 3952 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1A8000
13:49:53.0934 3952 ============================================================
13:49:53.0944 3952 C: <-> \Device\Harddisk2\DR2\Partition1
13:49:53.0954 3952 D: <-> \Device\Harddisk3\DR3\Partition1
13:49:53.0984 3952 E: <-> \Device\Harddisk0\DR0\Partition1
13:49:54.0034 3952 F: <-> \Device\Harddisk1\DR1\Partition1
13:49:54.0034 3952 ============================================================
13:49:54.0034 3952 Initialize success
13:49:54.0034 3952 ============================================================
13:50:11.0865 5152 ============================================================
13:50:11.0865 5152 Scan started
13:50:11.0865 5152 Mode: Manual; SigCheck; TDLFS;
13:50:11.0865 5152 ============================================================
13:50:12.0545 5152 ================ Scan system memory ========================
13:50:12.0545 5152 System memory - ok
13:50:12.0545 5152 ================ Scan services =============================
13:50:12.0695 5152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:50:12.0755 5152 1394ohci - ok
13:50:12.0785 5152 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
13:50:12.0805 5152 61883 - ok
13:50:12.0845 5152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:50:12.0865 5152 ACPI - ok
13:50:12.0885 5152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:50:12.0895 5152 AcpiPmi - ok
13:50:12.0945 5152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:50:12.0965 5152 adp94xx - ok
13:50:12.0975 5152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:50:12.0985 5152 adpahci - ok
13:50:12.0995 5152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:50:13.0005 5152 adpu320 - ok
13:50:13.0025 5152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:50:13.0055 5152 AeLookupSvc - ok
13:50:13.0085 5152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:50:13.0115 5152 AFD - ok
13:50:13.0145 5152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:50:13.0155 5152 agp440 - ok
13:50:13.0175 5152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:50:13.0195 5152 ALG - ok
13:50:13.0205 5152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:50:13.0215 5152 aliide - ok
13:50:13.0225 5152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:50:13.0235 5152 amdide - ok
13:50:13.0255 5152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:50:13.0265 5152 AmdK8 - ok
13:50:13.0275 5152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:50:13.0285 5152 AmdPPM - ok
13:50:13.0325 5152 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:50:13.0345 5152 amdsata - ok
13:50:13.0355 5152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:50:13.0365 5152 amdsbs - ok
13:50:13.0375 5152 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:50:13.0385 5152 amdxata - ok
13:50:13.0415 5152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:50:13.0445 5152 AppID - ok
13:50:13.0445 5152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:50:13.0475 5152 AppIDSvc - ok
13:50:13.0505 5152 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:50:13.0535 5152 Appinfo - ok
13:50:13.0645 5152 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:50:13.0665 5152 Apple Mobile Device - ok
13:50:13.0705 5152 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:50:13.0715 5152 AppMgmt - ok
13:50:13.0735 5152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:50:13.0745 5152 arc - ok
13:50:13.0755 5152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:50:13.0765 5152 arcsas - ok
13:50:13.0875 5152 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:50:13.0895 5152 aspnet_state - ok
13:50:13.0915 5152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:50:13.0955 5152 AsyncMac - ok
13:50:13.0985 5152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:50:13.0995 5152 atapi - ok
13:50:14.0035 5152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:50:14.0075 5152 AudioEndpointBuilder - ok
13:50:14.0095 5152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:50:14.0125 5152 AudioSrv - ok
13:50:14.0145 5152 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
13:50:14.0155 5152 Avc - ok
13:50:14.0195 5152 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:50:14.0205 5152 Avgfwfd - ok
13:50:14.0295 5152 [ 6C469E3CB15CF33AD3E757096E6C7026 ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
13:50:14.0335 5152 avgfws - ok
13:50:14.0435 5152 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
13:50:14.0485 5152 AVGIDSAgent - ok
13:50:14.0505 5152 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:50:14.0505 5152 AVGIDSDriver - ok
13:50:14.0525 5152 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:50:14.0525 5152 AVGIDSFilter - ok
13:50:14.0545 5152 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
13:50:14.0555 5152 AVGIDSHA - ok
13:50:14.0575 5152 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
13:50:14.0575 5152 Avgldx64 - ok
13:50:14.0585 5152 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
13:50:14.0595 5152 Avgmfx64 - ok
13:50:14.0615 5152 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
13:50:14.0625 5152 Avgrkx64 - ok
13:50:14.0635 5152 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
13:50:14.0645 5152 Avgtdia - ok
13:50:14.0685 5152 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
13:50:14.0695 5152 avgtp - ok
13:50:14.0715 5152 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:50:14.0725 5152 avgwd - ok
13:50:14.0755 5152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:50:14.0785 5152 AxInstSV - ok
13:50:14.0815 5152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:50:14.0825 5152 b06bdrv - ok
13:50:14.0875 5152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:50:14.0885 5152 b57nd60a - ok
13:50:14.0935 5152 [ 44E6E51AEDBF3E0B38A6CD5432649E57 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
13:50:14.0965 5152 BCMH43XX - ok
13:50:15.0005 5152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:50:15.0015 5152 BDESVC - ok
13:50:15.0025 5152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:50:15.0055 5152 Beep - ok
13:50:15.0135 5152 [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
13:50:15.0155 5152 BingDesktopUpdate - ok
13:50:15.0195 5152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:50:15.0245 5152 BITS - ok
13:50:15.0275 5152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:50:15.0285 5152 blbdrive - ok
13:50:15.0375 5152 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:50:15.0395 5152 Bonjour Service - ok
13:50:15.0425 5152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:50:15.0445 5152 bowser - ok
13:50:15.0445 5152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:50:15.0465 5152 BrFiltLo - ok
13:50:15.0475 5152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:50:15.0485 5152 BrFiltUp - ok
13:50:15.0505 5152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:50:15.0525 5152 Browser - ok
13:50:15.0545 5152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:50:15.0555 5152 Brserid - ok
13:50:15.0565 5152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:50:15.0575 5152 BrSerWdm - ok
13:50:15.0585 5152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:50:15.0595 5152 BrUsbMdm - ok
13:50:15.0605 5152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:50:15.0615 5152 BrUsbSer - ok
13:50:15.0625 5152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:50:15.0635 5152 BTHMODEM - ok
13:50:15.0665 5152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:50:15.0685 5152 bthserv - ok
13:50:15.0715 5152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:50:15.0735 5152 cdfs - ok
13:50:15.0765 5152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:50:15.0775 5152 cdrom - ok
13:50:15.0815 5152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:50:15.0845 5152 CertPropSvc - ok
13:50:15.0865 5152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:50:15.0875 5152 circlass - ok
13:50:15.0895 5152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:50:15.0915 5152 CLFS - ok
13:50:16.0015 5152 [ 4AA6694FB767BBFF6A8EF080806447BD ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
13:50:16.0025 5152 CLHNServiceForPowerDVD - ok
13:50:16.0075 5152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:50:16.0085 5152 clr_optimization_v2.0.50727_32 - ok
13:50:16.0145 5152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:50:16.0165 5152 clr_optimization_v2.0.50727_64 - ok
13:50:16.0235 5152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:50:16.0255 5152 clr_optimization_v4.0.30319_32 - ok
13:50:16.0265 5152 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:50:16.0275 5152 clr_optimization_v4.0.30319_64 - ok
13:50:16.0295 5152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:50:16.0305 5152 CmBatt - ok
13:50:16.0335 5152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:50:16.0345 5152 cmdide - ok
13:50:16.0385 5152 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:50:16.0415 5152 CNG - ok
13:50:16.0425 5152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:50:16.0425 5152 Compbatt - ok
13:50:16.0465 5152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:50:16.0475 5152 CompositeBus - ok
13:50:16.0485 5152 COMSysApp - ok
13:50:16.0525 5152 [ CCB09EB78E047C931708149992C2E435 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
13:50:16.0535 5152 cpuz135 - ok
13:50:16.0565 5152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:50:16.0575 5152 crcdisk - ok
13:50:16.0615 5152 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:50:16.0625 5152 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:50:16.0625 5152 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:50:16.0645 5152 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:50:16.0655 5152 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:50:16.0655 5152 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:50:16.0685 5152 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:50:16.0705 5152 CryptSvc - ok
13:50:16.0745 5152 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:50:16.0765 5152 CSC - ok
13:50:16.0805 5152 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:50:16.0825 5152 CscService - ok
13:50:16.0855 5152 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
13:50:16.0865 5152 CT20XUT - ok
13:50:16.0895 5152 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
13:50:16.0905 5152 CT20XUT.SYS - ok
13:50:16.0945 5152 [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
13:50:16.0965 5152 ctac32k - ok
13:50:16.0985 5152 [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
13:50:17.0005 5152 ctaud2k - ok
13:50:17.0075 5152 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:50:17.0085 5152 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
13:50:17.0085 5152 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
13:50:17.0115 5152 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
13:50:17.0135 5152 CTEXFIFX - ok
13:50:17.0165 5152 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
13:50:17.0185 5152 CTEXFIFX.SYS - ok
13:50:17.0185 5152 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
13:50:17.0196 5152 CTHWIUT - ok
13:50:17.0196 5152 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
13:50:17.0196 5152 CTHWIUT.SYS - ok
13:50:17.0216 5152 [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
13:50:17.0216 5152 ctprxy2k - ok
13:50:17.0226 5152 [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
13:50:17.0236 5152 ctsfm2k - ok
13:50:17.0286 5152 [ D3484412EAE43685E3AD304C9979F30E ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
13:50:17.0296 5152 CyberLink PowerDVD 11.0 Monitor Service - ok
13:50:17.0336 5152 [ 4B0F03AF88FF89441EF57175849C3961 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
13:50:17.0346 5152 CyberLink PowerDVD 11.0 Service - ok
13:50:17.0396 5152 [ BA25D4B9B067248F7CAC416E855D706B ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:50:17.0406 5152 dc3d - ok
13:50:17.0466 5152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:50:17.0506 5152 DcomLaunch - ok
13:50:17.0546 5152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:50:17.0566 5152 defragsvc - ok
13:50:17.0596 5152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:50:17.0616 5152 DfsC - ok
13:50:17.0656 5152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:50:17.0666 5152 Dhcp - ok
13:50:17.0696 5152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:50:17.0716 5152 discache - ok
13:50:17.0736 5152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:50:17.0746 5152 Disk - ok
13:50:17.0776 5152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:50:17.0786 5152 Dnscache - ok
13:50:17.0806 5152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:50:17.0826 5152 dot3svc - ok
13:50:17.0856 5152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:50:17.0876 5152 DPS - ok
13:50:17.0926 5152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:50:17.0946 5152 drmkaud - ok
13:50:17.0996 5152 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:50:18.0026 5152 DXGKrnl - ok
13:50:18.0076 5152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:50:18.0116 5152 EapHost - ok
13:50:18.0176 5152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:50:18.0206 5152 ebdrv - ok
13:50:18.0236 5152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:50:18.0256 5152 EFS - ok
13:50:18.0297 5152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:50:18.0317 5152 ehRecvr - ok
13:50:18.0357 5152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:50:18.0357 5152 ehSched - ok
13:50:18.0377 5152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:50:18.0387 5152 elxstor - ok
13:50:18.0417 5152 [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia C:\Windows\system32\drivers\emupia2k.sys
13:50:18.0417 5152 emupia - ok
13:50:18.0427 5152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:50:18.0437 5152 ErrDev - ok
13:50:18.0457 5152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:50:18.0477 5152 EventSystem - ok
13:50:18.0497 5152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:50:18.0527 5152 exfat - ok
13:50:18.0537 5152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:50:18.0557 5152 fastfat - ok
13:50:18.0607 5152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:50:18.0627 5152 Fax - ok
13:50:18.0637 5152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:50:18.0647 5152 fdc - ok
13:50:18.0657 5152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:50:18.0687 5152 fdPHost - ok
13:50:18.0687 5152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:50:18.0707 5152 FDResPub - ok
13:50:18.0717 5152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:50:18.0717 5152 FileInfo - ok
13:50:18.0727 5152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:50:18.0747 5152 Filetrace - ok
13:50:18.0807 5152 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:50:18.0827 5152 FLEXnet Licensing Service - ok
13:50:18.0847 5152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:50:18.0847 5152 flpydisk - ok
13:50:18.0887 5152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:50:18.0897 5152 FltMgr - ok
13:50:18.0937 5152 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:50:18.0957 5152 FontCache - ok
13:50:19.0017 5152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:50:19.0027 5152 FontCache3.0.0.0 - ok
13:50:19.0037 5152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:50:19.0057 5152 FsDepends - ok
13:50:19.0087 5152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:50:19.0097 5152 Fs_Rec - ok
13:50:19.0137 5152 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:50:19.0157 5152 fvevol - ok
13:50:19.0177 5152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:50:19.0187 5152 gagp30kx - ok
13:50:19.0207 5152 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:50:19.0217 5152 GEARAspiWDM - ok
13:50:19.0257 5152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:50:19.0287 5152 gpsvc - ok
13:50:19.0357 5152 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:50:19.0377 5152 gupdate - ok
13:50:19.0387 5152 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:50:19.0397 5152 gupdatem - ok
13:50:19.0457 5152 [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
13:50:19.0487 5152 ha20x22k - ok
13:50:19.0527 5152 [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
13:50:19.0547 5152 ha20x2k - ok
13:50:19.0567 5152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:50:19.0577 5152 hcw85cir - ok
13:50:19.0617 5152 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:50:19.0647 5152 HdAudAddService - ok
13:50:19.0677 5152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:50:19.0697 5152 HDAudBus - ok
13:50:19.0707 5152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:50:19.0717 5152 HidBatt - ok
13:50:19.0737 5152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:50:19.0747 5152 HidBth - ok
13:50:19.0787 5152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:50:19.0797 5152 HidIr - ok
13:50:19.0827 5152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:50:19.0867 5152 hidserv - ok
13:50:19.0917 5152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:50:19.0927 5152 HidUsb - ok
13:50:19.0957 5152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:50:19.0997 5152 hkmsvc - ok
13:50:20.0017 5152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:50:20.0027 5152 HomeGroupListener - ok
13:50:20.0057 5152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:50:20.0067 5152 HomeGroupProvider - ok
13:50:20.0077 5152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:50:20.0087 5152 HpSAMD - ok
13:50:20.0127 5152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:50:20.0157 5152 HTTP - ok
13:50:20.0177 5152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:50:20.0177 5152 hwpolicy - ok
13:50:20.0207 5152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:50:20.0217 5152 i8042prt - ok
13:50:20.0257 5152 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:50:20.0277 5152 iaStorV - ok
13:50:20.0357 5152 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:50:20.0367 5152 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:50:20.0367 5152 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:50:20.0407 5152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:50:20.0437 5152 idsvc - ok
13:50:20.0467 5152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:50:20.0477 5152 iirsp - ok
13:50:20.0517 5152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:50:20.0557 5152 IKEEXT - ok
13:50:20.0667 5152 [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:50:20.0717 5152 IntcAzAudAddService - ok
13:50:20.0727 5152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:50:20.0737 5152 intelide - ok
13:50:20.0747 5152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:50:20.0757 5152 intelppm - ok
13:50:20.0777 5152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:50:20.0807 5152 IPBusEnum - ok
13:50:20.0837 5152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:50:20.0857 5152 IpFilterDriver - ok
13:50:20.0927 5152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:50:20.0947 5152 IPMIDRV - ok
13:50:20.0957 5152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:50:20.0987 5152 IPNAT - ok
13:50:21.0027 5152 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:50:21.0057 5152 iPod Service - ok
13:50:21.0067 5152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:50:21.0077 5152 IRENUM - ok
13:50:21.0117 5152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:50:21.0127 5152 isapnp - ok
13:50:21.0157 5152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:50:21.0177 5152 iScsiPrt - ok
13:50:21.0217 5152 [ BACBC6BF74BE30CB98DB29AF1FA0EE3C ] Just Flight Limited License Service C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
13:50:21.0227 5152 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - warning
13:50:21.0227 5152 Just Flight Limited License Service - detected UnsignedFile.Multi.Generic (1)
13:50:21.0267 5152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:50:21.0277 5152 kbdclass - ok
13:50:21.0287 5152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:50:21.0307 5152 kbdhid - ok
13:50:21.0317 5152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:50:21.0327 5152 KeyIso - ok
13:50:21.0337 5152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:50:21.0347 5152 KSecDD - ok
13:50:21.0367 5152 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:50:21.0377 5152 KSecPkg - ok
13:50:21.0387 5152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:50:21.0417 5152 ksthunk - ok
13:50:21.0457 5152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:50:21.0497 5152 KtmRm - ok
13:50:21.0537 5152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:50:21.0567 5152 LanmanServer - ok
13:50:21.0597 5152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:50:21.0617 5152 LanmanWorkstation - ok
13:50:21.0637 5152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:50:21.0667 5152 lltdio - ok
13:50:21.0697 5152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:50:21.0737 5152 lltdsvc - ok
13:50:21.0747 5152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:50:21.0777 5152 lmhosts - ok
13:50:21.0827 5152 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:50:21.0847 5152 LMS - ok
13:50:21.0867 5152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:50:21.0877 5152 LSI_FC - ok
13:50:21.0897 5152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:50:21.0907 5152 LSI_SAS - ok
13:50:21.0917 5152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:50:21.0927 5152 LSI_SAS2 - ok
13:50:21.0947 5152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:50:21.0957 5152 LSI_SCSI - ok
13:50:21.0967 5152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:50:21.0997 5152 luafv - ok
13:50:22.0037 5152 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
13:50:22.0047 5152 LVRS64 - ok
13:50:22.0167 5152 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
13:50:22.0237 5152 LVUVC64 - ok
13:50:22.0267 5152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:50:22.0287 5152 Mcx2Svc - ok
13:50:22.0287 5152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:50:22.0297 5152 megasas - ok
13:50:22.0307 5152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:50:22.0317 5152 MegaSR - ok
13:50:22.0357 5152 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:50:22.0367 5152 MEIx64 - ok
13:50:22.0397 5152 [ 8D0E52F36A153D099DE7D5A1E233FAC7 ] mf C:\Windows\system32\DRIVERS\mf.sys
13:50:22.0417 5152 mf - ok
13:50:22.0457 5152 Microsoft SharePoint Workspace Audit Service - ok
13:50:22.0477 5152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:50:22.0517 5152 MMCSS - ok
13:50:22.0527 5152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:50:22.0547 5152 Modem - ok
13:50:22.0577 5152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:50:22.0587 5152 monitor - ok
13:50:22.0637 5152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:50:22.0647 5152 mouclass - ok
13:50:22.0667 5152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:50:22.0677 5152 mouhid - ok
13:50:22.0707 5152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:50:22.0727 5152 mountmgr - ok
13:50:22.0787 5152 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:50:22.0797 5152 MozillaMaintenance - ok
13:50:22.0827 5152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:50:22.0837 5152 mpio - ok
13:50:22.0867 5152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:50:22.0907 5152 mpsdrv - ok
13:50:22.0937 5152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:50:22.0947 5152 MRxDAV - ok
13:50:22.0977 5152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:50:22.0997 5152 mrxsmb - ok
13:50:23.0007 5152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:50:23.0017 5152 mrxsmb10 - ok
13:50:23.0057 5152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:50:23.0067 5152 mrxsmb20 - ok
13:50:23.0087 5152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:50:23.0097 5152 msahci - ok
13:50:23.0137 5152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:50:23.0147 5152 msdsm - ok
13:50:23.0167 5152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:50:23.0177 5152 MSDTC - ok
13:50:23.0207 5152 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
13:50:23.0217 5152 MSDV - ok
13:50:23.0217 5152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:50:23.0257 5152 Msfs - ok
13:50:23.0277 5152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:50:23.0317 5152 mshidkmdf - ok
13:50:23.0337 5152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:50:23.0347 5152 msisadrv - ok
13:50:23.0377 5152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:50:23.0397 5152 MSiSCSI - ok
13:50:23.0407 5152 msiserver - ok
13:50:23.0427 5152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:50:23.0447 5152 MSKSSRV - ok
13:50:23.0457 5152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:50:23.0477 5152 MSPCLOCK - ok
13:50:23.0477 5152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:50:23.0497 5152 MSPQM - ok
13:50:23.0527 5152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:50:23.0537 5152 MsRPC - ok
13:50:23.0537 5152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:50:23.0547 5152 mssmbios - ok
13:50:23.0557 5152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:50:23.0577 5152 MSTEE - ok
13:50:23.0587 5152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:50:23.0597 5152 MTConfig - ok
13:50:23.0607 5152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:50:23.0617 5152 Mup - ok
13:50:23.0637 5152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:50:23.0677 5152 napagent - ok
13:50:23.0717 5152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:50:23.0727 5152 NativeWifiP - ok
13:50:23.0817 5152 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
13:50:23.0837 5152 NBService - ok
13:50:23.0897 5152 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:50:23.0927 5152 NDIS - ok
13:50:23.0937 5152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:50:23.0967 5152 NdisCap - ok
13:50:23.0987 5152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:50:24.0007 5152 NdisTapi - ok
13:50:24.0027 5152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:50:24.0057 5152 Ndisuio - ok
13:50:24.0087 5152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:50:24.0127 5152 NdisWan - ok
13:50:24.0167 5152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:50:24.0207 5152 NDProxy - ok
13:50:24.0217 5152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:50:24.0237 5152 NetBIOS - ok
13:50:24.0267 5152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:50:24.0308 5152 NetBT - ok
13:50:24.0318 5152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:50:24.0328 5152 Netlogon - ok
13:50:24.0358 5152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:50:24.0398 5152 Netman - ok
13:50:24.0428 5152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0438 5152 NetMsmqActivator - ok
13:50:24.0438 5152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0438 5152 NetPipeActivator - ok
13:50:24.0458 5152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:50:24.0488 5152 netprofm - ok
13:50:24.0488 5152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0498 5152 NetTcpActivator - ok
13:50:24.0498 5152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:50:24.0508 5152 NetTcpPortSharing - ok
13:50:24.0518 5152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:50:24.0528 5152 nfrd960 - ok
13:50:24.0558 5152 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:50:24.0568 5152 NlaSvc - ok
13:50:24.0638 5152 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
13:50:24.0648 5152 NMIndexingService - ok
13:50:24.0678 5152 [ 2F48AB72B6D554A41817020171DC53D6 ] NmPar C:\Windows\system32\DRIVERS\NmPar.sys
13:50:24.0688 5152 NmPar - ok
13:50:24.0718 5152 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
13:50:24.0728 5152 NPF - ok
13:50:24.0738 5152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:50:24.0768 5152 Npfs - ok
13:50:24.0798 5152 [ B785BC959F7B0514971A317CA86A2628 ] npusbio C:\Windows\system32\Drivers\npusbio_x64.sys
13:50:24.0808 5152 npusbio - ok
13:50:24.0828 5152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:50:24.0858 5152 nsi - ok
13:50:24.0878 5152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:50:24.0908 5152 nsiproxy - ok
13:50:24.0958 5152 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:50:24.0978 5152 Ntfs - ok
13:50:25.0048 5152 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
13:50:25.0058 5152 ntk_PowerDVD - ok
13:50:25.0068 5152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:50:25.0108 5152 Null - ok
13:50:25.0138 5152 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:50:25.0138 5152 nusb3hub - ok
13:50:25.0168 5152 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:50:25.0178 5152 nusb3xhc - ok
13:50:25.0368 5152 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:50:25.0488 5152 nvlddmkm - ok
13:50:25.0518 5152 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:50:25.0518 5152 nvraid - ok
13:50:25.0558 5152 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:50:25.0558 5152 nvstor - ok
13:50:25.0638 5152 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:50:25.0658 5152 nvsvc - ok
13:50:25.0728 5152 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:50:25.0758 5152 nvUpdatusService - ok
13:50:25.0788 5152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:50:25.0788 5152 nv_agp - ok
13:50:25.0818 5152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:50:25.0828 5152 ohci1394 - ok
13:50:25.0868 5152 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:50:25.0878 5152 ose - ok
13:50:26.0008 5152 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:50:26.0068 5152 osppsvc - ok
13:50:26.0088 5152 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
13:50:26.0098 5152 ossrv - ok
13:50:26.0128 5152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:50:26.0138 5152 p2pimsvc - ok
13:50:26.0168 5152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:50:26.0178 5152 p2psvc - ok
13:50:26.0198 5152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:50:26.0208 5152 Parport - ok
13:50:26.0238 5152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:50:26.0248 5152 partmgr - ok
13:50:26.0258 5152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:50:26.0278 5152 PcaSvc - ok
13:50:26.0308 5152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:50:26.0328 5152 pci - ok
13:50:26.0338 5152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:50:26.0348 5152 pciide - ok
13:50:26.0368 5152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:50:26.0388 5152 pcmcia - ok
13:50:26.0398 5152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:50:26.0408 5152 pcw - ok
13:50:26.0428 5152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:50:26.0468 5152 PEAUTH - ok
13:50:26.0508 5152 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:50:26.0528 5152 PeerDistSvc - ok
13:50:26.0628 5152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:50:26.0638 5152 PerfHost - ok
13:50:26.0688 5152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:50:26.0728 5152 pla - ok
13:50:26.0768 5152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:50:26.0788 5152 PlugPlay - ok
13:50:26.0798 5152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:50:26.0808 5152 PNRPAutoReg - ok
13:50:26.0828 5152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:50:26.0838 5152 PNRPsvc - ok
13:50:26.0888 5152 [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:50:26.0898 5152 Point64 - ok
13:50:26.0928 5152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:50:26.0978 5152 PolicyAgent - ok
13:50:27.0008 5152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:50:27.0048 5152 Power - ok
13:50:27.0078 5152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:50:27.0098 5152 PptpMiniport - ok
13:50:27.0128 5152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:50:27.0138 5152 Processor - ok
13:50:27.0178 5152 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:50:27.0188 5152 ProfSvc - ok
13:50:27.0228 5152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:50:27.0238 5152 ProtectedStorage - ok
13:50:27.0278 5152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:50:27.0308 5152 Psched - ok
13:50:27.0368 5152 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:50:27.0378 5152 PxHlpa64 - ok
13:50:27.0418 5152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:50:27.0458 5152 ql2300 - ok
13:50:27.0468 5152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:50:27.0478 5152 ql40xx - ok
13:50:27.0508 5152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:50:27.0528 5152 QWAVE - ok
13:50:27.0548 5152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:50:27.0558 5152 QWAVEdrv - ok
13:50:27.0568 5152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:50:27.0598 5152 RasAcd - ok
13:50:27.0628 5152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:50:27.0668 5152 RasAgileVpn - ok
13:50:27.0678 5152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:50:27.0708 5152 RasAuto - ok
13:50:27.0738 5152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:50:27.0758 5152 Rasl2tp - ok
13:50:27.0788 5152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:50:27.0818 5152 RasMan - ok
13:50:27.0838 5152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:50:27.0858 5152 RasPppoe - ok
13:50:27.0858 5152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:50:27.0888 5152 RasSstp - ok
13:50:27.0918 5152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:50:27.0938 5152 rdbss - ok
13:50:27.0938 5152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:50:27.0948 5152 rdpbus - ok
13:50:27.0958 5152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:50:27.0978 5152 RDPCDD - ok
13:50:28.0008 5152 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:50:28.0018 5152 RDPDR - ok
13:50:28.0018 5152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:50:28.0048 5152 RDPENCDD - ok
13:50:28.0048 5152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:50:28.0068 5152 RDPREFMP - ok
13:50:28.0118 5152 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:50:28.0128 5152 RdpVideoMiniport - ok
13:50:28.0158 5152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:50:28.0178 5152 RDPWD - ok
13:50:28.0198 5152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:50:28.0218 5152 rdyboost - ok
13:50:28.0248 5152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:50:28.0298 5152 RemoteAccess - ok
13:50:28.0338 5152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:50:28.0368 5152 RemoteRegistry - ok
13:50:28.0408 5152 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:50:28.0408 5152 RimUsb - ok
13:50:28.0438 5152 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:50:28.0458 5152 RimVSerPort - ok
13:50:28.0458 5152 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:50:28.0488 5152 ROOTMODEM - ok
13:50:28.0498 5152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:50:28.0518 5152 RpcEptMapper - ok
13:50:28.0538 5152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:50:28.0548 5152 RpcLocator - ok
13:50:28.0578 5152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:50:28.0598 5152 RpcSs - ok
13:50:28.0608 5152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:50:28.0638 5152 rspndr - ok
13:50:28.0688 5152 [ A1EBBF0EE62278F8392CB3899710E631 ] RTCore64 C:\Program Files (x86)\EVGA Precision X\RTCore64.sys
13:50:28.0698 5152 RTCore64 - ok
13:50:28.0728 5152 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:50:28.0748 5152 s3cap - ok
13:50:28.0788 5152 [ 45C0B193065219189772A038E6C29D49 ] SaiH0763 C:\Windows\system32\DRIVERS\SaiH0763.sys
13:50:28.0798 5152 SaiH0763 - ok
13:50:28.0838 5152 [ 231A3700154B1A49C2F05CB0DA4B2747 ] SaiH0BAC C:\Windows\system32\DRIVERS\SaiH0BAC.sys
13:50:28.0848 5152 SaiH0BAC - ok
13:50:28.0888 5152 [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
13:50:28.0898 5152 SaiMini - ok
13:50:28.0928 5152 [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
13:50:28.0938 5152 SaiNtBus - ok
13:50:28.0948 5152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:50:28.0958 5152 SamSs - ok
13:50:28.0988 5152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:50:29.0008 5152 sbp2port - ok
13:50:29.0038 5152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:50:29.0078 5152 SCardSvr - ok
13:50:29.0108 5152 [ 741B338D675FE20B779E7EFFA55032FE ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
13:50:29.0118 5152 SCDEmu - ok
13:50:29.0138 5152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:50:29.0158 5152 scfilter - ok
13:50:29.0208 5152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:50:29.0238 5152 Schedule - ok
13:50:29.0268 5152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:50:29.0288 5152 SCPolicySvc - ok
13:50:29.0308 5152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:50:29.0318 5152 SDRSVC - ok
13:50:29.0358 5152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:50:29.0378 5152 secdrv - ok
13:50:29.0408 5152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:50:29.0428 5152 seclogon - ok
13:50:29.0448 5152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:50:29.0468 5152 SENS - ok
13:50:29.0478 5152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:50:29.0488 5152 SensrSvc - ok
13:50:29.0498 5152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:50:29.0508 5152 Serenum - ok
13:50:29.0538 5152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:50:29.0538 5152 Serial - ok
13:50:29.0588 5152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:50:29.0598 5152 sermouse - ok
13:50:29.0638 5152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:50:29.0678 5152 SessionEnv - ok
13:50:29.0708 5152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:50:29.0718 5152 sffdisk - ok
13:50:29.0718 5152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:50:29.0738 5152 sffp_mmc - ok
13:50:29.0738 5152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:50:29.0748 5152 sffp_sd - ok
13:50:29.0758 5152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:50:29.0768 5152 sfloppy - ok
13:50:29.0798 5152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:50:29.0838 5152 ShellHWDetection - ok
13:50:29.0848 5152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:50:29.0858 5152 SiSRaid2 - ok
13:50:29.0858 5152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:50:29.0868 5152 SiSRaid4 - ok
13:50:29.0918 5152 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:50:29.0928 5152 SkypeUpdate - ok
13:50:29.0948 5152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:50:29.0988 5152 Smb - ok
13:50:30.0018 5152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:50:30.0028 5152 SNMPTRAP - ok
13:50:30.0038 5152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:50:30.0048 5152 spldr - ok
13:50:30.0058 5152 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:50:30.0068 5152 Spooler - ok
13:50:30.0158 5152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:50:30.0208 5152 sppsvc - ok
13:50:30.0238 5152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:50:30.0258 5152 sppuinotify - ok
13:50:30.0318 5152 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
13:50:30.0338 5152 sptd - ok
13:50:30.0378 5152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:50:30.0398 5152 srv - ok
13:50:30.0438 5152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:50:30.0458 5152 srv2 - ok
13:50:30.0488 5152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:50:30.0498 5152 srvnet - ok
13:50:30.0518 5152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:50:30.0558 5152 SSDPSRV - ok
13:50:30.0558 5152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:50:30.0588 5152 SstpSvc - ok
13:50:30.0608 5152 Steam Client Service - ok
13:50:30.0678 5152 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:50:30.0698 5152 Stereo Service - ok
13:50:30.0728 5152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:50:30.0738 5152 stexstor - ok
13:50:30.0778 5152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:50:30.0808 5152 stisvc - ok
13:50:30.0828 5152 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:50:30.0838 5152 storflt - ok
13:50:30.0878 5152 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:50:30.0888 5152 storvsc - ok
13:50:30.0918 5152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:50:30.0928 5152 swenum - ok
13:50:31.0028 5152 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:50:31.0048 5152 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:50:31.0048 5152 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:50:31.0078 5152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:50:31.0128 5152 swprv - ok
13:50:31.0148 5152 Synth3dVsc - ok
13:50:31.0208 5152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:50:31.0238 5152 SysMain - ok
13:50:31.0258 5152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:50:31.0268 5152 TabletInputService - ok
13:50:31.0298 5152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:50:31.0328 5152 TapiSrv - ok
13:50:31.0338 5152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:50:31.0358 5152 TBS - ok
13:50:31.0398 5152 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:50:31.0428 5152 Tcpip - ok
13:50:31.0468 5152 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:50:31.0498 5152 TCPIP6 - ok
13:50:31.0528 5152 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:50:31.0528 5152 tcpipreg - ok
13:50:31.0558 5152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:50:31.0568 5152 TDPIPE - ok
13:50:31.0598 5152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:50:31.0608 5152 TDTCP - ok
13:50:31.0648 5152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:50:31.0688 5152 tdx - ok
13:50:31.0718 5152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:50:31.0728 5152 TermDD - ok
13:50:31.0778 5152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:50:31.0818 5152 TermService - ok
13:50:31.0838 5152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:50:31.0848 5152 Themes - ok
13:50:31.0878 5152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:50:31.0908 5152 THREADORDER - ok
13:50:31.0918 5152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:50:31.0938 5152 TrkWks - ok
13:50:31.0988 5152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:50:32.0028 5152 TrustedInstaller - ok
13:50:32.0058 5152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:50:32.0078 5152 tssecsrv - ok
13:50:32.0108 5152 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:50:32.0118 5152 TsUsbFlt - ok
13:50:32.0118 5152 tsusbhub - ok
13:50:32.0158 5152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:50:32.0198 5152 tunnel - ok
13:50:32.0208 5152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:50:32.0218 5152 uagp35 - ok
13:50:32.0248 5152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:50:32.0268 5152 udfs - ok
13:50:32.0288 5152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:50:32.0288 5152 UI0Detect - ok
13:50:32.0318 5152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:50:32.0318 5152 uliagpkx - ok
13:50:32.0358 5152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:50:32.0368 5152 umbus - ok
13:50:32.0378 5152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:50:32.0388 5152 UmPass - ok
13:50:32.0418 5152 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:50:32.0428 5152 UmRdpService - ok
13:50:32.0528 5152 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:50:32.0568 5152 UNS - ok
13:50:32.0598 5152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:50:32.0628 5152 upnphost - ok
13:50:32.0658 5152 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:50:32.0668 5152 USBAAPL64 - ok
13:50:32.0698 5152 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:50:32.0718 5152 usbaudio - ok
13:50:32.0748 5152 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:50:32.0758 5152 usbccgp - ok
13:50:32.0778 5152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:50:32.0788 5152 usbcir - ok
13:50:32.0828 5152 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:50:32.0838 5152 usbehci - ok
13:50:32.0868 5152 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:50:32.0878 5152 usbhub - ok
13:50:32.0918 5152 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:50:32.0928 5152 usbohci - ok
13:50:32.0948 5152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:50:32.0958 5152 usbprint - ok
13:50:32.0988 5152 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:50:32.0998 5152 USBSTOR - ok
13:50:33.0008 5152 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:50:33.0018 5152 usbuhci - ok
13:50:33.0028 5152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:50:33.0058 5152 UxSms - ok
13:50:33.0068 5152 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:50:33.0078 5152 VaultSvc - ok
13:50:33.0098 5152 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:50:33.0108 5152 vdrvroot - ok
13:50:33.0148 5152 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:50:33.0168 5152 vds - ok
13:50:33.0198 5152 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:50:33.0208 5152 vga - ok
13:50:33.0218 5152 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:50:33.0238 5152 VgaSave - ok
13:50:33.0258 5152 VGPU - ok
13:50:33.0268 5152 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:50:33.0288 5152 vhdmp - ok
13:50:33.0298 5152 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:50:33.0308 5152 viaide - ok
13:50:33.0338 5152 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
13:50:33.0358 5152 vidsflt53 - ok
13:50:33.0368 5152 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:50:33.0388 5152 vmbus - ok
13:50:33.0398 5152 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:50:33.0408 5152 VMBusHID - ok
13:50:33.0428 5152 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:50:33.0428 5152 volmgr - ok
13:50:33.0468 5152 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:50:33.0468 5152 volmgrx - ok
13:50:33.0488 5152 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:50:33.0498 5152 volsnap - ok
13:50:33.0538 5152 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:50:33.0538 5152 vsmraid - ok
13:50:33.0598 5152 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:50:33.0648 5152 VSS - ok
13:50:33.0728 5152 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
13:50:33.0758 5152 vToolbarUpdater14.2.0 - ok
13:50:33.0758 5152 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:50:33.0768 5152 vwifibus - ok
13:50:33.0778 5152 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:50:33.0798 5152 vwififlt - ok
13:50:33.0838 5152 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:50:33.0878 5152 W32Time - ok
13:50:33.0888 5152 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:50:33.0888 5152 WacomPen - ok
13:50:33.0918 5152 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:50:33.0948 5152 WANARP - ok
13:50:33.0958 5152 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:50:33.0978 5152 Wanarpv6 - ok
13:50:34.0038 5152 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:50:34.0068 5152 WatAdminSvc - ok
13:50:34.0108 5152 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:50:34.0138 5152 wbengine - ok
13:50:34.0148 5152 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:50:34.0168 5152 WbioSrvc - ok
13:50:34.0198 5152 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:50:34.0208 5152 wcncsvc - ok
13:50:34.0228 5152 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:50:34.0238 5152 WcsPlugInService - ok
13:50:34.0248 5152 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:50:34.0258 5152 Wd - ok
13:50:34.0288 5152 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:50:34.0318 5152 Wdf01000 - ok
13:50:34.0328 5152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:50:34.0338 5152 WdiServiceHost - ok
13:50:34.0338 5152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:50:34.0358 5152 WdiSystemHost - ok
13:50:34.0388 5152 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:50:34.0398 5152 WebClient - ok
13:50:34.0418 5152 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:50:34.0438 5152 Wecsvc - ok
13:50:34.0458 5152 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:50:34.0478 5152 wercplsupport - ok
13:50:34.0488 5152 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:50:34.0518 5152 WerSvc - ok
13:50:34.0528 5152 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:50:34.0548 5152 WfpLwf - ok
13:50:34.0558 5152 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:50:34.0568 5152 WIMMount - ok
13:50:34.0578 5152 WinHttpAutoProxySvc - ok
13:50:34.0628 5152 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:50:34.0668 5152 Winmgmt - ok
13:50:34.0708 5152 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:50:34.0748 5152 WinRM - ok
13:50:34.0808 5152 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:50:34.0828 5152 WinUsb - ok
13:50:34.0868 5152 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:50:34.0898 5152 Wlansvc - ok
13:50:34.0998 5152 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:50:35.0028 5152 wlidsvc - ok
13:50:35.0068 5152 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:50:35.0068 5152 WmiAcpi - ok
13:50:35.0098 5152 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:50:35.0108 5152 wmiApSrv - ok
13:50:35.0138 5152 WMPNetworkSvc - ok
13:50:35.0158 5152 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:50:35.0178 5152 WPCSvc - ok
13:50:35.0208 5152 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:50:35.0228 5152 WPDBusEnum - ok
13:50:35.0238 5152 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:50:35.0268 5152 ws2ifsl - ok
13:50:35.0278 5152 WSearch - ok
13:50:35.0338 5152 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:50:35.0388 5152 wuauserv - ok
13:50:35.0418 5152 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:50:35.0428 5152 WudfPf - ok
13:50:35.0438 5152 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:50:35.0448 5152 WUDFRd - ok
13:50:35.0478 5152 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:50:35.0488 5152 wudfsvc - ok
13:50:35.0518 5152 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:50:35.0528 5152 WwanSvc - ok
13:50:35.0558 5152 [ E793283BDEC1AF93E00CA71767B9934C ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:50:35.0568 5152 yukonw7 - ok
13:50:35.0588 5152 ================ Scan global ===============================
13:50:35.0618 5152 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:50:35.0648 5152 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:50:35.0648 5152 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:50:35.0688 5152 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:50:35.0728 5152 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:50:35.0728 5152 [Global] - ok
13:50:35.0728 5152 ================ Scan MBR ==================================
13:50:35.0738 5152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:50:35.0968 5152 \Device\Harddisk2\DR2 ( TDSS File System ) - warning
13:50:35.0968 5152 \Device\Harddisk2\DR2 - detected TDSS File System (1)
13:50:35.0988 5152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
13:50:36.0058 5152 \Device\Harddisk3\DR3 - ok
13:50:36.0058 5152 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:50:36.0138 5152 \Device\Harddisk0\DR0 - ok
13:50:36.0138 5152 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:50:36.0198 5152 \Device\Harddisk1\DR1 - ok
13:50:36.0198 5152 ================ Scan VBR ==================================
13:50:36.0208 5152 [ 8BCA520A9BF160479FA2C1DE7F6104CF ] \Device\Harddisk2\DR2\Partition1
13:50:36.0208 5152 \Device\Harddisk2\DR2\Partition1 - ok
13:50:36.0228 5152 [ FE55A0AFB0BD9CE5780E77782ED5CFF6 ] \Device\Harddisk3\DR3\Partition1
13:50:36.0228 5152 \Device\Harddisk3\DR3\Partition1 - ok
13:50:36.0228 5152 [ CCBEC61F34F269C3021953164873472C ] \Device\Harddisk0\DR0\Partition1
13:50:36.0228 5152 \Device\Harddisk0\DR0\Partition1 - ok
13:50:36.0238 5152 [ 1011C0FAAC776AC971E171EDA393E663 ] \Device\Harddisk1\DR1\Partition1
13:50:36.0238 5152 \Device\Harddisk1\DR1\Partition1 - ok
13:50:36.0238 5152 ============================================================
13:50:36.0238 5152 Scan finished
13:50:36.0238 5152 ============================================================
13:50:36.0248 4900 Detected object count: 7
13:50:36.0248 4900 Actual detected object count: 7
13:53:12.0309 4900 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:53:12.0309 4900 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:53:12.0309 4900 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:53:12.0309 4900 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:53:12.0309 4900 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
13:53:12.0309 4900 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:53:12.0309 4900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:53:12.0309 4900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:53:12.0309 4900 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:53:12.0309 4900 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:53:12.0309 4900 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:53:12.0309 4900 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:53:12.0369 4900 \Device\Harddisk2\DR2\TDLFS\cmd.dll - copied to quarantine
13:53:12.0369 4900 \Device\Harddisk2\DR2\TDLFS\cmd64.dll - copied to quarantine
13:53:12.0379 4900 \Device\Harddisk2\DR2\TDLFS\drv32 - copied to quarantine
13:53:12.0389 4900 \Device\Harddisk2\DR2\TDLFS\drv64 - copied to quarantine
13:53:12.0389 4900 \Device\Harddisk2\DR2\TDLFS\servers.dat - copied to quarantine
13:53:12.0389 4900 \Device\Harddisk2\DR2\TDLFS\config.ini - copied to quarantine
13:53:12.0389 4900 \Device\Harddisk2\DR2\TDLFS\ldr16 - copied to quarantine
13:53:12.0389 4900 \Device\Harddisk2\DR2\TDLFS\ldr32 - copied to quarantine
13:53:12.0399 4900 \Device\Harddisk2\DR2\TDLFS\ldr64 - copied to quarantine
13:53:12.0399 4900 \Device\Harddisk2\DR2\TDLFS\s - copied to quarantine
13:53:12.0399 4900 \Device\Harddisk2\DR2\TDLFS\ldrm - copied to quarantine
13:53:12.0399 4900 \Device\Harddisk2\DR2\TDLFS\u - copied to quarantine
13:53:12.0399 4900 \Device\Harddisk2\DR2\TDLFS - deleted
13:53:12.0399 4900 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Delete
13:53:41.0172 5264 ============================================================
13:53:41.0172 5264 Scan started
13:53:41.0172 5264 Mode: Manual; SigCheck; TDLFS;
13:53:41.0172 5264 ============================================================
13:53:42.0112 5264 ================ Scan system memory ========================
13:53:42.0112 5264 System memory - ok
13:53:42.0112 5264 ================ Scan services =============================
13:53:42.0262 5264 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:53:42.0282 5264 1394ohci - ok
13:53:42.0312 5264 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
13:53:42.0322 5264 61883 - ok
13:53:42.0352 5264 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:53:42.0362 5264 ACPI - ok
13:53:42.0392 5264 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:53:42.0402 5264 AcpiPmi - ok
13:53:42.0442 5264 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:53:42.0462 5264 adp94xx - ok
13:53:42.0472 5264 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:53:42.0482 5264 adpahci - ok
13:53:42.0502 5264 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:53:42.0502 5264 adpu320 - ok
13:53:42.0532 5264 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:53:42.0572 5264 AeLookupSvc - ok
13:53:42.0602 5264 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:53:42.0622 5264 AFD - ok
13:53:42.0662 5264 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:53:42.0672 5264 agp440 - ok
13:53:42.0692 5264 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:53:42.0702 5264 ALG - ok
13:53:42.0712 5264 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:53:42.0722 5264 aliide - ok
13:53:42.0732 5264 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:53:42.0742 5264 amdide - ok
13:53:42.0752 5264 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:53:42.0752 5264 AmdK8 - ok
13:53:42.0772 5264 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:53:42.0782 5264 AmdPPM - ok
13:53:42.0812 5264 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:53:42.0832 5264 amdsata - ok
13:53:42.0842 5264 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:53:42.0852 5264 amdsbs - ok
13:53:42.0872 5264 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:53:42.0872 5264 amdxata - ok
13:53:42.0902 5264 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:53:42.0932 5264 AppID - ok
13:53:42.0982 5264 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:53:43.0022 5264 AppIDSvc - ok
13:53:43.0052 5264 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:53:43.0082 5264 Appinfo - ok
13:53:43.0182 5264 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:53:43.0192 5264 Apple Mobile Device - ok
13:53:43.0232 5264 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:53:43.0252 5264 AppMgmt - ok
13:53:43.0262 5264 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:53:43.0272 5264 arc - ok
13:53:43.0292 5264 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:53:43.0302 5264 arcsas - ok
13:53:43.0422 5264 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:53:43.0432 5264 aspnet_state - ok
13:53:43.0442 5264 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:53:43.0482 5264 AsyncMac - ok
13:53:43.0512 5264 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:53:43.0512 5264 atapi - ok
13:53:43.0552 5264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:53:43.0582 5264 AudioEndpointBuilder - ok
13:53:43.0592 5264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:53:43.0612 5264 AudioSrv - ok
13:53:43.0632 5264 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
13:53:43.0642 5264 Avc - ok
13:53:43.0662 5264 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:53:43.0672 5264 Avgfwfd - ok
13:53:43.0752 5264 [ 6C469E3CB15CF33AD3E757096E6C7026 ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
13:53:43.0782 5264 avgfws - ok
13:53:43.0892 5264 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
13:53:43.0942 5264 AVGIDSAgent - ok
13:53:43.0952 5264 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:53:43.0962 5264 AVGIDSDriver - ok
13:53:43.0972 5264 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
13:53:43.0982 5264 AVGIDSFilter - ok
13:53:43.0992 5264 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
13:53:44.0002 5264 AVGIDSHA - ok
13:53:44.0012 5264 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
13:53:44.0022 5264 Avgldx64 - ok
13:53:44.0022 5264 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
13:53:44.0032 5264 Avgmfx64 - ok
13:53:44.0042 5264 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
13:53:44.0042 5264 Avgrkx64 - ok
13:53:44.0052 5264 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
13:53:44.0062 5264 Avgtdia - ok
13:53:44.0092 5264 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
13:53:44.0102 5264 avgtp - ok
13:53:44.0122 5264 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:53:44.0122 5264 avgwd - ok
13:53:44.0152 5264 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:53:44.0162 5264 AxInstSV - ok
13:53:44.0192 5264 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:53:44.0202 5264 b06bdrv - ok
13:53:44.0232 5264 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:53:44.0252 5264 b57nd60a - ok
13:53:44.0282 5264 [ 44E6E51AEDBF3E0B38A6CD5432649E57 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
13:53:44.0312 5264 BCMH43XX - ok
13:53:44.0372 5264 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:53:44.0392 5264 BDESVC - ok
13:53:44.0442 5264 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:53:44.0462 5264 Beep - ok
13:53:44.0652 5264 [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
13:53:44.0672 5264 BingDesktopUpdate - ok
13:53:44.0702 5264 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:53:44.0742 5264 BITS - ok
13:53:44.0752 5264 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:53:44.0752 5264 blbdrive - ok
13:53:44.0842 5264 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:53:44.0862 5264 Bonjour Service - ok
13:53:44.0892 5264 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:53:44.0902 5264 bowser - ok
13:53:44.0912 5264 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:53:44.0922 5264 BrFiltLo - ok
13:53:44.0942 5264 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:53:44.0952 5264 BrFiltUp - ok
13:53:44.0972 5264 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:53:44.0982 5264 Browser - ok
13:53:45.0002 5264 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:53:45.0022 5264 Brserid - ok
13:53:45.0032 5264 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:53:45.0042 5264 BrSerWdm - ok
13:53:45.0052 5264 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:53:45.0062 5264 BrUsbMdm - ok
13:53:45.0072 5264 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:53:45.0082 5264 BrUsbSer - ok
13:53:45.0092 5264 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:53:45.0102 5264 BTHMODEM - ok
13:53:45.0122 5264 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:53:45.0152 5264 bthserv - ok
13:53:45.0192 5264 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:53:45.0232 5264 cdfs - ok
13:53:45.0272 5264 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:53:45.0292 5264 cdrom - ok
13:53:45.0322 5264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:53:45.0362 5264 CertPropSvc - ok
13:53:45.0372 5264 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:53:45.0382 5264 circlass - ok
13:53:45.0412 5264 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:53:45.0432 5264 CLFS - ok
13:53:45.0522 5264 [ 4AA6694FB767BBFF6A8EF080806447BD ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
13:53:45.0532 5264 CLHNServiceForPowerDVD - ok
13:53:45.0582 5264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:45.0592 5264 clr_optimization_v2.0.50727_32 - ok
13:53:45.0652 5264 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:53:45.0662 5264 clr_optimization_v2.0.50727_64 - ok
13:53:45.0732 5264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:45.0752 5264 clr_optimization_v4.0.30319_32 - ok
13:53:45.0762 5264 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:53:45.0772 5264 clr_optimization_v4.0.30319_64 - ok
13:53:45.0792 5264 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:53:45.0802 5264 CmBatt - ok
13:53:45.0832 5264 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:53:45.0842 5264 cmdide - ok
13:53:45.0882 5264 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:53:45.0902 5264 CNG - ok
13:53:45.0922 5264 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:53:45.0922 5264 Compbatt - ok
13:53:45.0952 5264 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:53:45.0972 5264 CompositeBus - ok
13:53:45.0972 5264 COMSysApp - ok
13:53:46.0002 5264 [ CCB09EB78E047C931708149992C2E435 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
13:53:46.0012 5264 cpuz135 - ok
13:53:46.0022 5264 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:53:46.0032 5264 crcdisk - ok
13:53:46.0062 5264 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:53:46.0062 5264 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:53:46.0062 5264 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:53:46.0072 5264 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:53:46.0082 5264 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:53:46.0082 5264 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:53:46.0112 5264 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:53:46.0122 5264 CryptSvc - ok
13:53:46.0162 5264 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:53:46.0182 5264 CSC - ok
13:53:46.0222 5264 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:53:46.0242 5264 CscService - ok
13:53:46.0272 5264 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
13:53:46.0282 5264 CT20XUT - ok
13:53:46.0292 5264 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
13:53:46.0312 5264 CT20XUT.SYS - ok
13:53:46.0342 5264 [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
13:53:46.0362 5264 ctac32k - ok
13:53:46.0392 5264 [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
13:53:46.0402 5264 ctaud2k - ok
13:53:46.0482 5264 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:53:46.0482 5264 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
13:53:46.0482 5264 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
13:53:46.0512 5264 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
13:53:46.0542 5264 CTEXFIFX - ok
13:53:46.0572 5264 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
13:53:46.0592 5264 CTEXFIFX.SYS - ok
13:53:46.0592 5264 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
13:53:46.0602 5264 CTHWIUT - ok
13:53:46.0602 5264 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
13:53:46.0612 5264 CTHWIUT.SYS - ok
13:53:46.0612 5264 [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
13:53:46.0622 5264 ctprxy2k - ok
13:53:46.0632 5264 [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
13:53:46.0642 5264 ctsfm2k - ok
13:53:46.0692 5264 [ D3484412EAE43685E3AD304C9979F30E ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
13:53:46.0702 5264 CyberLink PowerDVD 11.0 Monitor Service - ok
13:53:46.0732 5264 [ 4B0F03AF88FF89441EF57175849C3961 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
13:53:46.0752 5264 CyberLink PowerDVD 11.0 Service - ok
13:53:46.0782 5264 [ BA25D4B9B067248F7CAC416E855D706B ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:53:46.0792 5264 dc3d - ok
13:53:46.0832 5264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:53:46.0872 5264 DcomLaunch - ok
13:53:46.0912 5264 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:53:46.0952 5264 defragsvc - ok
13:53:46.0972 5264 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:53:47.0002 5264 DfsC - ok
13:53:47.0032 5264 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:53:47.0042 5264 Dhcp - ok
13:53:47.0062 5264 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:53:47.0102 5264 discache - ok
13:53:47.0112 5264 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:53:47.0122 5264 Disk - ok
13:53:47.0142 5264 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:53:47.0152 5264 Dnscache - ok
13:53:47.0172 5264 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:53:47.0202 5264 dot3svc - ok
13:53:47.0232 5264 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:53:47.0252 5264 DPS - ok
13:53:47.0282 5264 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:53:47.0302 5264 drmkaud - ok
13:53:47.0342 5264 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:53:47.0372 5264 DXGKrnl - ok
13:53:47.0402 5264 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:53:47.0422 5264 EapHost - ok
13:53:47.0482 5264 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:53:47.0512 5264 ebdrv - ok
13:53:47.0542 5264 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:53:47.0552 5264 EFS - ok
13:53:47.0602 5264 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:53:47.0622 5264 ehRecvr - ok
13:53:47.0652 5264 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:53:47.0662 5264 ehSched - ok
13:53:47.0682 5264 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:53:47.0692 5264 elxstor - ok
13:53:47.0722 5264 [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia C:\Windows\system32\drivers\emupia2k.sys
13:53:47.0722 5264 emupia - ok
13:53:47.0732 5264 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:53:47.0742 5264 ErrDev - ok
13:53:47.0752 5264 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:53:47.0782 5264 EventSystem - ok
13:53:47.0792 5264 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:53:47.0822 5264 exfat - ok
13:53:47.0832 5264 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:53:47.0852 5264 fastfat - ok
13:53:47.0892 5264 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:53:47.0902 5264 Fax - ok
13:53:47.0922 5264 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:53:47.0932 5264 fdc - ok
13:53:47.0942 5264 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:53:47.0962 5264 fdPHost - ok
13:53:47.0972 5264 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:53:47.0992 5264 FDResPub - ok
13:53:47.0992 5264 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:53:48.0002 5264 FileInfo - ok
13:53:48.0012 5264 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:53:48.0032 5264 Filetrace - ok
13:53:48.0072 5264 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:53:48.0092 5264 FLEXnet Licensing Service - ok
13:53:48.0102 5264 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:53:48.0112 5264 flpydisk - ok
13:53:48.0142 5264 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:53:48.0152 5264 FltMgr - ok
13:53:48.0182 5264 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:53:48.0192 5264 FontCache - ok
13:53:48.0242 5264 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:53:48.0252 5264 FontCache3.0.0.0 - ok
13:53:48.0272 5264 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:53:48.0282 5264 FsDepends - ok
13:53:48.0312 5264 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:53:48.0322 5264 Fs_Rec - ok
13:53:48.0362 5264 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:53:48.0382 5264 fvevol - ok
13:53:48.0392 5264 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:53:48.0402 5264 gagp30kx - ok
13:53:48.0432 5264 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:53:48.0432 5264 GEARAspiWDM - ok
13:53:48.0472 5264 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:53:48.0502 5264 gpsvc - ok
13:53:48.0552 5264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:53:48.0572 5264 gupdate - ok
13:53:48.0572 5264 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:53:48.0582 5264 gupdatem - ok
13:53:48.0642 5264 [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
13:53:48.0672 5264 ha20x22k - ok
13:53:48.0712 5264 [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
13:53:48.0742 5264 ha20x2k - ok
13:53:48.0742 5264 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:53:48.0752 5264 hcw85cir - ok
13:53:48.0782 5264 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:53:48.0792 5264 HdAudAddService - ok
13:53:48.0812 5264 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:53:48.0822 5264 HDAudBus - ok
13:53:48.0832 5264 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:53:48.0842 5264 HidBatt - ok
13:53:48.0852 5264 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:53:48.0862 5264 HidBth - ok
13:53:48.0872 5264 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:53:48.0882 5264 HidIr - ok
13:53:48.0902 5264 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:53:48.0922 5264 hidserv - ok
13:53:48.0952 5264 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:53:48.0962 5264 HidUsb - ok
13:53:48.0992 5264 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:53:49.0022 5264 hkmsvc - ok
13:53:49.0052 5264 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:53:49.0062 5264 HomeGroupListener - ok
13:53:49.0092 5264 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:53:49.0102 5264 HomeGroupProvider - ok
13:53:49.0132 5264 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:53:49.0142 5264 HpSAMD - ok
13:53:49.0182 5264 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:53:49.0212 5264 HTTP - ok
13:53:49.0232 5264 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:53:49.0242 5264 hwpolicy - ok
13:53:49.0272 5264 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:53:49.0282 5264 i8042prt - ok
13:53:49.0312 5264 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:53:49.0332 5264 iaStorV - ok
13:53:49.0392 5264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:53:49.0402 5264 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:53:49.0402 5264 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:53:49.0452 5264 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:53:49.0472 5264 idsvc - ok
13:53:49.0492 5264 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:53:49.0502 5264 iirsp - ok
13:53:49.0522 5264 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:53:49.0552 5264 IKEEXT - ok
13:53:49.0672 5264 [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:53:49.0722 5264 IntcAzAudAddService - ok
13:53:49.0722 5264 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:53:49.0732 5264 intelide - ok
13:53:49.0742 5264 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:53:49.0752 5264 intelppm - ok
13:53:49.0772 5264 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:53:49.0802 5264 IPBusEnum - ok
13:53:49.0822 5264 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:53:49.0842 5264 IpFilterDriver - ok
13:53:49.0872 5264 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:53:49.0882 5264 IPMIDRV - ok
13:53:49.0892 5264 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:53:49.0922 5264 IPNAT - ok
13:53:49.0942 5264 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:53:49.0952 5264 iPod Service - ok
13:53:49.0962 5264 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:53:49.0972 5264 IRENUM - ok
13:53:50.0002 5264 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:53:50.0012 5264 isapnp - ok
13:53:50.0042 5264 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:53:50.0062 5264 iScsiPrt - ok
13:53:50.0092 5264 [ BACBC6BF74BE30CB98DB29AF1FA0EE3C ] Just Flight Limited License Service C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
13:53:50.0092 5264 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - warning
13:53:50.0092 5264 Just Flight Limited License Service - detected UnsignedFile.Multi.Generic (1)
13:53:50.0132 5264 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:53:50.0142 5264 kbdclass - ok
13:53:50.0152 5264 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:53:50.0162 5264 kbdhid - ok
13:53:50.0172 5264 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:53:50.0182 5264 KeyIso - ok
13:53:50.0192 5264 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:53:50.0202 5264 KSecDD - ok
13:53:50.0222 5264 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:53:50.0232 5264 KSecPkg - ok
13:53:50.0242 5264 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:53:50.0272 5264 ksthunk - ok
13:53:50.0312 5264 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:53:50.0352 5264 KtmRm - ok
13:53:50.0382 5264 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:53:50.0402 5264 LanmanServer - ok
13:53:50.0432 5264 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:53:50.0462 5264 LanmanWorkstation - ok
13:53:50.0472 5264 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:53:50.0492 5264 lltdio - ok
13:53:50.0522 5264 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:53:50.0552 5264 lltdsvc - ok
13:53:50.0562 5264 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:53:50.0582 5264 lmhosts - ok
13:53:50.0633 5264 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:53:50.0643 5264 LMS - ok
13:53:50.0653 5264 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:53:50.0663 5264 LSI_FC - ok
13:53:50.0673 5264 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:53:50.0683 5264 LSI_SAS - ok
13:53:50.0693 5264 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:53:50.0693 5264 LSI_SAS2 - ok
13:53:50.0703 5264 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:53:50.0713 5264 LSI_SCSI - ok
13:53:50.0733 5264 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:53:50.0753 5264 luafv - ok
13:53:50.0783 5264 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
13:53:50.0793 5264 LVRS64 - ok
13:53:50.0913 5264 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
13:53:50.0973 5264 LVUVC64 - ok
13:53:51.0003 5264 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:53:51.0013 5264 Mcx2Svc - ok
13:53:51.0023 5264 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:53:51.0023 5264 megasas - ok
13:53:51.0043 5264 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:53:51.0053 5264 MegaSR - ok
13:53:51.0073 5264 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:53:51.0083 5264 MEIx64 - ok
13:53:51.0103 5264 [ 8D0E52F36A153D099DE7D5A1E233FAC7 ] mf C:\Windows\system32\DRIVERS\mf.sys
13:53:51.0113 5264 mf - ok
13:53:51.0153 5264 Microsoft SharePoint Workspace Audit Service - ok
13:53:51.0173 5264 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:53:51.0213 5264 MMCSS - ok
13:53:51.0233 5264 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:53:51.0253 5264 Modem - ok
13:53:51.0273 5264 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:53:51.0283 5264 monitor - ok
13:53:51.0313 5264 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:53:51.0323 5264 mouclass - ok
13:53:51.0333 5264 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:53:51.0333 5264 mouhid - ok
13:53:51.0353 5264 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:53:51.0353 5264 mountmgr - ok
13:53:51.0393 5264 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:53:51.0393 5264 MozillaMaintenance - ok
13:53:51.0433 5264 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:53:51.0443 5264 mpio - ok
13:53:51.0453 5264 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:53:51.0473 5264 mpsdrv - ok
13:53:51.0503 5264 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:53:51.0513 5264 MRxDAV - ok
13:53:51.0533 5264 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:53:51.0543 5264 mrxsmb - ok
13:53:51.0553 5264 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:53:51.0563 5264 mrxsmb10 - ok
13:53:51.0593 5264 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:53:51.0593 5264 mrxsmb20 - ok
13:53:51.0623 5264 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:53:51.0623 5264 msahci - ok
13:53:51.0653 5264 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:53:51.0663 5264 msdsm - ok
13:53:51.0683 5264 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:53:51.0703 5264 MSDTC - ok
13:53:51.0723 5264 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
13:53:51.0743 5264 MSDV - ok
13:53:51.0753 5264 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:53:51.0793 5264 Msfs - ok
13:53:51.0813 5264 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:53:51.0833 5264 mshidkmdf - ok
13:53:51.0863 5264 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:53:51.0863 5264 msisadrv - ok
13:53:51.0893 5264 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:53:51.0933 5264 MSiSCSI - ok
13:53:51.0933 5264 msiserver - ok
13:53:51.0953 5264 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:53:51.0973 5264 MSKSSRV - ok
13:53:51.0983 5264 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:53:52.0003 5264 MSPCLOCK - ok
13:53:52.0003 5264 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:53:52.0033 5264 MSPQM - ok
13:53:52.0053 5264 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:53:52.0063 5264 MsRPC - ok
13:53:52.0073 5264 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:53:52.0083 5264 mssmbios - ok
13:53:52.0093 5264 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:53:52.0113 5264 MSTEE - ok
13:53:52.0113 5264 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:53:52.0123 5264 MTConfig - ok
13:53:52.0133 5264 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:53:52.0143 5264 Mup - ok
13:53:52.0173 5264 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:53:52.0213 5264 napagent - ok
13:53:52.0223 5264 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:53:52.0233 5264 NativeWifiP - ok
13:53:52.0303 5264 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
13:53:52.0323 5264 NBService - ok
13:53:52.0363 5264 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:53:52.0383 5264 NDIS - ok
13:53:52.0393 5264 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:53:52.0413 5264 NdisCap - ok
13:53:52.0433 5264 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:53:52.0453 5264 NdisTapi - ok
13:53:52.0473 5264 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:53:52.0503 5264 Ndisuio - ok
13:53:52.0533 5264 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:53:52.0563 5264 NdisWan - ok
13:53:52.0603 5264 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:53:52.0623 5264 NDProxy - ok
13:53:52.0633 5264 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:53:52.0663 5264 NetBIOS - ok
13:53:52.0693 5264 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:53:52.0713 5264 NetBT - ok
13:53:52.0723 5264 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:53:52.0733 5264 Netlogon - ok
13:53:52.0773 5264 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:53:52.0813 5264 Netman - ok
13:53:52.0843 5264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:52.0843 5264 NetMsmqActivator - ok
13:53:52.0853 5264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:52.0853 5264 NetPipeActivator - ok
13:53:52.0873 5264 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:53:52.0903 5264 netprofm - ok
13:53:52.0903 5264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:52.0903 5264 NetTcpActivator - ok
13:53:52.0913 5264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:52.0913 5264 NetTcpPortSharing - ok
13:53:52.0933 5264 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:53:52.0933 5264 nfrd960 - ok
13:53:52.0963 5264 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:53:52.0973 5264 NlaSvc - ok
13:53:53.0033 5264 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
13:53:53.0043 5264 NMIndexingService - ok
13:53:53.0073 5264 [ 2F48AB72B6D554A41817020171DC53D6 ] NmPar C:\Windows\system32\DRIVERS\NmPar.sys
13:53:53.0093 5264 NmPar - ok
13:53:53.0103 5264 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
13:53:53.0113 5264 NPF - ok
13:53:53.0113 5264 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:53:53.0143 5264 Npfs - ok
13:53:53.0173 5264 [ B785BC959F7B0514971A317CA86A2628 ] npusbio C:\Windows\system32\Drivers\npusbio_x64.sys
13:53:53.0183 5264 npusbio - ok
13:53:53.0203 5264 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:53:53.0233 5264 nsi - ok
13:53:53.0233 5264 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:53:53.0263 5264 nsiproxy - ok
13:53:53.0303 5264 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:53:53.0333 5264 Ntfs - ok
13:53:53.0383 5264 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
13:53:53.0393 5264 ntk_PowerDVD - ok
13:53:53.0413 5264 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:53:53.0433 5264 Null - ok
13:53:53.0453 5264 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:53:53.0463 5264 nusb3hub - ok
13:53:53.0493 5264 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:53:53.0503 5264 nusb3xhc - ok
13:53:53.0683 5264 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:53:53.0793 5264 nvlddmkm - ok
13:53:53.0823 5264 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:53:53.0833 5264 nvraid - ok
13:53:53.0863 5264 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:53:53.0863 5264 nvstor - ok
13:53:53.0903 5264 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:53:53.0913 5264 nvsvc - ok
13:53:53.0973 5264 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:53:54.0003 5264 nvUpdatusService - ok
13:53:54.0033 5264 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:53:54.0033 5264 nv_agp - ok
13:53:54.0063 5264 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:53:54.0063 5264 ohci1394 - ok
13:53:54.0093 5264 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:53:54.0103 5264 ose - ok
13:53:54.0213 5264 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:53:54.0263 5264 osppsvc - ok
13:53:54.0293 5264 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
13:53:54.0303 5264 ossrv - ok
13:53:54.0343 5264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:53:54.0363 5264 p2pimsvc - ok
13:53:54.0393 5264 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:53:54.0403 5264 p2psvc - ok
13:53:54.0443 5264 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:53:54.0453 5264 Parport - ok
13:53:54.0473 5264 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:53:54.0483 5264 partmgr - ok
13:53:54.0493 5264 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:53:54.0513 5264 PcaSvc - ok
13:53:54.0543 5264 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:53:54.0553 5264 pci - ok
13:53:54.0563 5264 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:53:54.0573 5264 pciide - ok
13:53:54.0593 5264 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:53:54.0603 5264 pcmcia - ok
13:53:54.0613 5264 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:53:54.0623 5264 pcw - ok
13:53:54.0653 5264 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:53:54.0683 5264 PEAUTH - ok
13:53:54.0733 5264 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:53:54.0753 5264 PeerDistSvc - ok
13:53:54.0843 5264 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:53:54.0853 5264 PerfHost - ok
13:53:54.0923 5264 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:53:54.0973 5264 pla - ok
13:53:55.0003 5264 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:53:55.0013 5264 PlugPlay - ok
13:53:55.0023 5264 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:53:55.0033 5264 PNRPAutoReg - ok
13:53:55.0053 5264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:53:55.0063 5264 PNRPsvc - ok
13:53:55.0083 5264 [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:53:55.0093 5264 Point64 - ok
13:53:55.0123 5264 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:53:55.0153 5264 PolicyAgent - ok
13:53:55.0183 5264 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:53:55.0213 5264 Power - ok
13:53:55.0233 5264 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:53:55.0263 5264 PptpMiniport - ok
13:53:55.0273 5264 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:53:55.0283 5264 Processor - ok
13:53:55.0303 5264 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:53:55.0313 5264 ProfSvc - ok
13:53:55.0343 5264 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:53:55.0353 5264 ProtectedStorage - ok
13:53:55.0383 5264 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:53:55.0413 5264 Psched - ok
13:53:55.0443 5264 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:53:55.0453 5264 PxHlpa64 - ok
13:53:55.0493 5264 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:53:55.0513 5264 ql2300 - ok
13:53:55.0523 5264 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:53:55.0533 5264 ql40xx - ok
13:53:55.0563 5264 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:53:55.0573 5264 QWAVE - ok
13:53:55.0583 5264 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:53:55.0593 5264 QWAVEdrv - ok
13:53:55.0613 5264 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:53:55.0633 5264 RasAcd - ok
13:53:55.0663 5264 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:53:55.0683 5264 RasAgileVpn - ok
13:53:55.0703 5264 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:53:55.0723 5264 RasAuto - ok
13:53:55.0753 5264 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:53:55.0773 5264 Rasl2tp - ok
13:53:55.0803 5264 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:53:55.0833 5264 RasMan - ok
13:53:55.0843 5264 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:53:55.0873 5264 RasPppoe - ok
13:53:55.0873 5264 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:53:55.0893 5264 RasSstp - ok
13:53:55.0923 5264 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:53:55.0953 5264 rdbss - ok
13:53:55.0963 5264 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:53:55.0973 5264 rdpbus - ok
13:53:55.0983 5264 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:53:56.0003 5264 RDPCDD - ok
13:53:56.0033 5264 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:53:56.0043 5264 RDPDR - ok
13:53:56.0043 5264 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:53:56.0083 5264 RDPENCDD - ok
13:53:56.0083 5264 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:53:56.0113 5264 RDPREFMP - ok
13:53:56.0153 5264 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:53:56.0163 5264 RdpVideoMiniport - ok
13:53:56.0193 5264 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:53:56.0213 5264 RDPWD - ok
13:53:56.0243 5264 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:53:56.0253 5264 rdyboost - ok
13:53:56.0273 5264 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:53:56.0313 5264 RemoteAccess - ok
13:53:56.0333 5264 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:53:56.0353 5264 RemoteRegistry - ok
13:53:56.0373 5264 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:53:56.0383 5264 RimUsb - ok
13:53:56.0413 5264 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:53:56.0423 5264 RimVSerPort - ok
13:53:56.0423 5264 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:53:56.0443 5264 ROOTMODEM - ok
13:53:56.0473 5264 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:53:56.0493 5264 RpcEptMapper - ok
13:53:56.0523 5264 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:53:56.0533 5264 RpcLocator - ok
13:53:56.0563 5264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:53:56.0593 5264 RpcSs - ok
13:53:56.0603 5264 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:53:56.0623 5264 rspndr - ok
13:53:56.0673 5264 [ A1EBBF0EE62278F8392CB3899710E631 ] RTCore64 C:\Program Files (x86)\EVGA Precision X\RTCore64.sys
13:53:56.0683 5264 RTCore64 - ok
13:53:56.0713 5264 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:53:56.0723 5264 s3cap - ok
13:53:56.0753 5264 [ 45C0B193065219189772A038E6C29D49 ] SaiH0763 C:\Windows\system32\DRIVERS\SaiH0763.sys
13:53:56.0773 5264 SaiH0763 - ok
13:53:56.0793 5264 [ 231A3700154B1A49C2F05CB0DA4B2747 ] SaiH0BAC C:\Windows\system32\DRIVERS\SaiH0BAC.sys
13:53:56.0813 5264 SaiH0BAC - ok
13:53:56.0843 5264 [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
13:53:56.0853 5264 SaiMini - ok
13:53:56.0883 5264 [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
13:53:56.0893 5264 SaiNtBus - ok
13:53:56.0903 5264 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:53:56.0913 5264 SamSs - ok
13:53:56.0943 5264 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:53:56.0953 5264 sbp2port - ok
13:53:56.0973 5264 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:53:57.0013 5264 SCardSvr - ok
13:53:57.0053 5264 [ 741B338D675FE20B779E7EFFA55032FE ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
13:53:57.0063 5264 SCDEmu - ok
13:53:57.0093 5264 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:53:57.0123 5264 scfilter - ok
13:53:57.0163 5264 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:53:57.0193 5264 Schedule - ok
13:53:57.0223 5264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:53:57.0243 5264 SCPolicySvc - ok
13:53:57.0263 5264 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:53:57.0273 5264 SDRSVC - ok
13:53:57.0303 5264 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:53:57.0323 5264 secdrv - ok
13:53:57.0353 5264 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:53:57.0393 5264 seclogon - ok
13:53:57.0423 5264 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:53:57.0463 5264 SENS - ok
13:53:57.0463 5264 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:53:57.0473 5264 SensrSvc - ok
13:53:57.0483 5264 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:53:57.0493 5264 Serenum - ok
13:53:57.0503 5264 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:53:57.0513 5264 Serial - ok
13:53:57.0543 5264 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:53:57.0543 5264 sermouse - ok
13:53:57.0583 5264 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:53:57.0613 5264 SessionEnv - ok
13:53:57.0633 5264 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:53:57.0643 5264 sffdisk - ok
13:53:57.0653 5264 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:53:57.0663 5264 sffp_mmc - ok
13:53:57.0663 5264 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:53:57.0673 5264 sffp_sd - ok
13:53:57.0693 5264 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:53:57.0693 5264 sfloppy - ok
13:53:57.0733 5264 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:53:57.0763 5264 ShellHWDetection - ok
13:53:57.0773 5264 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:53:57.0783 5264 SiSRaid2 - ok
13:53:57.0793 5264 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:53:57.0793 5264 SiSRaid4 - ok
13:53:57.0833 5264 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:53:57.0833 5264 SkypeUpdate - ok
13:53:57.0853 5264 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:53:57.0873 5264 Smb - ok
13:53:57.0903 5264 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:53:57.0913 5264 SNMPTRAP - ok
13:53:57.0923 5264 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:53:57.0933 5264 spldr - ok
13:53:57.0953 5264 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:53:57.0963 5264 Spooler - ok
13:53:58.0043 5264 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:53:58.0093 5264 sppsvc - ok
13:53:58.0103 5264 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:53:58.0123 5264 sppuinotify - ok
13:53:58.0153 5264 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
13:53:58.0163 5264 sptd - ok
13:53:58.0213 5264 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:53:58.0233 5264 srv - ok
13:53:58.0263 5264 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:53:58.0283 5264 srv2 - ok
13:53:58.0313 5264 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:53:58.0333 5264 srvnet - ok
13:53:58.0363 5264 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:53:58.0403 5264 SSDPSRV - ok
13:53:58.0413 5264 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:53:58.0443 5264 SstpSvc - ok
13:53:58.0463 5264 Steam Client Service - ok
13:53:58.0513 5264 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:53:58.0533 5264 Stereo Service - ok
13:53:58.0563 5264 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:53:58.0573 5264 stexstor - ok
13:53:58.0613 5264 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:53:58.0643 5264 stisvc - ok
13:53:58.0673 5264 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:53:58.0673 5264 storflt - ok
13:53:58.0693 5264 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:53:58.0693 5264 storvsc - ok
13:53:58.0723 5264 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:53:58.0723 5264 swenum - ok
13:53:58.0813 5264 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:53:58.0833 5264 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:53:58.0833 5264 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:53:58.0843 5264 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:53:58.0893 5264 swprv - ok
13:53:58.0893 5264 Synth3dVsc - ok
13:53:58.0953 5264 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:53:58.0983 5264 SysMain - ok
13:53:59.0003 5264 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:53:59.0023 5264 TabletInputService - ok
13:53:59.0043 5264 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:53:59.0073 5264 TapiSrv - ok
13:53:59.0103 5264 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:53:59.0133 5264 TBS - ok
13:53:59.0173 5264 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:53:59.0193 5264 Tcpip - ok
13:53:59.0233 5264 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:53:59.0253 5264 TCPIP6 - ok
13:53:59.0293 5264 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:53:59.0293 5264 tcpipreg - ok
13:53:59.0323 5264 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:53:59.0333 5264 TDPIPE - ok
13:53:59.0363 5264 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:53:59.0373 5264 TDTCP - ok
13:53:59.0403 5264 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:53:59.0423 5264 tdx - ok
13:53:59.0453 5264 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:53:59.0463 5264 TermDD - ok
13:53:59.0503 5264 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:53:59.0553 5264 TermService - ok
13:53:59.0573 5264 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:53:59.0583 5264 Themes - ok
13:53:59.0613 5264 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:53:59.0643 5264 THREADORDER - ok
13:53:59.0653 5264 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:53:59.0673 5264 TrkWks - ok
13:53:59.0733 5264 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:53:59.0763 5264 TrustedInstaller - ok
13:53:59.0793 5264 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:53:59.0813 5264 tssecsrv - ok
13:53:59.0853 5264 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:53:59.0863 5264 TsUsbFlt - ok
13:53:59.0873 5264 tsusbhub - ok
13:53:59.0903 5264 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:53:59.0943 5264 tunnel - ok
13:53:59.0953 5264 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:53:59.0963 5264 uagp35 - ok
13:53:59.0993 5264 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:54:00.0013 5264 udfs - ok
13:54:00.0043 5264 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:54:00.0053 5264 UI0Detect - ok
13:54:00.0063 5264 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:54:00.0073 5264 uliagpkx - ok
13:54:00.0103 5264 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:54:00.0113 5264 umbus - ok
13:54:00.0123 5264 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:54:00.0123 5264 UmPass - ok
13:54:00.0163 5264 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:54:00.0173 5264 UmRdpService - ok
13:54:00.0263 5264 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:54:00.0303 5264 UNS - ok
13:54:00.0313 5264 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:54:00.0333 5264 upnphost - ok
13:54:00.0363 5264 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:54:00.0373 5264 USBAAPL64 - ok
13:54:00.0403 5264 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:54:00.0413 5264 usbaudio - ok
13:54:00.0433 5264 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:54:00.0443 5264 usbccgp - ok
13:54:00.0463 5264 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:54:00.0473 5264 usbcir - ok
13:54:00.0503 5264 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:54:00.0513 5264 usbehci - ok
13:54:00.0543 5264 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:54:00.0563 5264 usbhub - ok
13:54:00.0593 5264 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:54:00.0604 5264 usbohci - ok
13:54:00.0614 5264 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:54:00.0634 5264 usbprint - ok
13:54:00.0654 5264 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:54:00.0674 5264 USBSTOR - ok
13:54:00.0684 5264 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:54:00.0704 5264 usbuhci - ok
13:54:00.0734 5264 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:54:00.0784 5264 UxSms - ok
13:54:00.0784 5264 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:54:00.0794 5264 VaultSvc - ok
13:54:00.0794 5264 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:54:00.0804 5264 vdrvroot - ok
13:54:00.0844 5264 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:54:00.0894 5264 vds - ok
13:54:00.0914 5264 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:54:00.0914 5264 vga - ok
13:54:00.0924 5264 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:54:00.0954 5264 VgaSave - ok
13:54:00.0954 5264 VGPU - ok
13:54:00.0954 5264 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:54:00.0964 5264 vhdmp - ok
13:54:00.0994 5264 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:54:01.0004 5264 viaide - ok
13:54:01.0014 5264 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
13:54:01.0024 5264 vidsflt53 - ok
13:54:01.0054 5264 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:54:01.0064 5264 vmbus - ok
13:54:01.0094 5264 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:54:01.0104 5264 VMBusHID - ok
13:54:01.0124 5264 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:54:01.0134 5264 volmgr - ok
13:54:01.0164 5264 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:54:01.0184 5264 volmgrx - ok
13:54:01.0214 5264 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:54:01.0234 5264 volsnap - ok
13:54:01.0254 5264 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:54:01.0264 5264 vsmraid - ok
13:54:01.0314 5264 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:54:01.0354 5264 VSS - ok
13:54:01.0434 5264 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
13:54:01.0464 5264 vToolbarUpdater14.2.0 - ok
13:54:01.0464 5264 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:54:01.0474 5264 vwifibus - ok
13:54:01.0484 5264 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:54:01.0494 5264 vwififlt - ok
13:54:01.0534 5264 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:54:01.0564 5264 W32Time - ok
13:54:01.0584 5264 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:54:01.0584 5264 WacomPen - ok
13:54:01.0604 5264 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:54:01.0624 5264 WANARP - ok
13:54:01.0624 5264 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:54:01.0644 5264 Wanarpv6 - ok
13:54:01.0694 5264 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:54:01.0734 5264 WatAdminSvc - ok
13:54:01.0784 5264 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:54:01.0814 5264 wbengine - ok
13:54:01.0824 5264 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:54:01.0844 5264 WbioSrvc - ok
13:54:01.0874 5264 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:54:01.0884 5264 wcncsvc - ok
13:54:01.0894 5264 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:54:01.0904 5264 WcsPlugInService - ok
13:54:01.0924 5264 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:54:01.0924 5264 Wd - ok
13:54:01.0964 5264 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:54:01.0974 5264 Wdf01000 - ok
13:54:01.0984 5264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:54:01.0994 5264 WdiServiceHost - ok
13:54:01.0994 5264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:54:02.0004 5264 WdiSystemHost - ok
13:54:02.0044 5264 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:54:02.0064 5264 WebClient - ok
13:54:02.0074 5264 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:54:02.0104 5264 Wecsvc - ok
13:54:02.0114 5264 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:54:02.0144 5264 wercplsupport - ok
13:54:02.0144 5264 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:54:02.0174 5264 WerSvc - ok
13:54:02.0174 5264 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:54:02.0194 5264 WfpLwf - ok
13:54:02.0204 5264 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:54:02.0214 5264 WIMMount - ok
13:54:02.0214 5264 WinHttpAutoProxySvc - ok
13:54:02.0274 5264 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:54:02.0314 5264 Winmgmt - ok
13:54:02.0364 5264 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:54:02.0414 5264 WinRM - ok
13:54:02.0444 5264 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:54:02.0454 5264 WinUsb - ok
13:54:02.0484 5264 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:54:02.0504 5264 Wlansvc - ok
13:54:02.0594 5264 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:54:02.0624 5264 wlidsvc - ok
13:54:02.0654 5264 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:54:02.0654 5264 WmiAcpi - ok
13:54:02.0684 5264 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:54:02.0694 5264 wmiApSrv - ok
13:54:02.0704 5264 WMPNetworkSvc - ok
13:54:02.0734 5264 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:54:02.0744 5264 WPCSvc - ok
13:54:02.0774 5264 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:54:02.0794 5264 WPDBusEnum - ok
13:54:02.0804 5264 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:54:02.0844 5264 ws2ifsl - ok
13:54:02.0844 5264 WSearch - ok
13:54:02.0914 5264 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:54:02.0954 5264 wuauserv - ok
13:54:02.0984 5264 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:54:02.0994 5264 WudfPf - ok
13:54:03.0004 5264 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:54:03.0014 5264 WUDFRd - ok
13:54:03.0044 5264 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:54:03.0044 5264 wudfsvc - ok
13:54:03.0074 5264 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:54:03.0094 5264 WwanSvc - ok
13:54:03.0114 5264 [ E793283BDEC1AF93E00CA71767B9934C ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:54:03.0124 5264 yukonw7 - ok
13:54:03.0124 5264 ================ Scan global ===============================
13:54:03.0164 5264 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:54:03.0194 5264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:54:03.0194 5264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:54:03.0234 5264 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:54:03.0274 5264 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:54:03.0274 5264 [Global] - ok
13:54:03.0274 5264 ================ Scan MBR ==================================
13:54:03.0284 5264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:54:03.0514 5264 \Device\Harddisk2\DR2 - ok
13:54:03.0534 5264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
13:54:03.0594 5264 \Device\Harddisk3\DR3 - ok
13:54:03.0604 5264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:54:03.0634 5264 \Device\Harddisk0\DR0 - ok
13:54:03.0634 5264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:54:03.0654 5264 \Device\Harddisk1\DR1 - ok
13:54:03.0654 5264 ================ Scan VBR ==================================
13:54:03.0664 5264 [ 8BCA520A9BF160479FA2C1DE7F6104CF ] \Device\Harddisk2\DR2\Partition1
13:54:03.0664 5264 \Device\Harddisk2\DR2\Partition1 - ok
13:54:03.0684 5264 [ FE55A0AFB0BD9CE5780E77782ED5CFF6 ] \Device\Harddisk3\DR3\Partition1
13:54:03.0684 5264 \Device\Harddisk3\DR3\Partition1 - ok
13:54:03.0684 5264 [ CCBEC61F34F269C3021953164873472C ] \Device\Harddisk0\DR0\Partition1
13:54:03.0684 5264 \Device\Harddisk0\DR0\Partition1 - ok
13:54:03.0694 5264 [ 1011C0FAAC776AC971E171EDA393E663 ] \Device\Harddisk1\DR1\Partition1
13:54:03.0694 5264 \Device\Harddisk1\DR1\Partition1 - ok
13:54:03.0694 5264 ============================================================
13:54:03.0694 5264 Scan finished
13:54:03.0694 5264 ============================================================
13:54:03.0694 2176 Detected object count: 6
13:54:03.0694 2176 Actual detected object count: 6
13:54:21.0915 2176 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:21.0915 2176 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:21.0915 2176 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:21.0915 2176 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:21.0915 2176 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:21.0915 2176 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:21.0915 2176 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:21.0915 2176 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:21.0915 2176 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:21.0915 2176 Just Flight Limited License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:21.0915 2176 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:54:21.0915 2176 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:54:36.0826 3820 Deinitialize success


2. The OTL fixes log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: Unable to stop service sptd!
Unable to delete service\driver key sptd.
C:\Windows\SysNative\drivers\sptd.sys moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2454372500-3351072776-1793313849-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\mvalkdj.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marcus
->Temp folder emptied: 83545149 bytes
->Temporary Internet Files folder emptied: 125689785 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2437467 bytes
->Flash cache emptied: 4847 bytes

User: Public

User: UpdatusUser

User: UpdatusUser.Marcus-Custom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81042 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 198473941 bytes

Total Files Cleaned = 391.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03192013_135547

Files\Folders moved on Reboot...
C:\Users\Marcus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Marcus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXMFZMPB\page__gopid__2275018[1].htm moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

3. The MalwareBytes log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.19.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marcus :: MARCUS-CUSTOM [administrator]

3/19/2013 2:07:28 PM
mbam-log-2013-03-19 (14-07-28).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 2158824
Time elapsed: 5 hour(s), 36 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\TDSSKiller_Quarantine\19.03.2013_13.49.52\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03192013_135547\C_Windows\mvalkdj.dll (Trojan.Scar) -> Quarantined and deleted successfully.

(end)


4. The ESET scan log (IF it found anything). IF it didn't just let me know.

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\19.03.2013_13.49.52\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\19.03.2013_13.49.52\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\19.03.2013_13.49.52\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\19.03.2013_13.49.52\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\19.03.2013_13.49.52\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\30.10.2012_22.13.23\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\30.10.2012_22.13.23\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\30.10.2012_22.13.23\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\30.10.2012_22.13.23\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\30.10.2012_22.13.23\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\_OTL\MovedFiles\03182013_101444\C_Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\extensions\[email protected] JS/Redirector.NCI trojan
F:\Downloads\FSX\Flight1\MD-80\Super80FSX.exe Win32/SuspLibLoad.B trojan


5. The new OTL.txt log

OTL logfile created on: 3/20/2013 7:08:13 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Desktop\Geekstogo Stuff
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 12.12 Gb Available Physical Memory | 75.80% Memory free
31.96 Gb Paging File | 29.07 Gb Available in Paging File | 90.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.64 Gb Total Space | 251.87 Gb Free Space | 36.05% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 146.15 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 94.86 Gb Free Space | 40.74% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 70.89 Gb Free Space | 30.45% Space Free | Partition Type: NTFS

Computer Name: MARCUS-CUSTOM | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/14 12:09:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\Geekstogo Stuff\OTL.exe
PRC - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/02/21 04:35:28 | 000,607,048 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
PRC - [2013/02/18 19:39:46 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/04/19 21:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/18 15:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/21 04:35:28 | 000,607,048 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
MOD - [2013/02/08 10:35:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
MOD - [2013/02/08 10:35:46 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
MOD - [2013/02/08 10:35:32 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTCore.dll
MOD - [2013/02/08 10:35:24 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTUI.dll
MOD - [2013/02/08 10:35:18 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTFC.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/01 00:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision X\RTTSH.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/07 12:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2009/06/29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/03/06 10:46:06 | 000,069,632 | ---- | M] (Just Flight Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe -- (Just Flight Limited License Service)
SRV - [2013/02/27 14:57:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/18 19:39:46 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/01/18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/29 04:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/28 15:38:59 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/26 15:44:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/17 19:39:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/06/17 19:36:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/18 19:39:47 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/26 19:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/23 10:46:45 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/07/09 23:09:10 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/18 21:57:38 | 000,126,912 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/19 18:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/12/11 19:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 19:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/23 03:11:28 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/08/10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/02/03 12:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/12 05:19:32 | 000,095,744 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 18:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 18:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 17:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/02/15 17:50:02 | 000,178,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH0763.sys -- (SaiH0763)
DRV:64bit: - [2007/09/14 08:47:06 | 000,176,128 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV - [2013/02/21 04:35:26 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2011/04/19 21:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 C9 9F 98 C0 3F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/03/06 10:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 14:57:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/08 22:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Extensions
[2013/03/18 10:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\17s8w51e.default\extensions
[2013/02/27 14:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/27 14:57:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/06 11:42:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 14:57:55 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/18 19:52:02 | 000,001,663 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://jeffco.us/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{000C7415-417B-4D4E-AC90-02E1B16B3349}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BF91E8A-0620-4700-98C9-4B8184FAA31D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{750142CB-77F2-410C-A2A6-1F457B8EE88F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6033A31-EE9F-46B0-9435-B51BF129FC13}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/20 09:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/18 20:13:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\Geekstogo Stuff
[2013/03/18 10:14:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/13 03:28:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/13 03:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/03/12 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\Flash Cards
[2013/03/06 11:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
[2013/03/06 11:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Just Flight Limited
[2013/03/06 10:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/06 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Just Flight Limited Shared
[2013/03/03 18:51:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\TechSmith
[2013/03/03 18:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/03/01 12:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MILVIZ
[2013/03/01 10:55:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilViz - Northrop T-38 Talon
[2013/02/27 14:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/25 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Desktop\Football Helmets
[2013/02/23 21:09:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\OverlayEditor
[2013/02/23 21:09:07 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\marginal.org
[2013/02/23 21:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverlayEditor
[2013/02/23 16:48:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2013/02/21 15:21:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/21 15:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/21 15:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013/03/20 18:53:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 09:19:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 09:11:10 | 113,997,484 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/03/20 09:10:48 | 000,772,160 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/03/20 09:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 00:29:10 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/20 00:29:10 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/20 00:29:10 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00411102}.rfx
[2013/03/19 22:05:49 | 000,000,073 | ---- | M] () -- C:\Users\Marcus\AppData\Local\X-Plane_drm.prf
[2013/03/19 21:43:37 | 000,000,077 | ---- | M] () -- C:\Windows\ACSim.ini
[2013/03/19 20:00:28 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 20:00:28 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 19:58:57 | 017,455,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/19 19:58:57 | 000,746,118 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/03/19 19:58:57 | 000,745,962 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/03/19 19:58:57 | 000,743,832 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/03/19 19:58:57 | 000,740,656 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013/03/19 19:58:57 | 000,740,654 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/03/19 19:58:57 | 000,729,654 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013/03/19 19:58:57 | 000,725,186 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013/03/19 19:58:57 | 000,714,442 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/03/19 19:58:57 | 000,697,402 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/19 19:58:57 | 000,684,140 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013/03/19 19:58:57 | 000,669,158 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013/03/19 19:58:57 | 000,664,402 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013/03/19 19:58:57 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/19 19:58:57 | 000,657,416 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/03/19 19:58:57 | 000,607,338 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/03/19 19:58:57 | 000,509,960 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013/03/19 19:58:57 | 000,495,236 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013/03/19 19:58:57 | 000,482,100 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013/03/19 19:58:57 | 000,479,880 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013/03/19 19:58:57 | 000,430,038 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013/03/19 19:58:57 | 000,418,444 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/03/19 19:58:57 | 000,402,870 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013/03/19 19:58:57 | 000,393,446 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013/03/19 19:58:57 | 000,385,768 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013/03/19 19:58:57 | 000,170,668 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013/03/19 19:58:57 | 000,158,008 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/03/19 19:58:57 | 000,155,284 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013/03/19 19:58:57 | 000,152,600 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/03/19 19:58:57 | 000,152,572 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013/03/19 19:58:57 | 000,150,164 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013/03/19 19:58:57 | 000,148,976 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/03/19 19:58:57 | 000,148,466 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/19 19:58:57 | 000,147,164 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/03/19 19:58:57 | 000,146,472 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/03/19 19:58:57 | 000,142,158 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013/03/19 19:58:57 | 000,140,780 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013/03/19 19:58:57 | 000,139,562 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/03/19 19:58:57 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/03/19 19:58:57 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/19 19:58:57 | 000,120,166 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013/03/19 19:58:57 | 000,119,738 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013/03/19 19:58:57 | 000,114,824 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013/03/19 19:58:57 | 000,110,676 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/03/19 19:58:57 | 000,100,816 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013/03/19 19:58:57 | 000,098,156 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013/03/19 19:58:57 | 000,094,966 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013/03/19 19:58:57 | 000,094,474 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013/03/19 19:58:57 | 000,084,584 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013/03/19 19:52:36 | 4281,307,134 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 09:06:46 | 000,245,226 | ---- | M] () -- C:\Users\Marcus\Documents\PVH-U DCE.pdf
[2013/03/17 13:43:47 | 000,007,597 | ---- | M] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2013/03/12 19:27:11 | 000,000,132 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/03/12 16:21:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/03/12 16:21:51 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/03/11 16:52:52 | 000,133,920 | ---- | M] () -- C:\Users\Marcus\Desktop\ZLA Cheat Sheet.pdf
[2013/03/08 16:33:55 | 000,001,092 | ---- | M] () -- C:\Users\Marcus\Desktop\EVGA Precision X.lnk
[2013/03/06 11:10:03 | 000,000,575 | ---- | M] () -- C:\Users\Public\Desktop\AirHauler.lnk
[2013/03/03 21:48:59 | 000,000,080 | ---- | M] () -- C:\Users\Marcus\AppData\Local\X-Plane Installer.prf
[2013/03/02 21:06:44 | 000,007,168 | ---- | M] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/27 21:23:31 | 000,000,270 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\OpenSceneryX Installer.plist
[2013/02/27 15:22:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/02/26 01:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/21 15:21:52 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/18 19:39:47 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

========== Files Created - No Company Name ==========

[2013/03/18 09:06:46 | 000,245,226 | ---- | C] () -- C:\Users\Marcus\Documents\PVH-U DCE.pdf
[2013/03/11 16:52:51 | 000,133,920 | ---- | C] () -- C:\Users\Marcus\Desktop\ZLA Cheat Sheet.pdf
[2013/03/06 11:10:03 | 000,000,575 | ---- | C] () -- C:\Users\Public\Desktop\AirHauler.lnk
[2013/02/27 21:23:31 | 000,000,270 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\OpenSceneryX Installer.plist
[2013/02/23 21:08:50 | 000,001,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverlayEditor.lnk
[2013/02/15 16:07:41 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/13 21:50:36 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/01/24 23:01:35 | 000,026,900 | ---- | C] () -- C:\Users\Marcus\AppData\Local\dt.dat
[2012/10/27 16:42:58 | 000,000,133 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/26 11:13:53 | 000,905,031 | ---- | C] () -- C:\Users\Marcus\AppData\Local\census.cache
[2012/10/26 11:13:44 | 000,145,930 | ---- | C] () -- C:\Users\Marcus\AppData\Local\ars.cache
[2012/10/26 11:01:21 | 000,000,036 | ---- | C] () -- C:\Users\Marcus\AppData\Local\housecall.guid.cache
[2012/10/19 21:31:27 | 000,000,116 | ---- | C] () -- C:\Users\Marcus\Adobe Encore_AME.pref
[2012/10/19 17:00:53 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/10/18 17:24:29 | 000,036,864 | ---- | C] () -- C:\Windows\unslive.exe
[2012/10/02 20:21:17 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/09/29 17:15:28 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/09/18 13:22:38 | 000,007,597 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
[2012/08/31 15:43:06 | 000,196,828 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/13 12:58:54 | 000,000,899 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\XAddonManager.plist
[2012/07/02 12:09:26 | 000,000,073 | ---- | C] () -- C:\Users\Marcus\AppData\Local\X-Plane_drm.prf
[2012/07/02 12:08:34 | 000,000,080 | ---- | C] () -- C:\Users\Marcus\AppData\Local\X-Plane Installer.prf
[2012/06/17 19:32:27 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/06/17 19:32:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/06/16 19:23:38 | 000,007,168 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 08:35:04 | 000,000,132 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/13 14:56:27 | 000,000,077 | ---- | C] () -- C:\Windows\ACSim.ini
[2012/06/02 15:23:30 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012/06/01 21:49:44 | 017,292,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/23 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Acronis
[2012/09/17 15:59:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ASE
[2012/06/01 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AVG2012
[2013/01/25 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Celemony Software GmbH
[2012/10/19 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/19 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/09 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\FileZilla
[2012/07/28 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Flight1
[2012/06/25 13:56:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\HiFi
[2012/08/09 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ieSpell
[2013/02/17 15:42:25 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Lionhead Studios
[2013/02/23 21:09:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\marginal.org
[2012/10/26 10:23:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\MonkeyJam
[2012/10/19 17:00:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PACE Anti-Piracy
[2012/06/02 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PolyView
[2012/06/01 23:23:00 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Publish Providers
[2012/10/04 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\QualityWings
[2012/10/26 10:23:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Research In Motion
[2012/06/17 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Smart Recorder
[2012/12/18 20:20:07 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Sony
[2012/10/19 17:02:15 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/23 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2013/03/19 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client
[2013/02/05 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TuneUp Software
[2013/03/19 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
[2012/09/07 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\VAT-Spy

========== Purity Check ==========



< End of report >
  • 0

#14
godawgs
Posted 20 March 2013 - 07:44 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

The OTL scan looks good.
The files that MalwareBytes found were already quarantined by TDSSKiller and they will be removed during the clean up process.
The files that ESET found have already been quarantine by Spybot S&D or TDSSKiller or OTL.

How is the computer running now?
  • 0

#15
Marcusmmc23
Posted 20 March 2013 - 07:49 PM

Marcusmmc23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
My kids are streaming a movie on Netflix right now on a different computer and my mouse is certainly still lagging.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP