Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost (LocalService) downloading files continuously to C: drive


  • Please log in to reply

#1
biggy c

biggy c

    Member

  • Member
  • PipPip
  • 67 posts
So, this started happening about a week ago. I noticed that my C: drive kept filling up really fast for no apparent reason. I had to keep deleting stuff just for a small time frame to be able to do anything on the drive. I scouted out the processes with Process Explorer to find out what processes were writing to disk at such a ridiculous rate; turned out to be the svchost for LocalService. I also pinpointed the destination; C:/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5. There are now over 20 GB and over a million files there. I've tried to run OTL, but it seems to keep hanging when scanning one of the files inside that directory. What should I do in this case? Any help would be appreciated.

Edited by biggy c, 27 March 2013 - 05:39 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Go in to Safe Mode with Networking:

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

In IE, Tools, Internet Options then hit the Delete button under Browsing History. Uncheck anything you want to keep like Passwords and Cookies then Delete. (Usually takes a while to do its thing.) Now under Browsing History click on Settings. Then change where it says: Disk Space to Use ... to 50 then OK.

Also in IE, Tools, Manage Addons. Click on each currently loaded add-on under Toolbars and Extensions and Disable. Close IE.

Do Disk Cleanup. Don not let it compress your drive.

Disk Cleanup in XP:
http://support.microsoft.com/kb/310312


Disk Cleanup in Vista/Win 7:
http://windows.micro...ng-disk-cleanup

Now see if you can get OTL to run.
  • 0

#3
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
I actually started deleting C:/Windows/System32/config/systemprofile/AppData/Local before your post. It took some hours, but it was successful save a couple files (index.dat and others). After that I ran OTL and it was successful. Here's the log:

OTL logfile created on: 3/28/2013 9:39:18 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 25.75% Memory free
7.25 Gb Paging File | 4.37 Gb Available in Paging File | 60.31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 26.20 Gb Free Space | 32.74% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 15.36 Gb Free Space | 3.98% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 440.20 Gb Free Space | 23.63% Space Free | Partition Type: NTFS

Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/03/15 17:29:12 | 001,632,680 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\steam.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/09/19 20:38:54 | 002,686,976 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.127\deploy\LoLLauncher.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/11/11 00:24:57 | 001,294,336 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2010/09/08 17:56:04 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- G:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.254\deploy\LolClient.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/15 17:29:10 | 000,990,120 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/14 21:19:02 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/12 17:10:10 | 000,649,216 | ---- | M] () -- D:\Program Files\Steam\sdl2.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/09/19 20:38:54 | 002,686,976 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.127\deploy\LoLLauncher.exe
MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd
MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll
MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd
MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd
MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd
MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd
MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd
MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd
MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd
MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll
MOD - [2011/11/11 00:24:57 | 001,294,336 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- D:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2013/03/25 16:56:45 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/09 17:01:38 | 000,062,720 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\200429017a5e0442.sys -- (200429017a5e0442)
SRV - [2013/02/09 17:00:36 | 000,200,704 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454}\syshost.exe -- (syshost32)
SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2013/02/09 17:01:38 | 000,062,720 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\200429017a5e0442.sys -- (200429017a5e0442)
DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/06 14:21:39 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\utqymjgy.sys -- (utqymjgy)
DRV - [2010/07/04 16:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\vmm.sys -- (vmm)
DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 15:18:53 | 000,245,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/11/02 15:15:59 | 000,258,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vpchbus.sys -- (vpcbus)
DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vpcusb.sys -- (vpcusb)
DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vm3dmp.sys -- (vm3dmp)
DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 22:19:11 | 000,297,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 22:19:11 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/13 22:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,159,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 22:19:10 | 000,053,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp)
DRV - [2009/07/13 22:19:10 | 000,053,312 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,032,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:17:06 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:55:02 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6)
DRV - [2009/07/13 20:55:02 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (WANARP)
DRV - [2009/07/13 20:55:02 | 000,016,384 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 20:53:51 | 000,009,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 20:52:02 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 20:51:31 | 000,075,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2009/07/13 20:51:23 | 000,080,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2009/07/13 20:51:19 | 000,074,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/07/13 20:51:18 | 000,086,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2009/07/13 20:51:14 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2009/07/13 20:51:14 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/07/13 20:51:10 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2009/07/13 20:50:45 | 000,132,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV - [2009/07/13 20:50:17 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2009/07/13 20:46:53 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 20:25:51 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 20:25:49 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga)
DRV - [2009/07/13 20:19:17 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 20:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/19 07:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\V0510Vid.sys -- (V0510Dev)
DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma)
DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}: "URL" = http://www.dealio.co...d={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/16 21:44:16 | 000,000,000 | ---D | M]

[2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

O1 HOSTS File: ([2013/03/28 21:37:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2013/03/02 14:12:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Perforce
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/28 21:13:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/28 12:13:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 00:10:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/03/26 07:42:16 | 000,730,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/26 07:42:16 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013/03/26 07:42:16 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013/03/26 07:42:15 | 000,151,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/26 07:05:02 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 07:05:01 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 07:49:42 | 000,002,100 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel
[2013/02/27 01:25:06 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- C:\procmon.chm
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm
[2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2013/02/09 17:01:38 | 000,062,720 | ---- | C] () -- C:\Windows\System32\drivers\200429017a5e0442.sys
[2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc
[2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/06/25 19:32:06 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\tap0901t.sys
[2012/06/14 11:00:28 | 000,196,064 | ---- | C] () -- C:\Windows\System32\drivers\windrvr6.sys
[2012/06/13 17:04:09 | 000,073,032 | ---- | C] () -- C:\Windows\System32\drivers\ftser2k.sys
[2012/06/13 17:04:09 | 000,060,104 | ---- | C] () -- C:\Windows\System32\drivers\ftdibus.sys
[2012/05/31 23:19:44 | 011,354,944 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini
[2012/03/15 19:43:52 | 000,044,784 | ---- | C] () -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/03/08 23:54:29 | 003,921,448 | ---- | C] () -- C:\Windows\System32\drivers\RTKVHDA.sys
[2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/01/13 23:06:14 | 000,361,032 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/13 23:06:14 | 000,054,232 | ---- | C] () -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/13 23:06:14 | 000,021,256 | ---- | C] () -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/13 23:06:13 | 000,738,504 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini
[2011/06/14 14:26:23 | 000,047,616 | ---- | C] () -- C:\Windows\System32\drivers\Haspnt.sys
[2011/06/14 14:26:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\haspvdd.dll
[2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/06/14 14:26:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2011/06/14 14:26:16 | 000,049,664 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL
[2011/06/14 14:26:16 | 000,018,432 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL
[2011/06/14 14:26:13 | 000,020,032 | R--- | C] () -- C:\Windows\System32\drivers\SNTNLUSB.SYS
[2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2011/06/14 00:40:18 | 000,693,760 | ---- | C] () -- C:\Windows\System32\drivers\hardlock.sys
[2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe
[2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/20 16:16:37 | 000,728,448 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011/05/20 16:16:37 | 000,219,008 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/05/20 16:16:37 | 000,107,520 | ---- | C] () -- C:\Windows\System32\cdd.dll
[2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg
[2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe
[2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png
[2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png
[2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png
[2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png
[2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX
[2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png
[2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png
[2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png
[2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties
[2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png
[2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png
[2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png
[2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png
[2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png
[2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png
[2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png
[2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png
[2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] () -- \東方幻奏箱.mp3.sfk
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] () -- \東方幻奏箱.mp3
[2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini
[2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg
[2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb
[2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg
[2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds
[2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm
[2010/05/19 01:43:56 | 004,286,360 | ---- | C] () -- \AirRivals_HackShield_[1.0.0.39].exe
[2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif
[2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session
[2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm
[2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe
[2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf
[2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf
[2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd
[2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif
[2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov
[2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf
[2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf
[2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg
[2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk
[2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3
[2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav
[2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk
[2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav
[2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk
[2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3
[2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3
[2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3
[2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe
[2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3
[2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV
[2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3
[2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak
[2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr
[2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] () -- \EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] () -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin
[2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp
[2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3
[2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH
[2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin
[2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3
[2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3
[2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3
[2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg
[2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg
[2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG
[2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3
[2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe
[2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3
[2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3
[2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg
[2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg
[2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg
[2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3
[2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3
[2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld
[2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak
[2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr

========== ZeroAccess Check ==========

[2013/02/09 17:00:46 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\@
[2013/02/09 17:00:46 | 000,048,640 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n
[2013/02/09 17:00:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L
[2013/03/08 06:28:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U
[2013/02/15 14:37:16 | 000,000,928 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]
[2013/02/09 17:00:50 | 000,011,776 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]
[2013/03/08 06:28:19 | 000,021,504 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n. -- [2013/02/09 17:00:46 | 000,048,640 | -HS- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Looks like Zero Access and some friends.


Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}: "URL" = http://www.dealio.co...d={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found

:files
sc stop Akamai /c
sc delete Akamai /c
c:\program files\common files\akamai/netsession_win_ca0e279.dll
sc stop syshost32 /c
sc delete syshost32 /c
C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454}
sc stop 200429017a5e0442 /c 
sc delete 200429017a5e0442 /c
C:\Windows\System32\drivers\200429017a5e0442.sys 200429017a5e0442
sfc /scanfile=C:\Windows\System32\drivers\umpass.sys
sc stop utqymjgy /c 
sc delete utqymjgy /c
C:\Windows\System32\Drivers\utqymjgy.sys
C:\$RECYCLE.BIN\S-1-5-18

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03282013-some number.log so look there if you don't see it.


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.


If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#5
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
When running the OTL fix, a prompt comes up when doing delete Akamai: "Cannot create file C:\\cmd.bat." The program doesn't hang after clicking ok, but it seems to try to delete Akamai indefinitely. What should I do to fix this?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
My fault. I left off the /c on the first two commands. I did an edit on the post and fixed it so try it again.
  • 0

#7
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Unfortunately it's still erroring with the same message, at the same place as last time. I double checked that the sc commands for Akamai (and the other sc commands) have /c on the end and they all do.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
OK Try it without the akamai.

:OTL
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}: "URL" = http://www.dealio.co...d={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found

:files
c:\program files\common files\akamai/netsession_win_ca0e279.dll
sc stop syshost32 /c
sc delete syshost32 /c
C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454}
sc stop 200429017a5e0442 /c 
sc delete 200429017a5e0442 /c
C:\Windows\System32\drivers\200429017a5e0442.sys 200429017a5e0442
sfc /scanfile=C:\Windows\System32\drivers\umpass.sys
sc stop utqymjgy /c 
sc delete utqymjgy /c
C:\Windows\System32\Drivers\utqymjgy.sys
C:\$RECYCLE.BIN\S-1-5-18

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

  • 0

#9
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Any of the /c commands keep giving the same error; I've looked around but I'm not sure how to fix it. Is it because C:\\ is an invalid address?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Not sure why the /c commands aren't working. They should work. Could be the malware is fighting them. Just leave them out.
  • 0

Advertisements


#11
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Here's the first OTL log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7F55892-C8F6-4418-B838-E3554BB14BBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:{DLL_Str} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC654325-1273-C2A9-2B7C-45D29BCE68FB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC654325-1273-C2A9-2B7C-45D29BCE68FB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC654325-1273-C2A9-2B7C-45D29BCE68FD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC654325-1273-C2A9-2B7C-45D29BCE68FD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC654325-1273-C2A9-2B7C-45D29BCE68FF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC654325-1273-C2A9-2B7C-45D29BCE68FF}\ not found.
========== FILES ==========
Invalid Switch: netsession_win_ca0e279.dll
File\Folder C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454} not found.
File\Folder C:\Windows\System32\drivers\200429017a5e0442.sys 200429017a5e0442 not found.
Invalid Switch: scanfile=C:\Windows\System32\drivers\umpass.sys
File move failed. C:\Windows\System32\Drivers\utqymjgy.sys scheduled to be moved on reboot.
C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-18 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: %username%
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: %username%
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04092013_110838

Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\Drivers\utqymjgy.sys not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



When I tried scanning with aswMBR, it just said "Scan error, incorrect parameter." Should I just skip this part?

Edited by biggy c, 09 April 2013 - 08:32 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Yes skip any scan that doesn't want to run.
  • 0

#13
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
ComboFix log:

ComboFix 13-04-09.01 - Administrator 9/2013 Tue  15:56:34.5.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.932.81.1033.18.3327.1695 [GMT -3:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\@
c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\n
c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]
c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]
c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\[email protected]
c:\program files\Common Files\ComObject
c:\program files\Common Files\ComObject\AccessibleMarshal.dll
c:\program files\Common Files\ComObject\application.ini
c:\program files\Common Files\ComObject\blocklist.xml
c:\program files\Common Files\ComObject\browserconfig.properties
c:\program files\Common Files\ComObject\chrome\browser.jar
c:\program files\Common Files\ComObject\chrome\browser.manifest
c:\program files\Common Files\ComObject\chrome\classic.jar
c:\program files\Common Files\ComObject\chrome\classic.manifest
c:\program files\Common Files\ComObject\chrome\comm.jar
c:\program files\Common Files\ComObject\chrome\comm.manifest
c:\program files\Common Files\ComObject\chrome\en-US.jar
c:\program files\Common Files\ComObject\chrome\en-US.manifest
c:\program files\Common Files\ComObject\chrome\pippki.jar
c:\program files\Common Files\ComObject\chrome\pippki.manifest
c:\program files\Common Files\ComObject\chrome\reporter.jar
c:\program files\Common Files\ComObject\chrome\reporter.manifest
c:\program files\Common Files\ComObject\chrome\toolkit.jar
c:\program files\Common Files\ComObject\chrome\toolkit.manifest
c:\program files\Common Files\ComObject\components\browser.xpt
c:\program files\Common Files\ComObject\components\browserdirprovider.dll
c:\program files\Common Files\ComObject\components\brwsrcmp.dll
c:\program files\Common Files\ComObject\components\components.list
c:\program files\Common Files\ComObject\components\compreg.dat
c:\program files\Common Files\ComObject\components\FeedConverter.js
c:\program files\Common Files\ComObject\components\FeedProcessor.js
c:\program files\Common Files\ComObject\components\FeedWriter.js
c:\program files\Common Files\ComObject\components\fuelApplication.js
c:\program files\Common Files\ComObject\components\GPSDGeolocationProvider.js
c:\program files\Common Files\ComObject\components\jsconsole-clhandler.js
c:\program files\Common Files\ComObject\components\NetworkGeolocationProvider.js
c:\program files\Common Files\ComObject\components\nsAddonRepository.js
c:\program files\Common Files\ComObject\components\nsBadCertHandler.js
c:\program files\Common Files\ComObject\components\nsBlocklistService.js
c:\program files\Common Files\ComObject\components\nsBrowserContentHandler.js
c:\program files\Common Files\ComObject\components\nsBrowserGlue.js
c:\program files\Common Files\ComObject\components\nsContentDispatchChooser.js
c:\program files\Common Files\ComObject\components\nsContentPrefService.js
c:\program files\Common Files\ComObject\components\nsDefaultCLH.js
c:\program files\Common Files\ComObject\components\nsDownloadManagerUI.js
c:\program files\Common Files\ComObject\components\nsExtensionManager.js
c:\program files\Common Files\ComObject\components\nsFormAutoComplete.js
c:\program files\Common Files\ComObject\components\nsHandlerService.js
c:\program files\Common Files\ComObject\components\nsHelperAppDlg.js
c:\program files\Common Files\ComObject\components\nsINIProcessor.js
c:\program files\Common Files\ComObject\components\nsLivemarkService.js
c:\program files\Common Files\ComObject\components\nsLoginInfo.js
c:\program files\Common Files\ComObject\components\nsLoginManager.js
c:\program files\Common Files\ComObject\components\nsLoginManagerPrompter.js
c:\program files\Common Files\ComObject\components\nsMicrosummaryService.js
c:\program files\Common Files\ComObject\components\nsPlacesAutoComplete.js
c:\program files\Common Files\ComObject\components\nsPlacesDBFlush.js
c:\program files\Common Files\ComObject\components\nsPlacesTransactionsService.js
c:\program files\Common Files\ComObject\components\nsPrivateBrowsingService.js
c:\program files\Common Files\ComObject\components\nsProxyAutoConfig.js
c:\program files\Common Files\ComObject\components\nsSafebrowsingApplication.js
c:\program files\Common Files\ComObject\components\nsSearchService.js
c:\program files\Common Files\ComObject\components\nsSearchSuggestions.js
c:\program files\Common Files\ComObject\components\nsSessionStartup.js
c:\program files\Common Files\ComObject\components\nsSessionStore.js
c:\program files\Common Files\ComObject\components\nsSetDefaultBrowser.js
c:\program files\Common Files\ComObject\components\nsSidebar.js
c:\program files\Common Files\ComObject\components\nsTaggingService.js
c:\program files\Common Files\ComObject\components\nsTryToClose.js
c:\program files\Common Files\ComObject\components\nsUpdateService.js
c:\program files\Common Files\ComObject\components\nsUpdateServiceStub.js
c:\program files\Common Files\ComObject\components\nsUpdateTimerManager.js
c:\program files\Common Files\ComObject\components\nsUrlClassifierLib.js
c:\program files\Common Files\ComObject\components\nsUrlClassifierListManager.js
c:\program files\Common Files\ComObject\components\nsURLFormatter.js
c:\program files\Common Files\ComObject\components\nsWebHandlerApp.js
c:\program files\Common Files\ComObject\components\pluginGlue.js
c:\program files\Common Files\ComObject\components\storage-Legacy.js
c:\program files\Common Files\ComObject\components\storage-mozStorage.js
c:\program files\Common Files\ComObject\components\txEXSLTRegExFunctions.js
c:\program files\Common Files\ComObject\components\WebContentConverter.js
c:\program files\Common Files\ComObject\components\xpti.dat
c:\program files\Common Files\ComObject\crashreporter-override.ini
c:\program files\Common Files\ComObject\crashreporter.exe
c:\program files\Common Files\ComObject\crashreporter.ini
c:\program files\Common Files\ComObject\data.js
c:\program files\Common Files\ComObject\defaults\autoconfig\platform.js
c:\program files\Common Files\ComObject\defaults\autoconfig\prefcalls.js
c:\program files\Common Files\ComObject\defaults\pref\channel-prefs.js
c:\program files\Common Files\ComObject\defaults\pref\firefox-branding.js
c:\program files\Common Files\ComObject\defaults\pref\firefox-l10n.js
c:\program files\Common Files\ComObject\defaults\pref\firefox.js
c:\program files\Common Files\ComObject\defaults\pref\reporter.js
c:\program files\Common Files\ComObject\defaults\profile\bookmarks.html
c:\program files\Common Files\ComObject\defaults\profile\chrome\userChrome-example.css
c:\program files\Common Files\ComObject\defaults\profile\chrome\userContent-example.css
c:\program files\Common Files\ComObject\defaults\profile\localstore.rdf
c:\program files\Common Files\ComObject\defaults\profile\mimeTypes.rdf
c:\program files\Common Files\ComObject\defaults\profile\prefs.js
c:\program files\Common Files\ComObject\dictionaries\en-US.aff
c:\program files\Common Files\ComObject\dictionaries\en-US.dic
c:\program files\Common Files\ComObject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
c:\program files\Common Files\ComObject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\program files\Common Files\ComObject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png
c:\program files\Common Files\ComObject\freebl3.chk
c:\program files\Common Files\ComObject\freebl3.dll
c:\program files\Common Files\ComObject\greprefs\all.js
c:\program files\Common Files\ComObject\greprefs\security-prefs.js
c:\program files\Common Files\ComObject\greprefs\xpinstall.js
c:\program files\Common Files\ComObject\js3250.dll
c:\program files\Common Files\ComObject\LICENSE
c:\program files\Common Files\ComObject\modules\CertUtils.jsm
c:\program files\Common Files\ComObject\modules\CrashSubmit.jsm
c:\program files\Common Files\ComObject\modules\ctypes.jsm
c:\program files\Common Files\ComObject\modules\debug.js
c:\program files\Common Files\ComObject\modules\distribution.js
c:\program files\Common Files\ComObject\modules\DownloadLastDir.jsm
c:\program files\Common Files\ComObject\modules\DownloadUtils.jsm
c:\program files\Common Files\ComObject\modules\FileUtils.jsm
c:\program files\Common Files\ComObject\modules\ISO8601DateUtils.jsm
c:\program files\Common Files\ComObject\modules\LightweightThemeConsumer.jsm
c:\program files\Common Files\ComObject\modules\LightweightThemeManager.jsm
c:\program files\Common Files\ComObject\modules\Microformats.js
c:\program files\Common Files\ComObject\modules\NetUtil.jsm
c:\program files\Common Files\ComObject\modules\NetworkPrioritizer.jsm
c:\program files\Common Files\ComObject\modules\openLocationLastURL.jsm
c:\program files\Common Files\ComObject\modules\PlacesDBUtils.jsm
c:\program files\Common Files\ComObject\modules\PluralForm.jsm
c:\program files\Common Files\ComObject\modules\SpatialNavigation.js
c:\program files\Common Files\ComObject\modules\utils.js
c:\program files\Common Files\ComObject\modules\WindowDraggingUtils.jsm
c:\program files\Common Files\ComObject\modules\WindowsPreviewPerTab.jsm
c:\program files\Common Files\ComObject\modules\XPCOMUtils.jsm
c:\program files\Common Files\ComObject\mozcpp19.dll
c:\program files\Common Files\ComObject\mozcrt19.dll
c:\program files\Common Files\ComObject\nspr4.dll
c:\program files\Common Files\ComObject\nss3.dll
c:\program files\Common Files\ComObject\nssckbi.dll
c:\program files\Common Files\ComObject\nssdbm3.chk
c:\program files\Common Files\ComObject\nssdbm3.dll
c:\program files\Common Files\ComObject\nssutil3.dll
c:\program files\Common Files\ComObject\platform.ini
c:\program files\Common Files\ComObject\plc4.dll
c:\program files\Common Files\ComObject\plds4.dll
c:\program files\Common Files\ComObject\plugins\npbasic.dll
c:\program files\Common Files\ComObject\plugins\npnul32.dll
c:\program files\Common Files\ComObject\README.txt
c:\program files\Common Files\ComObject\res\arrow.gif
c:\program files\Common Files\ComObject\res\arrowd.gif
c:\program files\Common Files\ComObject\res\broken-image.png
c:\program files\Common Files\ComObject\res\charsetalias.properties
c:\program files\Common Files\ComObject\res\charsetData.properties
c:\program files\Common Files\ComObject\res\contenteditable.css
c:\program files\Common Files\ComObject\res\designmode.css
c:\program files\Common Files\ComObject\res\dtd\mathml.dtd
c:\program files\Common Files\ComObject\res\dtd\xhtml11.dtd
c:\program files\Common Files\ComObject\res\EditorOverride.css
c:\program files\Common Files\ComObject\res\entityTables\html40Latin1.properties
c:\program files\Common Files\ComObject\res\entityTables\html40Special.properties
c:\program files\Common Files\ComObject\res\entityTables\html40Symbols.properties
c:\program files\Common Files\ComObject\res\entityTables\htmlEntityVersions.properties
c:\program files\Common Files\ComObject\res\entityTables\mathml20.properties
c:\program files\Common Files\ComObject\res\entityTables\transliterate.properties
c:\program files\Common Files\ComObject\res\fonts\mathfont.properties
c:\program files\Common Files\ComObject\res\fonts\mathfontStandardSymbolsL.properties
c:\program files\Common Files\ComObject\res\fonts\mathfontSTIXNonUnicode.properties
c:\program files\Common Files\ComObject\res\fonts\mathfontSTIXSize1.properties
c:\program files\Common Files\ComObject\res\fonts\mathfontSymbol.properties
c:\program files\Common Files\ComObject\res\fonts\mathfontUnicode.properties
c:\program files\Common Files\ComObject\res\forms.css
c:\program files\Common Files\ComObject\res\grabber.gif
c:\program files\Common Files\ComObject\res\hiddenWindow.html
c:\program files\Common Files\ComObject\res\html.css
c:\program files\Common Files\ComObject\res\html\folder.png
c:\program files\Common Files\ComObject\res\langGroups.properties
c:\program files\Common Files\ComObject\res\language.properties
c:\program files\Common Files\ComObject\res\loading-image.png
c:\program files\Common Files\ComObject\res\mathml.css
c:\program files\Common Files\ComObject\res\quirk.css
c:\program files\Common Files\ComObject\res\svg.css
c:\program files\Common Files\ComObject\res\table-add-column-after-active.gif
c:\program files\Common Files\ComObject\res\table-add-column-after-hover.gif
c:\program files\Common Files\ComObject\res\table-add-column-after.gif
c:\program files\Common Files\ComObject\res\table-add-column-before-active.gif
c:\program files\Common Files\ComObject\res\table-add-column-before-hover.gif
c:\program files\Common Files\ComObject\res\table-add-column-before.gif
c:\program files\Common Files\ComObject\res\table-add-row-after-active.gif
c:\program files\Common Files\ComObject\res\table-add-row-after-hover.gif
c:\program files\Common Files\ComObject\res\table-add-row-after.gif
c:\program files\Common Files\ComObject\res\table-add-row-before-active.gif
c:\program files\Common Files\ComObject\res\table-add-row-before-hover.gif
c:\program files\Common Files\ComObject\res\table-add-row-before.gif
c:\program files\Common Files\ComObject\res\table-remove-column-active.gif
c:\program files\Common Files\ComObject\res\table-remove-column-hover.gif
c:\program files\Common Files\ComObject\res\table-remove-column.gif
c:\program files\Common Files\ComObject\res\table-remove-row-active.gif
c:\program files\Common Files\ComObject\res\table-remove-row-hover.gif
c:\program files\Common Files\ComObject\res\table-remove-row.gif
c:\program files\Common Files\ComObject\res\ua.css
c:\program files\Common Files\ComObject\res\viewsource.css
c:\program files\Common Files\ComObject\res\wincharset.properties
c:\program files\Common Files\ComObject\searchplugins\amazondotcom.xml
c:\program files\Common Files\ComObject\searchplugins\answers.xml
c:\program files\Common Files\ComObject\searchplugins\creativecommons.xml
c:\program files\Common Files\ComObject\searchplugins\eBay.xml
c:\program files\Common Files\ComObject\searchplugins\google.xml
c:\program files\Common Files\ComObject\searchplugins\wikipedia.xml
c:\program files\Common Files\ComObject\searchplugins\yahoo.xml
c:\program files\Common Files\ComObject\smime3.dll
c:\program files\Common Files\ComObject\softokn3.chk
c:\program files\Common Files\ComObject\softokn3.dll
c:\program files\Common Files\ComObject\sq0.exe
c:\program files\Common Files\ComObject\sqlite3.dll
c:\program files\Common Files\ComObject\ssl3.dll
c:\program files\Common Files\ComObject\uninstall\helper.exe
c:\program files\Common Files\ComObject\update.locale
c:\program files\Common Files\ComObject\updater.ini
c:\program files\Common Files\ComObject\updatewin32.exe
c:\program files\Common Files\ComObject\xpcom.dll
c:\program files\Common Files\ComObject\xul.dll
c:\users\Administrator\AppData\Roaming\Local
c:\users\Public\Desktop\Search.lnk
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\isRS-000.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\123ff01.dll
c:\windows\system32\12b137d1.dll
c:\windows\system32\1326b1ae.dll
c:\windows\system32\1518a062.dll
c:\windows\system32\1527ef1c.dll
c:\windows\system32\154c7224.dll
c:\windows\system32\15fab922.dll
c:\windows\system32\172e8d1e.dll
c:\windows\system32\175ea104.dll
c:\windows\system32\19053af2.dll
c:\windows\system32\197f2b0.dll
c:\windows\system32\1af1d4ba.dll
c:\windows\system32\25443ff.dll
c:\windows\system32\26bafd8.dll
c:\windows\system32\26fe0a60.dll
c:\windows\system32\28fe240.dll
c:\windows\system32\29a6eb78.dll
c:\windows\system32\2b44edb2.dll
c:\windows\system32\2e45260.dll
c:\windows\system32\30a9d982.dll
c:\windows\system32\39097cc7.dll
c:\windows\system32\4cd553e.dll
c:\windows\system32\5915b80.dll
c:\windows\system32\6340f38.dll
c:\windows\system32\6f50a16.dll
c:\windows\system32\7b6ce9c.dll
c:\windows\system32\a7ef1d8.dll
c:\windows\system32\d1cd822.dll
c:\windows\system32\d375e80.dll
c:\windows\system32\drivers\200429017a5e0442.sys
c:\windows\system32\f66bbcf.dll
c:\windows\system32\SET55E4.tmp
c:\windows\system32\SET6371.tmp
c:\windows\system32\SET6BCE.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
-------\Legacy_200429017a5e0442
-------\Service_200429017a5e0442
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-09 to 2013-04-09  )))))))))))))))))))))))))))))))
.
.
2013-04-09 21:27 . 2013-04-09 21:55	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-04-09 21:27 . 2013-04-09 21:27	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-09 21:27 . 2013-04-09 21:27	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-09 21:27 . 2013-04-09 21:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-30 17:08 . 2013-03-30 17:08	--------	d-----w-	C:\_OTL
2013-03-17 14:47 . 2012-07-11 20:45	2474608	----a-w-	C:\Procmon.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 23:01 . 2011-05-19 00:51	602112	----a-w-	C:\OTL.exe
2009-11-20 00:08 . 2009-11-20 00:08	3749224	----a-w-	c:\program files\Common Files\adlmint_libFNP.dll
2009-11-20 00:08 . 2009-11-20 00:08	2941288	----a-w-	c:\program files\Common Files\adlmint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50	121528	----a-w-	d:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 13:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2012-06-06 16:32	1899144	----a-w-	g:\udk\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2013-03-29 1631144]
"NVIDIA nTune"="g:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]
"Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]
"V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768]
"PlusService"="d:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"TortoiseHgOverlayIconServer"="g:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-07-03 47880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll" [2008-04-05 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=mapledxp.dll
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2011-10-23 20:07	1044992	----a-w-	g:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-07-01 17:44	3077528	----a-w-	c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-02-03 10:40	394984	----a-w-	d:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
Akamai	REG_MULTI_SZ   	Akamai
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbc.ca/news
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/news
FF - ExtSQL: 2013-03-10 14:04; {30E08C68-889E-11E0-95EF-DA7E4824019B}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-EvtMgr6 - d:\program files\Logitech\SetPointP\SetPoint.exe
AddRemove-ArnA 2: Combined Operations - g:\program files\ArmA 2\uninstall.exe
AddRemove-BattlEye for A2 - g:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-Fraps - d:\fraps\uninstall.exe
AddRemove-Hellfire - d:\sierra\HELLFIRE\Uninst.isu
AddRemove-Hisoutensoku English - d:\touhou games\th123 - Copy\uninstall_th123e.exe
AddRemove-1_is1 - d:\touhou games\ƒJƒXƒKƒ\ƒtƒg\–Z‚µ‚¢l‚Ì‚½‚ß‚Ì‚±‚¤‚Ü‚«‚傤\unins000.exe
AddRemove-4_is1 - d:\touhou games\ƒJƒXƒKƒ\ƒtƒg\–Z‚µ‚¢l‚Ì‚½‚߂̂悤‚悤‚ÞEXTRA\unins000.exe
AddRemove-JDIMJFPLIPJHJCIGIMIA - d:\touhou games\“Œ•û—’†Œ€\_uninst.exe
AddRemove-JDIMJFPLJHFGIJIDJAKCIKEF - d:\touhou games\thworld\_uninst.exe
AddRemove-Mumble - d:\program files\Mumble\Uninstall.exe
AddRemove-SWR English - d:\touhou games\Touhou 10.5 Scarlet Weather Rhapsody\uninstall_th105e.exe
AddRemove-TM Plot_is1 - g:\tm\TM Plot\unins000.exe
AddRemove-UDK-ebfcc32b-3229-4c5a-9cae-822c4c9f11cc - g:\udk\Whizzle\Binaries\UnSetup.exe
AddRemove-{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1 - d:\touhou games\Touhou 12.3 ~ Unthinkable Natural Law\unins000.exe
AddRemove-{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1 - d:\touhou games\Touhou 10.5 Scarlet Weather Rhapsody\unins000.exe
AddRemove-•sŽv‹c‚ÌŒ¶‘z‹½_is1 - d:\touhou games\•sŽv‹c‚ÌŒ¶‘z‹½\unins000.exe
AddRemove-ªˆÅ“`à_is1 - d:\touhou games\ªˆÅ“`à\unins000.exe
AddRemove-“Œ•û‘å‰^“®‰ï - d:\touhou games\“Œ•û‘å‰^“®‰ï\uninstall.exe
AddRemove-“Œ•ûŒ¶‘z–ƒ_is1 - d:\touhou games\“Œ•ûŒ¶‘z–ƒ\unins000.exe
AddRemove-ªF¤è¤f³U¾Ôª§EVO - d:\touhou games\ªF¤è¤f³U¾Ôª§EVO\uninstall.exe
AddRemove-GCalc 3 - c:\windows\system32\javaws.exe
.
.
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:/UDK/Perforce/P4VResources/p4ob.exe]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\08\05\05\03 $?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5116)
d:\program files\Xfire\xfire_toucan_45547.dll
g:\program files\TortoiseHg\ThgShellx86.dll
c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll
d:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
d:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\program files\LogMeIn Hamachi\hamachi-2.exe
d:\program files\LogMeIn\x86\LMIGuardianSvc.exe
d:\program files\LogMeIn\x86\RaMaint.exe
d:\program files\LogMeIn\x86\LogMeIn.exe
g:\program files\Alias\Maya7.0\docs\wrapper.exe
g:\program files\NVIDIA Corporation\nTune\nTuneService.exe
g:\program files\Alias\Maya7.0\docs\jre\bin\java.exe
c:\windows\system32\conhost.exe
d:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
d:\program files\Xfire\Xfire.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-04-09  19:02:55 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-09 22:02
.
Pre-Run: 114,384,896 bytes free
Post-Run: 996,241,408 bytes free
.
- - End Of File - - 973610E91FAD5870B8ED1C5EBEDDA4EC


TDSSKiller log:

12:39:16.0898 2980  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:39:17.0250 2980  ============================================================
12:39:17.0250 2980  Current date / time: 2013/04/10 12:39:17.0250
12:39:17.0250 2980  SystemInfo:
12:39:17.0251 2980  
12:39:17.0251 2980  OS Version: 6.1.7600 ServicePack: 0.0
12:39:17.0251 2980  Product type: Workstation
12:39:17.0251 2980  ComputerName: HEAVENH-B8RJ5SH
12:39:17.0251 2980  UserName: Administrator
12:39:17.0251 2980  Windows directory: C:\Windows
12:39:17.0251 2980  System windows directory: C:\Windows
12:39:17.0251 2980  Processor architecture: Intel x86
12:39:17.0251 2980  Number of processors: 2
12:39:17.0251 2980  Page size: 0x1000
12:39:17.0251 2980  Boot type: Normal boot
12:39:17.0251 2980  ============================================================
12:39:18.0559 2980  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:39:18.0587 2980  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:39:18.0603 2980  ============================================================
12:39:18.0603 2980  \Device\Harddisk1\DR1:
12:39:18.0603 2980  MBR partitions:
12:39:18.0603 2980  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000
12:39:18.0603 2980  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x30385000
12:39:18.0603 2980  \Device\Harddisk0\DR0:
12:39:18.0604 2980  MBR partitions:
12:39:18.0604 2980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
12:39:18.0604 2980  ============================================================
12:39:18.0679 2980  C: <-> \Device\Harddisk1\DR1\Partition1
12:39:18.0734 2980  D: <-> \Device\Harddisk1\DR1\Partition2
12:39:18.0810 2980  G: <-> \Device\Harddisk0\DR0\Partition1
12:39:18.0824 2980  ============================================================
12:39:18.0824 2980  Initialize success
12:39:18.0824 2980  ============================================================
12:40:15.0828 5992  ============================================================
12:40:15.0828 5992  Scan started
12:40:15.0828 5992  Mode: Manual; SigCheck; TDLFS; 
12:40:15.0828 5992  ============================================================
12:40:18.0351 5992  ================ Scan system memory ========================
12:40:18.0351 5992  System memory - ok
12:40:18.0352 5992  ================ Scan services =============================
12:40:18.0616 5992  [ BF02F806C873ABB04B197161E8E5A316 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:40:19.0333 5992  1394ohci - ok
12:40:19.0425 5992  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:40:19.0450 5992  ACPI - ok
12:40:19.0474 5992  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:40:19.0566 5992  AcpiPmi - ok
12:40:19.0594 5992  adfs - ok
12:40:19.0754 5992  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:40:19.0782 5992  AdobeARMservice - ok
12:40:19.0846 5992  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:40:19.0862 5992  adp94xx - ok
12:40:19.0890 5992  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:40:19.0903 5992  adpahci - ok
12:40:19.0936 5992  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:40:19.0947 5992  adpu320 - ok
12:40:19.0994 5992  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:40:20.0098 5992  AeLookupSvc - ok
12:40:20.0132 5992  [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD             C:\Windows\system32\drivers\afd.sys
12:40:20.0226 5992  AFD - ok
12:40:20.0256 5992  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:40:20.0265 5992  agp440 - ok
12:40:20.0305 5992  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:40:20.0315 5992  aic78xx - ok
12:40:20.0509 5992  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files\common files\akamai/netsession_win_ca0e279.dll
12:40:20.0509 5992  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
12:40:20.0518 5992  Akamai ( HiddenFile.Multi.Generic ) - warning
12:40:20.0518 5992  Akamai - detected HiddenFile.Multi.Generic (1)
12:40:20.0557 5992  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:40:20.0612 5992  ALG - ok
12:40:20.0631 5992  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:40:20.0640 5992  aliide - ok
12:40:20.0650 5992  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:40:20.0660 5992  amdagp - ok
12:40:20.0668 5992  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:40:20.0676 5992  amdide - ok
12:40:20.0699 5992  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:40:20.0796 5992  AmdK8 - ok
12:40:20.0817 5992  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:40:20.0850 5992  AmdPPM - ok
12:40:20.0868 5992  [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:40:20.0878 5992  amdsata - ok
12:40:20.0893 5992  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:40:20.0904 5992  amdsbs - ok
12:40:20.0910 5992  [ B81C2B5616F6420A9941EA093A92B150 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:40:20.0919 5992  amdxata - ok
12:40:20.0961 5992  [ D2BF422C2611632AFB9CE8F7B2A8C306 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
12:40:20.0984 5992  AmUStor ( UnsignedFile.Multi.Generic ) - warning
12:40:20.0984 5992  AmUStor - detected UnsignedFile.Multi.Generic (1)
12:40:21.0019 5992  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
12:40:21.0088 5992  AppID - ok
12:40:21.0128 5992  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:40:21.0174 5992  AppIDSvc - ok
12:40:21.0181 5992  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
12:40:21.0217 5992  Appinfo - ok
12:40:21.0239 5992  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:40:21.0287 5992  AppMgmt - ok
12:40:21.0299 5992  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
12:40:21.0309 5992  arc - ok
12:40:21.0317 5992  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:40:21.0328 5992  arcsas - ok
12:40:21.0487 5992  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:40:21.0536 5992  aspnet_state - ok
12:40:21.0580 5992  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
12:40:21.0683 5992  aswFsBlk - ok
12:40:21.0751 5992  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:40:21.0765 5992  aswMonFlt - ok
12:40:21.0800 5992  [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
12:40:21.0810 5992  aswRdr - ok
12:40:21.0836 5992  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:40:21.0865 5992  aswSnx - ok
12:40:21.0896 5992  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:40:21.0911 5992  aswSP - ok
12:40:21.0917 5992  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
12:40:21.0926 5992  aswTdi - ok
12:40:21.0939 5992  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:40:21.0989 5992  AsyncMac - ok
12:40:22.0030 5992  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:40:22.0038 5992  atapi - ok
12:40:22.0089 5992  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:40:22.0155 5992  AudioEndpointBuilder - ok
12:40:22.0164 5992  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:40:22.0191 5992  Audiosrv - ok
12:40:22.0293 5992  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:40:22.0300 5992  avast! Antivirus - ok
12:40:22.0328 5992  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:40:22.0469 5992  AxInstSV - ok
12:40:22.0522 5992  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
12:40:22.0581 5992  b06bdrv - ok
12:40:22.0609 5992  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:40:22.0644 5992  b57nd60x - ok
12:40:22.0682 5992  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:40:22.0773 5992  BDESVC - ok
12:40:22.0781 5992  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:40:22.0804 5992  Beep - ok
12:40:22.0866 5992  [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService       C:\Program Files\Common Files\BattlEye\BEService.exe
12:40:22.0888 5992  BEService ( UnsignedFile.Multi.Generic ) - warning
12:40:22.0888 5992  BEService - detected UnsignedFile.Multi.Generic (1)
12:40:22.0950 5992  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
12:40:23.0024 5992  BFE - ok
12:40:23.0078 5992  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\system32\qmgr.dll
12:40:23.0140 5992  BITS - ok
12:40:23.0169 5992  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:40:23.0194 5992  blbdrive - ok
12:40:23.0255 5992  [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:40:23.0280 5992  Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
12:40:23.0280 5992  Bonjour Service - detected UnsignedFile.Multi.Generic (1)
12:40:23.0306 5992  [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:40:23.0330 5992  bowser - ok
12:40:23.0361 5992  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:40:23.0417 5992  BrFiltLo - ok
12:40:23.0456 5992  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:40:23.0480 5992  BrFiltUp - ok
12:40:23.0516 5992  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:40:23.0555 5992  BridgeMP - ok
12:40:23.0608 5992  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser         C:\Windows\System32\browser.dll
12:40:23.0633 5992  Browser - ok
12:40:23.0669 5992  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:40:23.0731 5992  Brserid - ok
12:40:23.0761 5992  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:40:23.0787 5992  BrSerWdm - ok
12:40:23.0810 5992  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:40:23.0839 5992  BrUsbMdm - ok
12:40:23.0859 5992  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:40:23.0870 5992  BrUsbSer - ok
12:40:23.0885 5992  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:40:23.0913 5992  BTHMODEM - ok
12:40:23.0952 5992  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:40:23.0993 5992  bthserv - ok
12:40:24.0112 5992  catchme - ok
12:40:24.0127 5992  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:40:24.0162 5992  cdfs - ok
12:40:24.0194 5992  [ 656D1EC977E3C5316A62DBBE52CB9663 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:40:24.0286 5992  cdrom - ok
12:40:24.0300 5992  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:40:24.0339 5992  CertPropSvc - ok
12:40:24.0390 5992  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:40:24.0445 5992  circlass - ok
12:40:24.0480 5992  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:40:24.0493 5992  CLFS - ok
12:40:24.0596 5992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:40:24.0701 5992  clr_optimization_v2.0.50727_32 - ok
12:40:24.0748 5992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:40:24.0928 5992  clr_optimization_v4.0.30319_32 - ok
12:40:24.0957 5992  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:40:24.0979 5992  CmBatt - ok
12:40:24.0985 5992  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:40:24.0994 5992  cmdide - ok
12:40:25.0019 5992  [ 1B675691ED940766149C93E8F4488D68 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:40:25.0085 5992  CNG - ok
12:40:25.0108 5992  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:40:25.0117 5992  Compbatt - ok
12:40:25.0143 5992  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:40:25.0156 5992  CompositeBus - ok
12:40:25.0172 5992  COMSysApp - ok
12:40:25.0207 5992  [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x32.sys
12:40:25.0214 5992  cpuz135 - ok
12:40:25.0228 5992  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:40:25.0237 5992  crcdisk - ok
12:40:25.0287 5992  [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:40:25.0334 5992  CryptSvc - ok
12:40:25.0361 5992  [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC             C:\Windows\system32\drivers\csc.sys
12:40:25.0515 5992  CSC - ok
12:40:25.0546 5992  [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService      C:\Windows\System32\cscsvc.dll
12:40:25.0617 5992  CscService - ok
12:40:25.0661 5992  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:40:25.0743 5992  DcomLaunch - ok
12:40:25.0769 5992  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:40:25.0809 5992  defragsvc - ok
12:40:25.0837 5992  [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:40:25.0875 5992  DfsC - ok
12:40:25.0913 5992  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:40:25.0961 5992  Dhcp - ok
12:40:25.0976 5992  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:40:26.0015 5992  discache - ok
12:40:26.0048 5992  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:40:26.0057 5992  Disk - ok
12:40:26.0097 5992  [ D0722E963D3C6145446874241401B209 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:40:26.0143 5992  Dnscache - ok
12:40:26.0167 5992  [ A8E0833D994D84936FA72EE1BEF4774F ] dot3svc         C:\Windows\System32\dot3svc.dll
12:40:26.0211 5992  dot3svc - ok
12:40:26.0225 5992  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
12:40:26.0266 5992  DPS - ok
12:40:26.0300 5992  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:40:26.0329 5992  drmkaud - ok
12:40:26.0382 5992  [ 70A6158C26386636675584D9205313A1 ] DS1410D         C:\Windows\system32\drivers\ds1410d.sys
12:40:26.0400 5992  Suspicious file (Forged): C:\Windows\system32\drivers\ds1410d.sys. Real md5: 70A6158C26386636675584D9205313A1, Fake md5: 90925A49F08443B17E62B41D13254EE7
12:40:26.0400 5992  DS1410D ( ForgedFile.Multi.Generic ) - warning
12:40:26.0400 5992  DS1410D - detected ForgedFile.Multi.Generic (1)
12:40:26.0465 5992  [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:40:26.0495 5992  DXGKrnl - ok
12:40:26.0510 5992  [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
12:40:26.0533 5992  E1G60 - ok
12:40:26.0554 5992  EagleNT - ok
12:40:26.0569 5992  EagleXNt - ok
12:40:26.0606 5992  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:40:26.0632 5992  EapHost - ok
12:40:26.0719 5992  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
12:40:26.0804 5992  ebdrv - ok
12:40:26.0834 5992  [ F42309C4191C506B71DB5D1126D26318 ] EFS             C:\Windows\System32\lsass.exe
12:40:26.0879 5992  EFS - ok
12:40:26.0900 5992  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:40:26.0917 5992  elxstor - ok
12:40:26.0968 5992  [ 7449750D231B0C4BD48C32399711D76B ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
12:40:26.0975 5992  epfwwfp - ok
12:40:26.0987 5992  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:40:27.0014 5992  ErrDev - ok
12:40:27.0048 5992  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:40:27.0076 5992  EventSystem - ok
12:40:27.0091 5992  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:40:27.0117 5992  exfat - ok
12:40:27.0130 5992  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:40:27.0167 5992  fastfat - ok
12:40:27.0210 5992  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
12:40:27.0295 5992  Fax - ok
12:40:27.0305 5992  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:40:27.0328 5992  fdc - ok
12:40:27.0355 5992  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:40:27.0392 5992  fdPHost - ok
12:40:27.0440 5992  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:40:27.0482 5992  FDResPub - ok
12:40:27.0505 5992  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:40:27.0515 5992  FileInfo - ok
12:40:27.0528 5992  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:40:27.0562 5992  Filetrace - ok
12:40:27.0688 5992  [ C623057D3905323F760A8B3C8523C072 ] FileZilla Server G:\Program Files\FileZilla Server\FileZilla Server.exe
12:40:27.0704 5992  FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
12:40:27.0704 5992  FileZilla Server - detected UnsignedFile.Multi.Generic (1)
12:40:27.0759 5992  [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:40:27.0798 5992  FLEXnet Licensing Service - ok
12:40:27.0826 5992  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:40:27.0855 5992  flpydisk - ok
12:40:27.0882 5992  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:40:27.0894 5992  FltMgr - ok
12:40:27.0940 5992  [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache       C:\Windows\system32\FntCache.dll
12:40:28.0002 5992  FontCache - ok
12:40:28.0077 5992  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:40:28.0085 5992  FontCache3.0.0.0 - ok
12:40:28.0098 5992  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:40:28.0107 5992  FsDepends - ok
12:40:28.0114 5992  [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:40:28.0123 5992  Fs_Rec - ok
12:40:28.0174 5992  [ 8142D5D886829B9876CB93AF59475C09 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
12:40:28.0181 5992  FTDIBUS - ok
12:40:28.0213 5992  [ 63D72A4CF9F163B59DB0CEED940A7D76 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
12:40:28.0220 5992  FTSER2K - ok
12:40:28.0235 5992  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:40:28.0248 5992  fvevol - ok
12:40:28.0271 5992  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:40:28.0281 5992  gagp30kx - ok
12:40:28.0324 5992  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
12:40:28.0370 5992  gpsvc - ok
12:40:28.0489 5992  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9e9c75b191954 C:\Program Files\Google\Update\GoogleUpdate.exe
12:40:28.0497 5992  gupdate1c9e9c75b191954 - ok
12:40:28.0506 5992  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:40:28.0512 5992  gupdatem - ok
12:40:28.0548 5992  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:40:28.0575 5992  hamachi - ok
12:40:28.0687 5992  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
12:40:28.0739 5992  Hamachi2Svc - ok
12:40:28.0812 5992  [ D95554949082FD29A04D351B58396718 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
12:40:28.0927 5992  hardlock - ok
12:40:28.0965 5992  [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt          C:\Windows\system32\drivers\Haspnt.sys
12:40:28.0970 5992  Haspnt ( UnsignedFile.Multi.Generic ) - warning
12:40:28.0970 5992  Haspnt - detected UnsignedFile.Multi.Generic (1)
12:40:28.0981 5992  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:40:29.0018 5992  hcw85cir - ok
12:40:29.0050 5992  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:40:29.0115 5992  HdAudAddService - ok
12:40:29.0141 5992  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:40:29.0166 5992  HDAudBus - ok
12:40:29.0189 5992  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:40:29.0215 5992  HidBatt - ok
12:40:29.0237 5992  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:40:29.0267 5992  HidBth - ok
12:40:29.0294 5992  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:40:29.0324 5992  HidIr - ok
12:40:29.0353 5992  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
12:40:29.0391 5992  hidserv - ok
12:40:29.0453 5992  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:40:29.0520 5992  HidUsb - ok
12:40:29.0550 5992  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:40:29.0591 5992  hkmsvc - ok
12:40:29.0616 5992  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:40:29.0684 5992  HomeGroupListener - ok
12:40:29.0732 5992  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:40:29.0748 5992  HomeGroupProvider - ok
12:40:29.0807 5992  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:40:29.0817 5992  HpSAMD - ok
12:40:29.0848 5992  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:40:29.0899 5992  HTTP - ok
12:40:29.0917 5992  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:40:29.0925 5992  hwpolicy - ok
12:40:29.0947 5992  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:40:29.0974 5992  i8042prt - ok
12:40:30.0001 5992  [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:40:30.0016 5992  iaStorV - ok
12:40:30.0097 5992  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:40:30.0105 5992  IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:40:30.0105 5992  IDriverT - detected UnsignedFile.Multi.Generic (1)
12:40:30.0185 5992  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:40:30.0214 5992  idsvc - ok
12:40:30.0243 5992  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:40:30.0252 5992  iirsp - ok
12:40:30.0295 5992  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:40:30.0338 5992  IKEEXT - ok
12:40:30.0500 5992  [ 0DBEF9CD5A2CD71240DD5AFCEE56D073 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:40:30.0605 5992  IntcAzAudAddService - ok
12:40:30.0620 5992  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:40:30.0629 5992  intelide - ok
12:40:30.0640 5992  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:40:30.0664 5992  intelppm - ok
12:40:30.0693 5992  [ E2C2CE489356943C1922B8353DCDAD05 ] ioatdma         C:\Windows\System32\Drivers\qd26032.sys
12:40:30.0700 5992  ioatdma - ok
12:40:30.0735 5992  [ C4317DA9066EF0678DB2B68492523B38 ] ioatdma1        C:\Windows\System32\Drivers\qd16032.sys
12:40:30.0742 5992  ioatdma1 - ok
12:40:30.0755 5992  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:40:30.0796 5992  IPBusEnum - ok
12:40:30.0814 5992  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:40:30.0838 5992  IpFilterDriver - ok
12:40:30.0885 5992  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:40:30.0941 5992  iphlpsvc - ok
12:40:30.0974 5992  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:40:31.0004 5992  IPMIDRV - ok
12:40:31.0023 5992  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:40:31.0062 5992  IPNAT - ok
12:40:31.0085 5992  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:40:31.0115 5992  IRENUM - ok
12:40:31.0132 5992  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:40:31.0141 5992  isapnp - ok
12:40:31.0171 5992  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:40:31.0183 5992  iScsiPrt - ok
12:40:31.0221 5992  [ 2247354A4D999C9CBB4D61B2A27576B9 ] iSSetup         C:\Windows\system32\DRIVERS\iSSetup.sys
12:40:31.0298 5992  iSSetup - ok
12:40:31.0325 5992  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:40:31.0335 5992  kbdclass - ok
12:40:31.0352 5992  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:40:31.0378 5992  kbdhid - ok
12:40:31.0458 5992  [ F42309C4191C506B71DB5D1126D26318 ] KeyIso          C:\Windows\system32\lsass.exe
12:40:31.0471 5992  KeyIso - ok
12:40:31.0504 5992  [ E36A061EC11B373826905B21BE10948F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:40:31.0514 5992  KSecDD - ok
12:40:31.0545 5992  [ C1F278A8151CACEB89BADAF336E37740 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:40:31.0556 5992  KSecPkg - ok
12:40:31.0597 5992  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:40:31.0662 5992  KtmRm - ok
12:40:31.0691 5992  [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
12:40:31.0717 5992  L1E - ok
12:40:31.0764 5992  [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:40:31.0794 5992  LanmanServer - ok
12:40:31.0824 5992  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:40:31.0853 5992  LanmanWorkstation - ok
12:40:31.0864 5992  LBTServ - ok
12:40:31.0902 5992  [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
12:40:31.0909 5992  LGBusEnum - ok
12:40:31.0942 5992  [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
12:40:31.0949 5992  LGVirHid - ok
12:40:31.0985 5992  [ B68309F25C5787385DA842EB5B496958 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:40:31.0992 5992  LHidFilt - ok
12:40:32.0020 5992  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:40:32.0061 5992  lltdio - ok
12:40:32.0097 5992  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:40:32.0141 5992  lltdsvc - ok
12:40:32.0162 5992  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:40:32.0201 5992  lmhosts - ok
12:40:32.0305 5992  [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc  D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
12:40:32.0317 5992  LMIGuardianSvc - ok
12:40:32.0398 5992  [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo         D:\Program Files\LogMeIn\x86\RaInfo.sys
12:40:32.0440 5992  LMIInfo - ok
12:40:32.0472 5992  [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint        D:\Program Files\LogMeIn\x86\RaMaint.exe
12:40:32.0480 5992  LMIMaint - ok
12:40:32.0525 5992  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
12:40:32.0532 5992  lmimirr - ok
12:40:32.0537 5992  LMIRfsClientNP - ok
12:40:32.0560 5992  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
12:40:32.0567 5992  LMIRfsDriver - ok
12:40:32.0579 5992  [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:40:32.0585 5992  LMouFilt - ok
12:40:32.0649 5992  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         D:\Program Files\LogMeIn\x86\LogMeIn.exe
12:40:32.0661 5992  LogMeIn - ok
12:40:32.0722 5992  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:40:32.0732 5992  LSI_FC - ok
12:40:32.0752 5992  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:40:32.0762 5992  LSI_SAS - ok
12:40:32.0772 5992  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:40:32.0782 5992  LSI_SAS2 - ok
12:40:32.0795 5992  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:40:32.0805 5992  LSI_SCSI - ok
12:40:32.0817 5992  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:40:32.0857 5992  luafv - ok
12:40:32.0887 5992  [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
12:40:32.0894 5992  LUsbFilt - ok
12:40:32.0925 5992  [ 71FB2C9D23E62D42F7A8AF56E5DD8414 ] mapledxp        C:\Windows\System32\drivers\mapledxp.SYS
12:40:32.0945 5992  mapledxp ( UnsignedFile.Multi.Generic ) - warning
12:40:32.0946 5992  mapledxp - detected UnsignedFile.Multi.Generic (1)
12:40:33.0011 5992  [ C049EF30ACE3E2BEEBC41E37FE4BB2A1 ] maya70docserver G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
12:40:33.0030 5992  maya70docserver ( UnsignedFile.Multi.Generic ) - warning
12:40:33.0030 5992  maya70docserver - detected UnsignedFile.Multi.Generic (1)
12:40:33.0061 5992  [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
12:40:33.0080 5992  mcdbus ( UnsignedFile.Multi.Generic ) - warning
12:40:33.0080 5992  mcdbus - detected UnsignedFile.Multi.Generic (1)
12:40:33.0095 5992  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:40:33.0104 5992  megasas - ok
12:40:33.0120 5992  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:40:33.0133 5992  MegaSR - ok
12:40:33.0251 5992  [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2010_32 C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
12:40:33.0274 5992  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - warning
12:40:33.0274 5992  mi-raysat_3dsmax2010_32 - detected UnsignedFile.Multi.Generic (1)
12:40:33.0350 5992  [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:40:33.0366 5992  Microsoft Office Groove Audit Service - ok
12:40:33.0418 5992  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:40:33.0475 5992  MMCSS - ok
12:40:33.0492 5992  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:40:33.0517 5992  Modem - ok
12:40:33.0525 5992  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:40:33.0550 5992  monitor - ok
12:40:33.0572 5992  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:40:33.0582 5992  mouclass - ok
12:40:33.0610 5992  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:40:33.0634 5992  mouhid - ok
12:40:33.0652 5992  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:40:33.0662 5992  mountmgr - ok
12:40:33.0724 5992  [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:40:33.0734 5992  MozillaMaintenance - ok
12:40:33.0748 5992  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:40:33.0759 5992  mpio - ok
12:40:33.0769 5992  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:40:33.0803 5992  mpsdrv - ok
12:40:33.0851 5992  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:40:33.0893 5992  MpsSvc - ok
12:40:33.0903 5992  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:40:33.0918 5992  MRxDAV - ok
12:40:33.0956 5992  [ 9E5DD4EF01AED723ABF5342EF23FF012 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:40:33.0985 5992  mrxsmb - ok
12:40:34.0001 5992  [ 6532ACBF612A8D340EF9E25E4FEF21EE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:40:34.0032 5992  mrxsmb10 - ok
12:40:34.0052 5992  [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:40:34.0076 5992  mrxsmb20 - ok
12:40:34.0090 5992  [ BB14A640E7F234F260D1AA19A60CF960 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:40:34.0122 5992  msahci - ok
12:40:34.0158 5992  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:40:34.0169 5992  msdsm - ok
12:40:34.0185 5992  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:40:34.0212 5992  MSDTC - ok
12:40:34.0234 5992  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:40:34.0257 5992  Msfs - ok
12:40:34.0267 5992  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:40:34.0302 5992  mshidkmdf - ok
12:40:34.0319 5992  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:40:34.0328 5992  msisadrv - ok
12:40:34.0371 5992  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:40:34.0456 5992  MSiSCSI - ok
12:40:34.0462 5992  msiserver - ok
12:40:34.0484 5992  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:40:34.0519 5992  MSKSSRV - ok
12:40:34.0565 5992  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:40:34.0605 5992  MSPCLOCK - ok
12:40:34.0620 5992  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:40:34.0661 5992  MSPQM - ok
12:40:34.0684 5992  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:40:34.0696 5992  MsRPC - ok
12:40:34.0733 5992  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:40:34.0742 5992  mssmbios - ok
12:40:34.0801 5992  MSSQL$SQLEXPRESS - ok
12:40:34.0882 5992  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:40:34.0910 5992  MSSQLServerADHelper100 - ok
12:40:34.0915 5992  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:40:34.0938 5992  MSTEE - ok
12:40:34.0952 5992  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:40:34.0975 5992  MTConfig - ok
12:40:35.0027 5992  [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
12:40:35.0084 5992  MTsensor - ok
12:40:35.0099 5992  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:40:35.0108 5992  Mup - ok
12:40:35.0150 5992  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
12:40:35.0204 5992  napagent - ok
12:40:35.0246 5992  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:40:35.0281 5992  NativeWifiP - ok
12:40:35.0311 5992  [ 779E9149D3662ED6BEB58A67E3C775F4 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:40:35.0341 5992  NDIS - ok
12:40:35.0369 5992  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:40:35.0467 5992  NdisCap - ok
12:40:35.0489 5992  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:40:35.0513 5992  NdisTapi - ok
12:40:35.0529 5992  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:40:35.0553 5992  Ndisuio - ok
12:40:35.0567 5992  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:40:35.0602 5992  NdisWan - ok
12:40:35.0626 5992  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:40:35.0650 5992  NDProxy - ok
12:40:35.0663 5992  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:40:35.0687 5992  NetBIOS - ok
12:40:35.0698 5992  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:40:35.0739 5992  NetBT - ok
12:40:35.0758 5992  [ F42309C4191C506B71DB5D1126D26318 ] Netlogon        C:\Windows\system32\lsass.exe
12:40:35.0771 5992  Netlogon - ok
12:40:35.0822 5992  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:40:35.0879 5992  Netman - ok
12:40:35.0938 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:40:35.0980 5992  NetMsmqActivator - ok
12:40:35.0995 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:40:36.0002 5992  NetPipeActivator - ok
12:40:36.0024 5992  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:40:36.0078 5992  netprofm - ok
12:40:36.0095 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:40:36.0103 5992  NetTcpActivator - ok
12:40:36.0108 5992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:40:36.0117 5992  NetTcpPortSharing - ok
12:40:36.0137 5992  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:40:36.0147 5992  nfrd960 - ok
12:40:36.0164 5992  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:40:36.0194 5992  NlaSvc - ok
12:40:36.0268 5992  [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
12:40:36.0275 5992  nosGetPlusHelper - ok
12:40:36.0293 5992  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:40:36.0326 5992  Npfs - ok
12:40:36.0352 5992  npggsvc - ok
12:40:36.0425 5992  [ BBC47A2E02BE7DEAA8ED514AAB4F1FAF ] NPPTNT2         C:\Windows\system32\npptNT2.sys
12:40:36.0457 5992  NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
12:40:36.0457 5992  NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
12:40:36.0479 5992  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:40:36.0505 5992  nsi - ok
12:40:36.0510 5992  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:40:36.0548 5992  nsiproxy - ok
12:40:36.0597 5992  [ 3795DCD21F740EE799FB7223234215AF ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:40:36.0640 5992  Ntfs - ok
12:40:36.0679 5992  nTuneService - ok
12:40:36.0691 5992  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:40:36.0715 5992  Null - ok
12:40:36.0921 5992  [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:40:37.0200 5992  nvlddmkm - ok
12:40:37.0242 5992  [ 9CE1B0E5CFA8223CEC3BE1C7616E9F63 ] NVR0Dev         C:\Windows\nvoclock.sys
12:40:37.0263 5992  NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
12:40:37.0263 5992  NVR0Dev - detected UnsignedFile.Multi.Generic (1)
12:40:37.0313 5992  [ A73F918EC995DDDBFB0D0CF1F546089A ] NVR0FLASHDev    C:\Windows\nvflash.sys
12:40:37.0320 5992  NVR0FLASHDev - ok
12:40:37.0336 5992  [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:40:37.0347 5992  nvraid - ok
12:40:37.0360 5992  [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:40:37.0410 5992  nvstor - ok
12:40:37.0468 5992  [ 782945716AD010AC3D41758E8E52C735 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:40:37.0496 5992  nvsvc - ok
12:40:37.0582 5992  [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:40:37.0625 5992  nvUpdatusService - ok
12:40:37.0640 5992  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:40:37.0651 5992  nv_agp - ok
12:40:37.0663 5992  [ 908593EAC1FFE529FE760B0A378B3600 ] O2MDRDR         C:\Windows\system32\DRIVERS\o2media.sys
12:40:37.0670 5992  O2MDRDR - ok
12:40:37.0683 5992  [ E5E4F48A17CDD4683936B06563BA1C51 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sd.sys
12:40:37.0690 5992  O2SDRDR - ok
12:40:37.0784 5992  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:40:37.0799 5992  odserv - ok
12:40:37.0816 5992  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:40:37.0851 5992  ohci1394 - ok
12:40:37.0892 5992  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:40:37.0902 5992  ose - ok
12:40:37.0947 5992  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:40:38.0011 5992  p2pimsvc - ok
12:40:38.0045 5992  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:40:38.0084 5992  p2psvc - ok
12:40:38.0134 5992  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
12:40:38.0158 5992  Parport - ok
12:40:38.0176 5992  [ FF4218952B51DE44FE910953A3E686B9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:40:38.0186 5992  partmgr - ok
12:40:38.0199 5992  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:40:38.0227 5992  Parvdm - ok
12:40:38.0248 5992  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:40:38.0267 5992  PcaSvc - ok
12:40:38.0281 5992  [ 80A4748A0304715C29093311795AC448 ] pci             C:\Windows\system32\drivers\pci.sys
12:40:38.0292 5992  pci - ok
12:40:38.0305 5992  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:40:38.0314 5992  pciide - ok
12:40:38.0330 5992  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:40:38.0342 5992  pcmcia - ok
12:40:38.0356 5992  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:40:38.0365 5992  pcw - ok
12:40:38.0449 5992  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:40:38.0502 5992  PEAUTH - ok
12:40:38.0539 5992  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:40:38.0619 5992  PeerDistSvc - ok
12:40:38.0667 5992  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
12:40:38.0732 5992  pla - ok
12:40:38.0766 5992  [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:40:38.0818 5992  PlugPlay - ok
12:40:38.0869 5992  [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
12:40:38.0880 5992  PnkBstrA - ok
12:40:38.0893 5992  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:40:38.0924 5992  PNRPAutoReg - ok
12:40:38.0947 5992  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:40:38.0964 5992  PNRPsvc - ok
12:40:39.0001 5992  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:40:39.0046 5992  PolicyAgent - ok
12:40:39.0071 5992  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
12:40:39.0100 5992  Power - ok
12:40:39.0119 5992  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:40:39.0159 5992  PptpMiniport - ok
12:40:39.0182 5992  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
12:40:39.0195 5992  Processor - ok
12:40:39.0241 5992  [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc         C:\Windows\system32\profsvc.dll
12:40:39.0270 5992  ProfSvc - ok
12:40:39.0283 5992  [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:40:39.0312 5992  ProtectedStorage - ok
12:40:39.0358 5992  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:40:39.0412 5992  Psched - ok
12:40:39.0473 5992  [ BCF8D075FAD718FEA8EF6E281331A56E ] PStrip          C:\Windows\system32\drivers\pstrip.sys
12:40:39.0481 5992  PStrip - ok
12:40:39.0519 5992  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:40:39.0564 5992  ql2300 - ok
12:40:39.0581 5992  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:40:39.0591 5992  ql40xx - ok
12:40:39.0609 5992  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:40:39.0653 5992  QWAVE - ok
12:40:39.0671 5992  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:40:39.0685 5992  QWAVEdrv - ok
12:40:39.0700 5992  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:40:39.0736 5992  RasAcd - ok
12:40:39.0769 5992  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:40:39.0793 5992  RasAgileVpn - ok
12:40:39.0802 5992  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:40:39.0830 5992  RasAuto - ok
12:40:39.0848 5992  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:40:39.0892 5992  Rasl2tp - ok
12:40:39.0954 5992  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
12:40:40.0034 5992  RasMan - ok
12:40:40.0066 5992  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:40:40.0102 5992  RasPppoe - ok
12:40:40.0119 5992  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:40:40.0160 5992  RasSstp - ok
12:40:40.0181 5992  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:40:40.0228 5992  rdbss - ok
12:40:40.0282 5992  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:40:40.0295 5992  rdpbus - ok
12:40:40.0304 5992  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:40:40.0327 5992  RDPCDD - ok
12:40:40.0350 5992  [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:40:40.0436 5992  RDPDR - ok
12:40:40.0474 5992  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:40:40.0498 5992  RDPENCDD - ok
12:40:40.0509 5992  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:40:40.0545 5992  RDPREFMP - ok
12:40:40.0560 5992  [ 801371BA9782282892D00AADB08EE367 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:40:40.0599 5992  RDPWD - ok
12:40:40.0618 5992  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:40:40.0629 5992  rdyboost - ok
12:40:40.0665 5992  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:40:40.0708 5992  RemoteAccess - ok
12:40:40.0741 5992  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:40:40.0769 5992  RemoteRegistry - ok
12:40:40.0805 5992  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
12:40:40.0846 5992  rimmptsk - ok
12:40:40.0861 5992  [ AF213955C4D952C914620E8DB0CD0CF7 ] rimspci         C:\Windows\system32\DRIVERS\rimspe86.sys
12:40:40.0913 5992  rimspci - ok
12:40:40.0935 5992  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
12:40:40.0978 5992  rimsptsk - ok
12:40:40.0995 5992  [ 6978DECC2C38C5CE10A8B0F2B12F4451 ] risdpcie        C:\Windows\system32\DRIVERS\risdpe86.sys
12:40:41.0037 5992  risdpcie - ok
12:40:41.0061 5992  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
12:40:41.0081 5992  rismxdp - ok
12:40:41.0096 5992  [ 764C1F3453E779724BA647327DE7DDD4 ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe86.sys
12:40:41.0115 5992  rixdpcie - ok
12:40:41.0133 5992  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:40:41.0169 5992  RpcEptMapper - ok
12:40:41.0205 5992  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:40:41.0220 5992  RpcLocator - ok
12:40:41.0236 5992  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\System32\rpcss.dll
12:40:41.0266 5992  RpcSs - ok
12:40:41.0305 5992  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
12:40:41.0316 5992  RsFx0103 - ok
12:40:41.0351 5992  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:40:41.0376 5992  rspndr - ok
12:40:41.0440 5992  [ 83F7A29B659771E60CD71999EF57AA0C ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:40:41.0467 5992  RSUSBSTOR - ok
12:40:41.0509 5992  [ 25C91EE1BE0C0CFA79696A2D0B47AA43 ] RTL8187         C:\Windows\system32\DRIVERS\RTL8187.sys
12:40:41.0578 5992  RTL8187 - ok
12:40:41.0607 5992  [ 702A60ACC6C067CC3F688C801A1F76E1 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
12:40:41.0674 5992  RTSTOR - ok
12:40:41.0730 5992  [ 5423D8437051E89DD34749F242C98648 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:40:41.0783 5992  s3cap - ok
12:40:41.0792 5992  [ F42309C4191C506B71DB5D1126D26318 ] SamSs           C:\Windows\system32\lsass.exe
12:40:41.0805 5992  SamSs - ok
12:40:41.0863 5992  [ 0E5A3D6B8362D7B44DBF56ACD2C090CE ] SbieDrv         D:\Program Files\Sandboxie\SbieDrv.sys
12:40:41.0873 5992  SbieDrv - ok
12:40:41.0901 5992  [ DE28C8DE65E2E166D1983BDDCE87FBCE ] SbieSvc         D:\Program Files\Sandboxie\SbieSvc.exe
12:40:41.0908 5992  SbieSvc - ok
12:40:41.0926 5992  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:40:41.0936 5992  sbp2port - ok
12:40:41.0972 5992  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:40:42.0001 5992  SCardSvr - ok
12:40:42.0016 5992  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:40:42.0055 5992  scfilter - ok
12:40:42.0088 5992  [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule        C:\Windows\system32\schedsvc.dll
12:40:42.0141 5992  Schedule - ok
12:40:42.0174 5992  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:40:42.0198 5992  SCPolicySvc - ok
12:40:42.0212 5992  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:40:42.0262 5992  SDRSVC - ok
12:40:42.0348 5992  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:40:42.0359 5992  SeaPort - ok
12:40:42.0399 5992  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:40:42.0461 5992  seclogon - ok
12:40:42.0490 5992  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
12:40:42.0518 5992  SENS - ok
12:40:42.0531 5992  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:40:42.0578 5992  SensrSvc - ok
12:40:42.0638 5992  [ 8627C992B8A80504FC477B2E8FF8EC4F ] Sentinel        C:\Windows\System32\Drivers\SENTINEL.SYS
12:40:42.0644 5992  Sentinel ( UnsignedFile.Multi.Generic ) - warning
12:40:42.0644 5992  Sentinel - detected UnsignedFile.Multi.Generic (1)
12:40:42.0680 5992  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:40:42.0692 5992  Serenum - ok
12:40:42.0703 5992  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:40:42.0715 5992  Serial - ok
12:40:42.0741 5992  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:40:42.0771 5992  sermouse - ok
12:40:42.0805 5992  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
12:40:42.0848 5992  SessionEnv - ok
12:40:42.0853 5992  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:40:42.0899 5992  sffdisk - ok
12:40:42.0904 5992  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:40:42.0915 5992  sffp_mmc - ok
12:40:42.0920 5992  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:40:42.0932 5992  sffp_sd - ok
12:40:42.0947 5992  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:40:42.0972 5992  sfloppy - ok
12:40:43.0036 5992  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:40:43.0077 5992  SharedAccess - ok
12:40:43.0105 5992  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:40:43.0153 5992  ShellHWDetection - ok
12:40:43.0171 5992  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:40:43.0181 5992  sisagp - ok
12:40:43.0207 5992  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:40:43.0217 5992  SiSRaid2 - ok
12:40:43.0234 5992  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:40:43.0244 5992  SiSRaid4 - ok
12:40:43.0256 5992  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:40:43.0292 5992  Smb - ok
12:40:43.0348 5992  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:40:43.0382 5992  SNMPTRAP - ok
12:40:43.0470 5992  [ 87F799C486302ACEFF098E067D481D9C ] Sntnlusb        C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
12:40:43.0475 5992  Sntnlusb ( UnsignedFile.Multi.Generic ) - warning
12:40:43.0475 5992  Sntnlusb - detected UnsignedFile.Multi.Generic (1)
12:40:43.0514 5992  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:40:43.0523 5992  spldr - ok
12:40:43.0568 5992  [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler         C:\Windows\System32\spoolsv.exe
12:40:43.0598 5992  Spooler - ok
12:40:43.0663 5992  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:40:43.0773 5992  sppsvc - ok
12:40:43.0795 5992  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:40:43.0834 5992  sppuinotify - ok
12:40:43.0872 5992  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys
12:40:43.0901 5992  sptd - ok
12:40:43.0933 5992  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
12:40:43.0981 5992  SQLAgent$SQLEXPRESS - ok
12:40:44.0037 5992  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:40:44.0048 5992  SQLBrowser - ok
12:40:44.0094 5992  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:40:44.0102 5992  SQLWriter - ok
12:40:44.0133 5992  [ 50A83CA406C808BD35AC9141A0C7618F ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:40:44.0173 5992  srv - ok
12:40:44.0190 5992  [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:40:44.0234 5992  srv2 - ok
12:40:44.0255 5992  [ BD1433A32792FD0DC450479094FC435A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:40:44.0278 5992  srvnet - ok
12:40:44.0311 5992  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:40:44.0340 5992  SSDPSRV - ok
12:40:44.0348 5992  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:40:44.0393 5992  SstpSvc - ok
12:40:44.0423 5992  StarOpen - ok
12:40:44.0473 5992  Steam Client Service - ok
12:40:44.0519 5992  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:40:44.0532 5992  Stereo Service - ok
12:40:44.0548 5992  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:40:44.0557 5992  stexstor - ok
12:40:44.0601 5992  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:40:44.0643 5992  StiSvc - ok
12:40:44.0670 5992  [ 957E346CA948668F2496A6CCF6FF82CC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:40:44.0679 5992  storflt - ok
12:40:44.0692 5992  [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:40:44.0702 5992  storvsc - ok
12:40:44.0712 5992  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:40:44.0721 5992  swenum - ok
12:40:44.0829 5992  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:40:44.0856 5992  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:40:44.0856 5992  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:40:44.0876 5992  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:40:44.0934 5992  swprv - ok
12:40:44.0984 5992  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
12:40:45.0043 5992  SysMain - ok
12:40:45.0083 5992  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:40:45.0126 5992  TabletInputService - ok
12:40:45.0166 5992  [ B7AEE68D2E867CBF69B649B18FCEDBBB ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
12:40:45.0203 5992  tap0901t ( UnsignedFile.Multi.Generic ) - warning
12:40:45.0203 5992  tap0901t - detected UnsignedFile.Multi.Generic (1)
12:40:45.0223 5992  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:40:45.0277 5992  TapiSrv - ok
12:40:45.0300 5992  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:40:45.0338 5992  TBS - ok
12:40:45.0440 5992  [ A1EDFAE89BC8956C925B99950E3558AD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:40:45.0484 5992  Tcpip - ok
12:40:45.0508 5992  [ A1EDFAE89BC8956C925B99950E3558AD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:40:45.0533 5992  TCPIP6 - ok
12:40:45.0569 5992  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:40:45.0615 5992  tcpipreg - ok
12:40:45.0640 5992  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:40:45.0681 5992  TDPIPE - ok
12:40:45.0700 5992  [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:40:45.0723 5992  TDTCP - ok
12:40:45.0749 5992  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:40:45.0788 5992  tdx - ok
12:40:45.0809 5992  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:40:45.0818 5992  TermDD - ok
12:40:45.0837 5992  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
12:40:45.0879 5992  TermService - ok
12:40:45.0913 5992  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:40:45.0943 5992  Themes - ok
12:40:45.0960 5992  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:40:45.0987 5992  THREADORDER - ok
12:40:46.0000 5992  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:40:46.0044 5992  TrkWks - ok
12:40:46.0095 5992  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:40:46.0109 5992  TrustedInstaller - ok
12:40:46.0123 5992  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:40:46.0147 5992  tssecsrv - ok
12:40:46.0158 5992  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:40:46.0183 5992  tunnel - ok
12:40:46.0271 5992  [ F8302E3E534AF5E3F2588A974BEA80DF ] TunngleService  G:\Program Files\Tunngle\TnglCtrl.exe
12:40:46.0317 5992  TunngleService ( UnsignedFile.Multi.Generic ) - warning
12:40:46.0317 5992  TunngleService - detected UnsignedFile.Multi.Generic (1)
12:40:46.0336 5992  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:40:46.0346 5992  uagp35 - ok
12:40:46.0366 5992  [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:40:46.0477 5992  udfs - ok
12:40:46.0497 5992  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:40:46.0530 5992  UI0Detect - ok
12:40:46.0565 5992  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:40:46.0575 5992  uliagpkx - ok
12:40:46.0599 5992  [ 71BBF3E8078D585ABF27411A8986EB95 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:40:46.0628 5992  umbus - ok
12:40:46.0657 5992  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:40:46.0678 5992  UmPass - ok
12:40:46.0700 5992  [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:40:46.0719 5992  UmRdpService - ok
12:40:46.0761 5992  UpdateCenterService - ok
12:40:46.0773 5992  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:40:46.0823 5992  upnphost - ok
12:40:46.0875 5992  [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:40:46.0907 5992  usbaudio - ok
12:40:46.0924 5992  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:40:46.0970 5992  usbccgp - ok
12:40:46.0986 5992  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:40:47.0000 5992  usbcir - ok
12:40:47.0013 5992  [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:40:47.0040 5992  usbehci - ok
12:40:47.0063 5992  [ 0DB84EDA895894BA222E27ACF597C806 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:40:47.0080 5992  usbhub - ok
12:40:47.0095 5992  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:40:47.0107 5992  usbohci - ok
12:40:47.0112 5992  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:40:47.0141 5992  usbprint - ok
12:40:47.0160 5992  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:40:47.0181 5992  USBSTOR - ok
12:40:47.0198 5992  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:40:47.0210 5992  usbuhci - ok
12:40:47.0255 5992  [ 524D8D450622DB4A7875B111C299A76B ] utqymjgy        C:\Windows\system32\Drivers\utqymjgy.sys
12:40:47.0281 5992  utqymjgy ( UnsignedFile.Multi.Generic ) - warning
12:40:47.0281 5992  utqymjgy - detected UnsignedFile.Multi.Generic (1)
12:40:47.0318 5992  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:40:47.0346 5992  UxSms - ok
12:40:47.0463 5992  [ 004415A34B5DC881EAEFB860C4B22C24 ] V0510Dev        C:\Windows\system32\DRIVERS\V0510Vid.sys
12:40:47.0524 5992  V0510Dev - ok
12:40:47.0562 5992  [ 86326062A90494BDD79CE383511D7D69 ] V0510Vfx        C:\Windows\system32\DRIVERS\V0510Vfx.sys
12:40:47.0582 5992  V0510Vfx - ok
12:40:47.0587 5992  [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc        C:\Windows\system32\lsass.exe
12:40:47.0600 5992  VaultSvc - ok
12:40:47.0621 5992  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:40:47.0631 5992  vdrvroot - ok
12:40:47.0649 5992  [ 03E73018549D1A2906E6356FE3BD31D4 ] vds             C:\Windows\System32\vds.exe
12:40:47.0714 5992  vds - ok
12:40:47.0733 5992  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:40:47.0764 5992  vga - ok
12:40:47.0781 5992  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:40:47.0805 5992  VgaSave - ok
12:40:47.0827 5992  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:40:47.0839 5992  vhdmp - ok
12:40:47.0871 5992  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:40:47.0881 5992  viaagp - ok
12:40:47.0893 5992  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:40:47.0922 5992  ViaC7 - ok
12:40:47.0937 5992  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:40:47.0947 5992  viaide - ok
12:40:47.0984 5992  [ E2D93ECD5A0F3BFBA99D023074C73F6A ] vm3dmp          C:\Windows\system32\DRIVERS\vm3dmp.sys
12:40:47.0992 5992  vm3dmp - ok
12:40:47.0998 5992  VMAUDIO - ok
12:40:48.0018 5992  [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:40:48.0031 5992  vmbus - ok
12:40:48.0042 5992  [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:40:48.0053 5992  VMBusHID - ok
12:40:48.0058 5992  vmci - ok
12:40:48.0091 5992  [ E41FEF9E3056FE88C71E411F705BE41E ] vmm             C:\Windows\system32\Drivers\vmm.sys
12:40:48.0102 5992  vmm - ok
12:40:48.0124 5992  [ 17CD671136032E3A202B4A9C6C4C9DBA ] vmmouse         C:\Windows\system32\DRIVERS\vmmouse.sys
12:40:48.0130 5992  vmmouse - ok
12:40:48.0150 5992  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:40:48.0160 5992  volmgr - ok
12:40:48.0173 5992  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:40:48.0187 5992  volmgrx - ok
12:40:48.0205 5992  [ 70F41D1EBDD9EE6ED2FD0FC05AA1FC13 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:40:48.0218 5992  volsnap - ok
12:40:48.0271 5992  [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
12:40:48.0346 5992  vpcbus - ok
12:40:48.0379 5992  [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:40:48.0404 5992  vpcnfltr - ok
12:40:48.0439 5992  [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
12:40:48.0452 5992  vpcusb - ok
12:40:48.0462 5992  [ 5ED378D91E32134F3C0B3810860FFD71 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
12:40:48.0477 5992  vpcvmm - ok
12:40:48.0499 5992  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:40:48.0510 5992  vsmraid - ok
12:40:48.0553 5992  [ F1BF254DC9EDA07E3A83BD111E39A350 ] VSS             C:\Windows\system32\vssvc.exe
12:40:48.0632 5992  VSS - ok
12:40:48.0646 5992  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:40:48.0673 5992  vwifibus - ok
12:40:48.0710 5992  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:40:48.0767 5992  W32Time - ok
12:40:48.0788 5992  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:40:48.0800 5992  WacomPen - ok
12:40:48.0822 5992  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:40:48.0847 5992  WANARP - ok
12:40:48.0851 5992  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:40:48.0875 5992  Wanarpv6 - ok
12:40:48.0943 5992  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:40:48.0988 5992  WatAdminSvc - ok
12:40:49.0025 5992  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
12:40:49.0119 5992  wbengine - ok
12:40:49.0141 5992  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:40:49.0161 5992  WbioSrvc - ok
12:40:49.0179 5992  [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:40:49.0227 5992  wcncsvc - ok
12:40:49.0249 5992  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:40:49.0297 5992  WcsPlugInService - ok
12:40:49.0301 5992  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
12:40:49.0311 5992  Wd - ok
12:40:49.0324 5992  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:40:49.0341 5992  Wdf01000 - ok
12:40:49.0352 5992  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:40:49.0417 5992  WdiServiceHost - ok
12:40:49.0439 5992  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:40:49.0457 5992  WdiSystemHost - ok
12:40:49.0478 5992  [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient       C:\Windows\System32\webclnt.dll
12:40:49.0532 5992  WebClient - ok
12:40:49.0544 5992  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:40:49.0574 5992  Wecsvc - ok
12:40:49.0588 5992  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:40:49.0617 5992  wercplsupport - ok
12:40:49.0640 5992  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:40:49.0668 5992  WerSvc - ok
12:40:49.0678 5992  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:40:49.0701 5992  WfpLwf - ok
12:40:49.0706 5992  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:40:49.0716 5992  WIMMount - ok
12:40:49.0795 5992  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:40:49.0845 5992  WinDefend - ok
12:40:49.0899 5992  [ 9AE9E94531E5EF4BDDB8FEBCE3C244B7 ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
12:40:49.0945 5992  WinDriver6 - ok
12:40:49.0949 5992  WinHttpAutoProxySvc - ok
12:40:50.0018 5992  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:40:50.0044 5992  Winmgmt - ok
12:40:50.0094 5992  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:40:50.0184 5992  WinRM - ok
12:40:50.0228 5992  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:40:50.0281 5992  Wlansvc - ok
12:40:50.0300 5992  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:40:50.0327 5992  WmiAcpi - ok
12:40:50.0358 5992  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:40:50.0453 5992  wmiApSrv - ok
12:40:50.0487 5992  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:40:50.0529 5992  WPCSvc - ok
12:40:50.0544 5992  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:40:50.0602 5992  WPDBusEnum - ok
12:40:50.0609 5992  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:40:50.0633 5992  ws2ifsl - ok
12:40:50.0656 5992  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
12:40:50.0690 5992  wscsvc - ok
12:40:50.0694 5992  WSearch - ok
12:40:50.0745 5992  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:40:50.0809 5992  wuauserv - ok
12:40:50.0836 5992  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:40:50.0874 5992  WudfPf - ok
12:40:50.0890 5992  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:40:50.0935 5992  WUDFRd - ok
12:40:50.0961 5992  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:40:51.0002 5992  wudfsvc - ok
12:40:51.0025 5992  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:40:51.0069 5992  WwanSvc - ok
12:40:51.0099 5992  XDva380 - ok
12:40:51.0117 5992  ================ Scan global ===============================
12:40:51.0156 5992  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
12:40:51.0186 5992  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
12:40:51.0203 5992  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
12:40:51.0219 5992  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:40:51.0255 5992  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:40:51.0271 5992  [Global] - ok
12:40:51.0271 5992  ================ Scan MBR ==================================
12:40:51.0282 5992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:40:51.0622 5992  \Device\Harddisk1\DR1 - ok
12:40:51.0657 5992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:40:51.0751 5992  \Device\Harddisk0\DR0 - ok
12:40:51.0751 5992  ================ Scan VBR ==================================
12:40:51.0755 5992  [ 624ACAE55B5544EF43749DA25A00F133 ] \Device\Harddisk1\DR1\Partition1
12:40:51.0756 5992  \Device\Harddisk1\DR1\Partition1 - ok
12:40:51.0783 5992  [ D4106565A29F57682750CAD50BD2010F ] \Device\Harddisk1\DR1\Partition2
12:40:51.0784 5992  \Device\Harddisk1\DR1\Partition2 - ok
12:40:51.0815 5992  [ 64E31DC7767CA6010520FA952C46320C ] \Device\Harddisk0\DR0\Partition1
12:40:51.0817 5992  \Device\Harddisk0\DR0\Partition1 - ok
12:40:51.0818 5992  ============================================================
12:40:51.0818 5992  Scan finished
12:40:51.0818 5992  ============================================================
12:40:51.0831 3908  Detected object count: 20
12:40:51.0831 3908  Actual detected object count: 20
12:41:24.0905 3908  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:41:24.0905 3908  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
12:41:24.0907 3908  AmUStor ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0907 3908  AmUStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0909 3908  BEService ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0909 3908  BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0911 3908  Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0911 3908  Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0913 3908  DS1410D ( ForgedFile.Multi.Generic ) - skipped by user
12:41:24.0913 3908  DS1410D ( ForgedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0914 3908  FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0914 3908  FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0915 3908  Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0916 3908  Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0917 3908  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0917 3908  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0919 3908  mapledxp ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0919 3908  mapledxp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0920 3908  maya70docserver ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0920 3908  maya70docserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0921 3908  mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0922 3908  mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0924 3908  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0924 3908  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0926 3908  NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0926 3908  NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0928 3908  NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0928 3908  NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0929 3908  Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0929 3908  Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0931 3908  Sntnlusb ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0931 3908  Sntnlusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0932 3908  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0932 3908  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0934 3908  tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0934 3908  tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0935 3908  TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0935 3908  TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:24.0937 3908  utqymjgy ( UnsignedFile.Multi.Generic ) - skipped by user
12:41:24.0937 3908  utqymjgy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:41:27.0396 2932  Deinitialize success


Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.10.10

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: HEAVENH-B8RJ5SH [administrator]

4/10/2013 1:24:38 PM
mbam-log-2013-04-10 (13-24-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 284702
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\AirRivals_HackShield_[1.0.0.39].exe (Trojan.Qhosts) -> Quarantined and deleted successfully.
C:\Windows\Installer\13128b.msi (Spyware.Agent) -> Quarantined and deleted successfully.

(end)


adwCleaner log:

# AdwCleaner v2.200 - Logfile created 04/10/2013 at 14:00:48
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : Administrator - HEAVENH-B8RJ5SH
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Viewpoint
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Vuze_Remote

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{845558FF-6824-469D-8600-574E58725EA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\Software\Classes\Installer\Features\81337C0DA4B761D40A4CB3380F57AE88
Key Deleted : HKLM\Software\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Dealio
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40EEDDB0-D152-403E-ABB4-221FB2C63A6E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8967E956-BB68-46ED-B4F0-3C2DB4EF4BC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8047150-2F5D-4675-84D8-EA0BC59FD399}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{845558FF-6824-469D-8600-574E58725EA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Vuze_Remote

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\prefs.js

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\user.js ... Deleted !

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5806 octets] - [10/04/2013 14:00:48]

########## EOF - C:\AdwCleaner[S1].txt - [5866 octets] ##########


VEW System log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2013 3:59:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2013 6:58:17 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:58:17 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:58:17 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:58:17 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:58:17 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 10/04/2013 6:58:17 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 10/04/2013 6:58:08 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:58:08 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:58:08 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 10/04/2013 6:57:55 PM
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

Log: 'System' Date/Time: 10/04/2013 6:47:43 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

Log: 'System' Date/Time: 10/04/2013 6:47:43 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired.  To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 10/04/2013 6:45:42 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  sptd

Log: 'System' Date/Time: 10/04/2013 6:44:31 PM
Type: Error Category: 0
Event: 3 Source: Haspnt
The event description cannot be found.

Log: 'System' Date/Time: 10/04/2013 6:44:28 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The DS1410D service failed to start due to the following error:  DS1410D is not a valid Win32 application.

Log: 'System' Date/Time: 10/04/2013 6:44:27 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 10/04/2013 6:43:32 PM
Type: Error Category: 0
Event: 4 Source: sptd
Driver detected an internal error in its data structures for .

Log: 'System' Date/Time: 10/04/2013 6:42:48 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:42:48 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535

Log: 'System' Date/Time: 10/04/2013 6:42:48 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2013 6:43:42 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 10/04/2013 6:43:42 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.

Log: 'System' Date/Time: 10/04/2013 6:27:26 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 10/04/2013 6:27:26 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.


VEW Application log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2013 4:02:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2013 6:57:47 PM
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

Log: 'Application' Date/Time: 10/04/2013 6:36:38 PM
Type: Error Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Windows license activation failed. Error 0x80070005.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2013 6:57:47 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 10/04/2013 6:36:38 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.


New OTL log:

OTL logfile created on: 2013/04/12 3:15:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
3.25 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 45.34% Memory free
7.48 Gb Paging File | 4.93 Gb Available in Paging File | 65.89% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 22.94 Gb Free Space | 28.67% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 15.67 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 435.39 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
 
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/03/29 16:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 18:16:37 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012/12/14 16:42:22 | 000,316,360 | ---- | M] (Azureus Software, Inc) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/03/29 16:53:56 | 001,114,024 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/26 21:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/25 19:23:34 | 000,651,776 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll
MOD - [2012/12/18 18:16:37 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/14 16:42:22 | 000,053,160 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2012/12/11 14:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 14:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 14:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd
MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll
MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd
MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd
MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd
MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd
MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd
MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd
MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd
MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll
MOD - [2011/12/25 16:54:57 | 000,028,160 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- D:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2013/03/26 02:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/25 16:56:45 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/06 14:21:39 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\utqymjgy.sys -- (utqymjgy)
DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)
DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/19 07:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vid.sys -- (V0510Dev)
DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma)
DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/16 21:44:16 | 000,000,000 | ---D | M]
 
[2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2013/04/09 18:55:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]FileZilla Server Interface[/b] - hkey= - key= - G:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
MsConfig - StartUpReg: [b]Pando Media Booster[/b] - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: [b]SandboxieControl[/b] - hkey= - key= - D:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {206FE56F-802F-E477-7BE6-43EDD6665692} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2B4897AB-F88A-B6FF-6A21-29F463CDB965} - DirectX
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {63E633DE-F62D-EDE0-82BA-77E6979ABFB8} - .NET Framework
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {82D7B414-5DA9-00AF-40A5-0A0B3BDEA283} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2448CC6-7788-E36B-B8E7-8D3A7246DEB5} - Microsoft Windows Media Player 12.0
ActiveX: {C542E6FD-678C-243C-E30C-2FC49800426C} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAC9C37A-3DF6-765A-42B5-D377D78EEE15} - DirectX
ActiveX: {CAFBC0BB-A929-4667-53B0-86C67415B79D} - Themes Setup
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {D3E7CF57-3115-AD58-2FD2-8A345A527DE4} - Microsoft Windows Media Player 12.0
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{0472f9bf-d68f-45e7-b372-621a4d5b1258} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
 
Drivers32: midi8 - C:\Windows\System32\mapledxp.dll (Jeff Hurchalla and Marble Sound)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\Windows\System32\atrac3.acm ()
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - D:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Windows\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/04/10 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 13:23:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/09 18:55:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/09 18:55:17 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2013/04/09 15:53:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 15:53:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 15:53:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 15:53:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/09 15:53:24 | 000,000,000 | ---D | C] -- \ComboFix
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- \Qoobox
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- \_OTL
[2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/04/12 15:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/12 12:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 15:46:18 | 003,773,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 15:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 13:23:41 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 19:29:07 | 000,730,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/09 19:29:07 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013/04/09 19:29:07 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013/04/09 19:29:07 | 000,151,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/09 19:21:23 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 19:21:23 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 18:55:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/04/10 13:23:41 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/09 15:53:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 15:53:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 15:53:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 15:53:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 15:53:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- C:\procmon.chm
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm
[2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc
[2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini
[2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini
[2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe
[2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg
[2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe
[2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png
[2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png
[2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png
[2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png
[2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX
[2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png
[2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png
[2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png
[2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties
[2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png
[2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png
[2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png
[2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png
[2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png
[2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png
[2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png
[2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png
[2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini
[2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg
[2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb
[2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg
[2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds
[2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm
[2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif
[2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session
[2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm
[2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe
[2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf
[2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf
[2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd
[2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif
[2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov
[2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf
[2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf
[2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg
[2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk
[2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3
[2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav
[2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk
[2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav
[2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk
[2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3
[2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3
[2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3
[2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe
[2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3
[2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV
[2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3
[2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak
[2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr
[2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3
[2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin
[2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp
[2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3
[2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH
[2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin
[2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3
[2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3
[2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3
[2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg
[2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg
[2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG
[2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3
[2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe
[2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3
[2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3
[2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg
[2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg
[2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg
[2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3
[2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3
[2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld
[2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak
[2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Drive Information ==========[/color]
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AAKS-55A7B0 ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST2000DL003-9VT166 ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 80.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 386.00GB
Starting Offset: 85900394496
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/04/15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2012/07/11 17:45:04 | 002,474,608 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2010/04/19 16:56:14 | 000,029,696 | ---- | M] (Microsoft) -- C:\SpaceCowboy.exe
[2002/01/02 15:51:58 | 008,259,216 | ---- | M] () -- C:\Wings_of_tomorow.exe
 
[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/04/15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2012/07/11 17:45:04 | 002,474,608 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2010/04/19 16:56:14 | 000,029,696 | ---- | M] (Microsoft) -- C:\SpaceCowboy.exe
[2002/01/02 15:51:58 | 008,259,216 | ---- | M] () -- C:\Wings_of_tomorow.exe
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2013/03/30 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2010/01/25 17:04:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore
[2010/06/22 11:41:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/03/27 12:55:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/03/16 00:21:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AMozilla
[2012/04/06 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnnkakeSpa
[2010/01/25 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\App Launcher Gadget
[2012/08/23 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ARA
[2010/01/25 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2011/04/20 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2013/04/12 15:27:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2012/07/19 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited
[2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Creative
[2010/03/20 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CUBETYPE
[2010/03/20 01:00:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\D.N.A. Softwares
[2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2011/09/30 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dev-Cpp
[2011/01/02 21:13:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2011/08/09 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMDirc
[2010/04/24 07:30:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2012/04/27 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dynamic Effects
[2010/01/25 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2011/01/13 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESTsoft
[2012/05/07 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2011/01/06 16:09:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashFXP
[2010/01/31 10:19:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software
[2010/03/19 17:56:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Fujitsu
[2011/10/25 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gensokyo.org
[2012/12/19 17:53:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2012/10/18 16:06:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hamachi
[2010/05/20 00:10:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Help
[2010/05/11 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hex-Rays
[2010/11/02 06:34:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Homoym
[2012/05/24 21:26:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\hte
[2012/12/25 00:34:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\I2P
[2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/08/31 14:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IDMComp
[2010/05/06 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2010/01/25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2011/07/01 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
[2010/01/25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/09/01 14:50:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mael
[2010/01/25 17:04:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/08/19 21:09:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MayaWebBrowser
[2009/07/14 04:48:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2010/01/25 17:04:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2010/12/26 17:43:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MessengerDiscovery 2
[2012/06/05 21:24:20 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2010/05/08 10:36:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Corporation
[2011/06/23 20:29:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Games
[2010/05/03 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MilkShape 3D 1.x.x
[2010/12/24 02:51:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC
[2011/01/06 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Move Networks
[2011/01/07 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/01/24 20:28:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mumble
[2010/03/20 01:07:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\net.mesopota.tohoShowtime.A5B365107A30E46004755A9A0862E792DF4441ED.1
[2012/05/06 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NVIDIA
[2010/01/25 17:04:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/05/20 01:09:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PE Explorer
[2009/07/31 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2010/01/25 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers
[2010/04/17 14:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real
[2011/01/07 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScummVM
[2011/08/14 21:51:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ShanghaiAlice
[2012/06/26 21:28:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\six-updater
[2012/06/26 21:26:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\six-zsync
[2013/04/10 20:03:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2010/01/25 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM
[2011/01/04 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony
[2010/01/25 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Creative Software
[2010/04/06 13:45:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spiral Graphics
[2010/07/22 03:15:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sun
[2011/06/24 11:12:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2010/01/25 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2
[2010/04/07 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Texture Maker
[2013/04/10 15:57:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TortoiseHg
[2011/08/09 03:34:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trillian
[2012/06/25 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tunngle
[2010/03/23 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\U3
[2012/09/06 01:18:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2010/03/17 23:45:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2013/04/12 05:23:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2011/06/07 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Winamp
[2010/01/28 15:16:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2010/12/08 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wuala
[2013/04/10 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xfire
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\maxdrive\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f5054b97743c05b3\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_ddc35c9e9bda913a\atapi.sys
 
[color=#A23BEC]< MD5 for: CSRSS.EXE  >[/color]
[2009/07/13 22:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 22:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/11/02 15:19:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/09/23 09:34:51 | 002,579,456 | ---- | M] (Microsoft Corporation) MD5=0C81EA51AEB0E47BBC749257EAC179C4 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/11/02 15:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/11/02 15:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 03:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: MSWSOCK.DLL  >[/color]
[2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\ERDNT\cache\mswsock.dll
[2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
 
[color=#A23BEC]< MD5 for: NAPINSP.DLL  >[/color]
[2009/07/13 22:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 22:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
 
[color=#A23BEC]< MD5 for: NLAAPI.DLL  >[/color]
[2009/07/13 22:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll
[2009/07/13 22:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
 
[color=#A23BEC]< MD5 for: PNRPNSP.DLL  >[/color]
[2009/07/13 22:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 22:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll
 
[color=#A23BEC]< MD5 for: PRINTISOLATIONHOST.EXE  >[/color]
[2009/07/13 22:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 22:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
[color=#A23BEC]< MD5 for: USER32.DLL  >[/color]
[2009/07/13 22:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=AE2B4D47934D3798C984D51B1694A490 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20496_none_cd8e8f8de7d4e9b5\user32.dll
[2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=C7B21BEF09EC7249556BEE19F9D314CB -- C:\Windows\ERDNT\cache\user32.dll
[2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=C7B21BEF09EC7249556BEE19F9D314CB -- C:\Windows\System32\user32.dll
[2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=C7B21BEF09EC7249556BEE19F9D314CB -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16400_none_cd604238ce73b38f\user32.dll
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 02:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 22:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/11/02 15:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2009/11/02 15:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe
 
[color=#A23BEC]< MD5 for: WINRNR.DLL  >[/color]
[2009/07/13 22:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 22:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
 
[color=#A23BEC]< MD5 for: WSHELPER.DLL  >[/color]
[2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll
 
[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %ProgramFiles%\WINDOWS NT\*.* /s >[/color]
[2009/07/13 22:14:49 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 22:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 23:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:48:26 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\ja-JP\wordpad.exe.mui
[2009/07/13 22:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 18:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 18:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 18:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 18:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 18:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 18:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 18:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 23:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
[2009/07/13 20:29:38 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\ja-JP\TableTextService.dll.mui
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/02/28 17:57:15 | 000,015,658 | ---- | M] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd
[2011/02/28 17:57:15 | 000,015,658 | ---- | C] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd
[2010/10/30 19:36:33 | 000,221,216 | ---- | M] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(\?????.mp3.sfk) -- \東方幻奏箱.mp3.sfk
[2010/10/30 15:13:59 | 002,567,549 | ---- | M] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(\?????.mp3) -- \東方幻奏箱.mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | M] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(\EastNewSound ??????(x?y).mp3) -- \EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:09:19 | 004,729,658 | ---- | M] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3

< End of report >


Extras log:

OTL Extras logfile created on: 2013/04/12 3:15:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd
 
3.25 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 45.34% Memory free
7.48 Gb Paging File | 4.93 Gb Available in Paging File | 65.89% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 22.94 Gb Free Space | 28.67% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 15.67 Gb Free Space | 4.06% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 435.39 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
 
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- G:\Program Files\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Uninstall] -- D:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2C1488BA-B7C0-4656-9B6F-6421A8354CD9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{5F1E49F4-182F-482B-8507-372A87C0FEEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A664B6EB-2CB6-4989-8D86-185CFAF053AC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{113AECB0-59CA-44F4-AEF5-F93E62104E4B}C:\Program Files\Winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{6A8B055C-72DD-4004-A419-B527306AF05A}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{6CB5F7FA-3DAD-4317-ADE6-A4F34838B836}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{B23CD6B7-4654-4214-B51A-D5F93549B63D}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{BCB47CFC-52A8-49A7-8FFF-48E0CDC221D7}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{023A0091-4ACD-4B7D-9414-397CAEEC25E3}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"UDP Query User{0743E1D5-EE13-46C4-9B56-3DEEF60C1D54}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{BDF87C6D-F400-499D-809D-5ABF05B51F99}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"UDP Query User{CF2FA962-7979-43FC-9C8E-14D0B7403AD2}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{D86A70DE-AAB3-4C44-B866-54C7154BEC1E}C:\Program Files\Winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B1529B-C423-42AA-B981-4ECA247E9FC0}" = DayZ Commander
"{06056D9E-849E-4274-A5DE-6589C019F486}" = USBProg
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C439E7E-DE2B-4AC0-8BEB-DAD70FAE2918}" = AvrTools
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{191C9AC7-B78C-4CF4-A6C4-54A27E0AD798}" = S4 League_EU
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1CB72E04-D2F0-4A4B-AF92-711BF8AADDA3}" = Unreal Script IDE (UDKDevKit) VS 2010 Isolated Shell
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2087381D-01B1-4111-9078-EF68A5AEB0AB}" = PHP 5.3.2
"{211BB680-1ADD-4762-AF5D-B76DEAB3397B}" = COSMIC CORTEX-M C Compiler 64K
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238CE6BA-42DA-473A-9A72-15CE23F4584A}" = Visual3D Game Engine
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2775C25A-DF39-44AA-8E59-E0447DC164C2}" = Call of Duty - World at War
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{32A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EB010F9-BF17-42F1-BFCC-528F3586E42D}_is1" = 東方紅舞闘
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{400E4B6F-1BB3-464D-AE91-54D888B7DDC4}" = TortoiseHg 2.4.2 (x86)
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{423B39E8-0A8E-4522-BB0A-FCCF86479977}_is1" = VVVVVV (Window v1.0)
"{42B34B8E-3CE3-4D5F-B52B-F9E8A9FBCB65}" = Perforce Visual Components
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B7IL77L-LKS1-75B1-SKYRIM-18CD6E6334R1}_is1" = The Elder Scrolls V - Skyrim version 1.0
"{4C2DEE4E-D144-555D-66B6-546DF5280756}" = 東方咲待夢
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58206080-3E1F-4418-8117-D190FC71BF58}" = RealStrat 1.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{61CC5CBA-F483-4489-BD66-12FAAC5D35AB}" = Unreal X-Editor
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{6555AFAC-CE27-4539-A377-95E63040C3C3}" = 雪山乱闘チルノクライマーズ
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{702EC1FF-A081-48AE-8363-8D78A0919F86}" = Autodesk DirectConnect 2010 R1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8A864555-554E-4DE2-BB36-BC4810355525}" = Autodesk MatchMover 2011 32-bit
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EFF2EC4-F6F0-4A9B-91A5-92E2EEE93F35}" = g–‚é“`à ”êF‚ÌŒð‹¿‹È
"{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = 
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{975E691C-D9EF-4CFB-A9C7-AB44F4201B0C}_is1" = Warblade 1.33
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9820281B-A9AC-4B17-9CF5-97A4B35714CC}" = Genetica 3.5
"{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 7.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A25947EB-D9C2-4D6E-8051-810C913211B5}_is1" = ApiViewer 2004
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6CB6078-18CF-401D-8D3D-4EA0C971EE0B}_is1" = 東方鎖宝録 1.00
"{A74F33CB-8C7D-404F-93F5-A63317379BD2}" = Windows 7 Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1" = ACE Online EP3-5 3.7.2.2 Full
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A933C7DE-E96A-4A27-BE68-57297196E274}" = MGTEK MiniIDE 1.19
"{AC075837-7071-4c07-B9A1-CF5586060FE1}" = Autodesk Maya 2011 English Documentation 32-bit
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
"{BEF22C6C-C603-44D1-AE86-F300A40249A6}_is1" = ダイナマリサ3D Ver1.02アップデート
"{BF1BDC10-4366-4221-0103-000001000000}" = COLLADAMax (1.3.0)
"{BF1BDC10-4366-4231-0103-000001000000}" = COLLADAMaya (1.3.0)
"{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
"{C1717CAF-F589-4493-B9CC-7A49218233EF}" = Okino Plug-ins Installer
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1" = ISO to USB
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D86BD140-E0A5-470D-BEE9-42C9D2CC1012}" = PolyTrans
"{D8D06241-617C-42AB-B9C7-D9BA5A377D10}" = NVIDIA Texture Tools 2
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4386119-2C33-4023-9836-783F43A90E3C}" = Autodesk Maya 2011 32-bit
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E85397AD-D60E-4141-82E6-FAA312A09271}" = Digital Camera
"{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = AVR Jungo USB
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F037A396-7FA3-4FB4-ACB8-3C6FE57B02BD}" = Microsoft XNA Framework Redistributable 3.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5122FCA-FCE1-4E8B-9F09-B5500DE10666}" = 四聖龍神録Plus
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.25)
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDD6ED8B-DB77-43BC-B0B2-608A1F27AABC}}_is1" = UnCodeX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"3D Model Viewer 0.3.5.4" = 3D Model Viewer 0.3.5.4
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"AC3Filter_is1" = AC3Filter 1.63b
"Addictive Drums" = Addictive Drums
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"AIM_7" = AIM 7
"AirRivals_EN_is1" = AirRivals_EN 1.0.0.39
"AirRivals_is1" = AirRivals
"Akamai" = Akamai NetSession Interface Service
"ALUpdate_is1" = ALTools Update
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Autodesk FBX Plug-in 2013.1 - Maya 2013" = Autodesk FBX Plug-in 2013.1 - Maya 2013
"AutoHotkey" = AutoHotkey 1.0.91.05
"AutoItv3" = AutoIt v3.3.6.1
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BattlEye for OA" = BattlEye for OA Uninstall
"Belarc Advisor" = Belarc Advisor 8.1
"Blender" = Blender (remove only)
"Bochs 2.4.5" = Bochs 2.4.5 (remove only)
"BOMB MEIRIN_is1" = BOMB MEIRIN
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Crazybump" = Crazybump (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo" = Diablo
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.2.0
"DMDirc" = DMDirc
"DOOM Collector's Edition" = DOOM Collector's Edition
"EasyBCD" = EasyBCD 2.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EximiousSoft GIF Creator_is1" = EximiousSoft GIF Creator V5.70
"ExtractNow_is1" = ExtractNow
"FDHAGBGDGFENGBHCGJHDGBHC" = SpaceMarisar
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"Fiend" = Fiend
"File And MP3 Tag Renamer_is1" = File And MP3 Tag Renamer 2.2
"FileZilla Server" = FileZilla Server
"FL Studio 9" = FL Studio 9
"Foxit Reader" = Foxit Reader
"gensoC77" = 幻想風淫録~淫行は儚き人間の為に~
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"GLVIEW3" = OpenGL Extensions Viewer 4.0
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"HaaliMkx" = Haali Media Splitter
"Hardcore" = Hardcore
"IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1_is1" = IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1
"IL Download Manager" = IL Download Manager
"Inno Setup 5_is1" = Inno Setup version 5.4.2
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"JFDuke3D" = JFDuke3D 20051009
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LinkChecker_is1" = LinkChecker 7.9
"LogMeIn Hamachi" = LogMeIn Hamachi
"MadTracker 2" = MadTracker 2
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maple Virtual Midi Cable_is1" = Hurchalla Maple VMidi Cable v3.56
"Maristice English" = NSIS Maristice English
"MatlabR2011a" = MATLAB R2011a
"Matroska Pack" = Matroska Pack
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Second Editon Redistributable
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MTI ModelSim PE Student Edition 10.1b Deinstall Key" = ModelSim PE Student Edition 10.1b
"net.mesopota.tohoShowtime.A5B365107A30E46004755A9A0862E792DF4441ED.1" = 東方咲待夢
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OEMInformation" = OEM Logo and Information
"Orcad Family Release 9.2 Lite Edition" = Orcad Family Release 9.2 Lite Edition
"Panda3D 1.6.2" = Panda3D 1.6.2
"PE Explorer_is1" = PE Explorer 1.99
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
"PoiZone" = PoiZone
"Postal 2_is1" = Portal 2
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Rainbow Sentinel Driver" = Sentinel System Driver
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Rocketfish Live! Cam Center" = Rocketfish Live! Cam Center
"Rocketfish VF0510" = Rocketfish 2MP AF Webcam Driver (1.00.06.00)
"Rocketfish Webcam User's Guide" = Rocketfish Webcam User's Guide
"SadMan Software: Search_is1" = SadMan Software: Search V3.7
"Sandboxie" = Sandboxie 3.44
"Sanny Builder 3_is1" = Sanny Builder 3.04
"Sawer" = Sawer
"Serious Samurize" = Serious Samurize
"Soldat patch 1.4.2-1.5.0_is1" = Soldat 1.5.0
"Soldat_is1" = Soldat 1.5.0
"StarCraft II" = StarCraft II
"Steam App 212800" = Super Crate Box
"Steam App 730" = Counter-Strike: Global Offensive
"Stranger's Requiem" = 紅魔城伝説II 妖幻の鎮魂歌
"SystemRequirementsLab" = System Requirements Lab
"The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0" = The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0
"The Project 2" = The Project 2
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"Tunngle beta_is1" = Tunngle beta
"UDK-bcf57679-2bd6-4d3c-a423-1b8b584fd9f5" = Unreal Development Kit: 2012-10
"Unlocker" = Unlocker 1.9.0
"Unreal X-Editor 2.1" = Unreal X-Editor
"UT2004" = Unreal Tournament 2004
"Valve Hammer Editor" = Valve Hammer Editor
"VentriloMIX" = VentriloMIX
"Vindictus" = Vindictus
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zombie Shooter 2_is1" = Zombie Shooter 2 v 1.0
"Zombie Shooter_is1" = Zombie Shooter v 1.0
"ェF、隍fウUセヤェァEVO" = ェF、隍fウUセヤェァEVO
"お嬢様のドキドキ大作戦" = お嬢様のドキドキ大作戦 ~呪われた紅の館~
"さなえの超特急_is1" = さなえの超特急
"もっと!?不思議の幻想郷_is1" = もっと!?不思議の幻想郷
"るみゃんランド" = るみゃんランド
"不思議の幻想郷_is1" = 不思議の幻想郷 ver 1.00
"宵闇伝説_is1" = 宵闇伝説 ver1.00
"東方スカイアリーナ・幻想郷空戦姫" = 東方スカイアリーナ・幻想郷空戦姫
"東方大運動会" = 東方大運動会
"東方幻想麻雀_is1" = 東方幻想麻雀
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BLP FILES" = BLP FILES
"Diablo" = Diablo
"Hawken" = Hawken
"Seal Hunter" = Seal Hunter
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2013/04/10 2:57:47 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 2013/04/10 7:51:53 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 11e4    Start Time:
 01ce361e2b51bcdf    Termination Time: 130    Application Path: C:\OTL.exe    Report Id: 9ac8ce30-a239-11e2-97fd-0022156f41f6

 
Error - 2013/04/11 12:45:53 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Microsoft
 Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe".  Dependent Assembly
 Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 2013/04/11 12:51:45 AM | Computer Name = HEAVENH-B8RJ5SH | Source = System Restore | ID = 8193
Description = 
 
Error - 2013/04/11 12:51:45 AM | Computer Name = HEAVENH-B8RJ5SH | Source = System Restore | ID = 8211
Description = 
 
Error - 2013/04/11 12:53:28 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "D:\Program Files\Autodesk\Composite
 2011\python\lib\distutils\command\wininst-8_d.exe".  Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 2013/04/11 12:53:39 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Vuze\Azureus64.exe".
Dependent
 Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 2013/04/11 12:53:42 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 2013/04/11 12:56:24 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
 file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 on line 2.  Invalid Xml syntax.
 
Error - 2013/04/11 9:22:12 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc6b7  Faulting module name: MSVCR71.dll, version: 7.10.3052.4, time 
stamp: 0x3e561eac  Exception code: 0xc0000005  Fault offset: 0x00010440  Faulting process
 id: 0x147c  Faulting application start time: 0x01ce371c17b70c52  Faulting application
 path: C:\Windows\system32\DllHost.exe  Faulting module path: C:\Windows\system32\MSVCR71.dll
Report
 Id: 665ab443-a30f-11e2-97fd-0022156f41f6
 
[ System Events ]
Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102
Description = 
 
Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102
Description = 
 
Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 2013/04/10 5:10:18 PM | Computer Name = HEAVENH-B8RJ5SH | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage failed to grow.
 
Error - 2013/04/10 5:32:50 PM | Computer Name = HEAVENH-B8RJ5SH | Source = DCOM | ID = 10001
Description = 
 
Error - 2013/04/11 12:51:45 AM | Computer Name = HEAVENH-B8RJ5SH | Source = volsnap | ID = 393257
Description = When preparing a new volume shadow copy for volume C:, the shadow 
copy storage on volume C: did not have sufficiently large contiguous blocks.  Consider
 deleting unnecessary files on the shadow copy storage volume or use a different
 shadow copy storage volume.
 
Error - 2013/04/11 5:32:55 PM | Computer Name = HEAVENH-B8RJ5SH | Source = DCOM | ID = 10001
Description = 
 
 
< End of report >

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
OK. Making progress. I think Combofix got most of it. There are a couple of files that looks suspicious that TDSSKiller found. Let's submit each of the following to virustotal.com

C:\Windows\system32\drivers\ds1410d.sys

C:\Windows\system32\Drivers\utqymjgy.sys

If you don't get a 0 of 42 (or so - the last number sometimes changes) Please copy and paste the whole report.
  • 0

#15
biggy c

biggy c

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
ds1410d.sys was clean, but utqymjgy.sys wasn't, here's the report:

Antivirus Result Update
Agnitum - 20130412
AhnLab-V3 - 20130412
AntiVir - 20130413
Antiy-AVL - 20130412
Avast - 20130413
AVG - 20130413
BitDefender - 20130413
ByteHero - 20130322
CAT-QuickHeal - 20130412
ClamAV Trojan.Agent-66914 20130413
Commtouch W32/Bagle.TGIN-4537 20130412
Comodo - 20130413
DrWeb - 20130413
Emsisoft - 20130413
eSafe Win32.Bagle.RC.worm 20130407
ESET-NOD32 - 20130412
F-Prot W32/Bagle.IJ 20130412
F-Secure - 20130413
Fortinet - 20130413
GData - 20130413
Ikarus - 20130412
Jiangmin - 20130412
K7AntiVirus Trojan 20130412
Kaspersky - 20130413
Kingsoft - 20130408
Malwarebytes - 20130413
McAfee - 20130413
McAfee-GW-Edition - 20130412
Microsoft - 20130413
MicroWorld-eScan - 20130413
NANO-Antivirus - 20130412
Norman - 20130412
nProtect - 20130412
Panda - 20130412
PCTools Trojan-Downloader.Bagle 20130412
Rising Trojan.Win32.Generic.1273D2DC 20130412
Sophos - 20130413
SUPERAntiSpyware Trojan.Agent/Gen 20130413
Symantec - 20130413
TheHacker Trojan/Rootkit.gen 20130412
TotalDefense - 20130412
TrendMicro - 20130413
TrendMicro-HouseCall - 20130413
VBA32 - 20130412
VIPRE - 20130413
ViRobot Trojan.Win32.Bagle.7168 20130412


Sorry for the formatting, I didn't see a download button for the report and tabs don't seem to work in the editor.

Edit: I bolded the positive hits.

Edited by biggy c, 12 April 2013 - 06:03 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP