Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect virus - TDSSkiller and FixTDSS didn't work

Started by JimmiesRustled , Sep 19 2012 06:38 PM

Please log in to reply

#1
JimmiesRustled

Posted 19 September 2012 - 06:38 PM

New Member

Member
4 posts

I seem to have a google redirect virus. I've had it for quite a while now, probably a couple months. Sometimes when I click on the link from a google search, the web page it sends me to is something completely different than what it was supposed to be. Several times it has tried to send me to a harmful website, which was then blocked by AVG. I have tried both TDSSkiller and FixTDSS to remove the virus, but both have failed to find it. I've unchecked any proxy settings on Mozilla Firefox and made sure my hosts file just has the normal entry. I'm not sure where to go from here. Oh, I have also done scans with AVG, Malware Bytes, and Spybot S&D, all of which have failed at finding this as well. I'm running 64 bit Windows 7, and mostly use Firefox for browsing, but occasionally use IE and Chrome.

I followed the guide and ran OTL. Here is the log:

OTL logfile created on: 9/19/2012 5:21:27 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Shane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 51.30% Memory free
6.00 Gb Paging File | 4.25 Gb Available in Paging File | 70.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.79 Gb Total Space | 232.43 Gb Free Space | 51.00% Space Free | Partition Type: NTFS
Drive D: | 9.87 Gb Total Space | 1.47 Gb Free Space | 14.90% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/19 17:20:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
PRC - [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/03/15 15:02:19 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/12/16 19:28:20 | 002,955,496 | ---- | M] (AG Entertainment Inc) -- C:\Users\Shane\AppData\Local\Audiogalaxy\Audiogalaxy.exe
PRC - [2011/11/09 21:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 21:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/24 23:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Shane\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/13 09:26:01 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/14 11:19:04 | 000,780,288 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\tag.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/01 13:20:06 | 001,014,286 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\avcodec-52.dll
MOD - [2011/03/01 13:20:06 | 000,208,910 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\avformat-52.dll
MOD - [2011/03/01 13:20:06 | 000,082,958 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\avutil-50.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/18 16:28:42 | 000,558,133 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\sqlite3.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Shane\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/05/30 11:11:42 | 000,059,904 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\zlib1.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/11/03 07:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2009/11/15 11:31:04 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/11/15 11:28:44 | 000,948,224 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/11/15 11:26:26 | 000,690,688 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/05 23:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2012/09/13 09:26:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/03/15 15:02:19 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/17 18:10:12 | 003,313,752 | ---- | M] () [Disabled | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/11/09 21:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/07 12:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/16 18:50:06 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2010/09/16 18:50:00 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/31 11:31:10 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Start_Pending] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/24 23:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/14 21:51:24 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/11/03 07:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/07 18:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/17 22:40:06 | 000,019,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudnflt.sys -- (ssudnflt)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/16 18:50:24 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/05/24 23:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/24 23:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2009/11/18 17:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009/11/18 17:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009/08/13 04:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/05 23:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2009/03/04 18:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2012/04/30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/05/24 23:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/05/24 23:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2AA4E381-EE6F-4C66-AA85-61286D7AB482}
IE:64bit: - HKLM\..\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE:64bit: - HKLM\..\SearchScopes\{2AA4E381-EE6F-4C66-AA85-61286D7AB482}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {2AA4E381-EE6F-4C66-AA85-61286D7AB482}
IE - HKLM\..\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{2AA4E381-EE6F-4C66-AA85-61286D7AB482}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://advancedtx.com/
IE - HKCU\..\SearchScopes,DefaultScope = {2AA4E381-EE6F-4C66-AA85-61286D7AB482}
IE - HKCU\..\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{2AA4E381-EE6F-4C66-AA85-61286D7AB482}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.6.2
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.8
FF - prefs.js..extensions.enabledAddons: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledAddons: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.7
FF - prefs.js..extensions.enabledAddons: {7EE8902C-75BE-4286-A6CE-0C483607A322}:2.0.0
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
FF - prefs.js..extensions.enabledAddons: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.6.3
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4
FF - prefs.js..extensions.enabledAddons: {D21D77F3-C7A9-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/09 10:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 09:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/14 00:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/13 09:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/13 09:25:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D21D77F3-C7A9-11E1-8270-B8AC6F996F26}: C:\Users\Shane\AppData\Local\{D21D77F3-C7A9-11E1-8270-B8AC6F996F26}\ [2012/07/06 13:33:28 | 000,000,000 | ---D | M]

[2010/06/10 22:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Extensions
[2012/09/14 13:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions
[2012/01/05 10:03:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/03/22 13:32:00 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/08/02 14:56:04 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2010/06/10 23:09:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/05/21 17:09:02 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2012/07/18 04:36:42 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2011/08/11 09:08:32 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2011/08/04 10:05:10 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2011/07/17 11:14:32 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2011/08/16 18:45:02 | 000,059,893 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}.xpi
[2011/08/16 14:05:34 | 000,010,884 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{7EE8902C-75BE-4286-A6CE-0C483607A322}.xpi
[2012/06/03 17:22:07 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2011/09/06 19:31:28 | 000,004,550 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}.xpi
[2012/08/22 20:13:01 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/05/10 17:43:34 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2012/07/24 16:21:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/23 09:48:06 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/09/14 13:29:17 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/13 09:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/06 13:33:28 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\SHANE\APPDATA\LOCAL\{D21D77F3-C7A9-11E1-8270-B8AC6F996F26}
[2012/09/13 09:26:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/21 17:28:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/28 10:51:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/28 10:51:40 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Shane\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Shane\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: AVG Safe Search = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.7_0\
CHR - Extension: Gmail = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/31 12:19:36 | 000,000,738 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Audiogalaxy] C:\Users\Shane\AppData\Local\Audiogalaxy\Audiogalaxy.exe (AG Entertainment Inc)
O4 - HKCU..\Run: [F.lux] C:\Users\Shane\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{154C2789-C10D-4BF8-A22D-621B67D7108F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99F55DF7-8C43-464C-A8A9-FA3F847467CB}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA7C043E-2A16-44FD-98A2-2499B7AE66D9}: DhcpNameServer = 81.171.108.3 8.8.8.8
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c69e576-6b76-11e0-9d2d-7071bc10f615}\Shell - "" = AutoRun
O33 - MountPoints2\{3c69e576-6b76-11e0-9d2d-7071bc10f615}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 17:20:16 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
[2012/09/14 22:15:57 | 000,000,000 | ---D | C] -- C:\Users\Shane\Desktop\VPNetMon_W7_2012
[2012/09/14 21:51:29 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/09/14 21:51:29 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IPVanish.com
[2012/09/13 09:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/01/11 14:48:23 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_635.exe
[2011/11/10 13:09:19 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_626.exe
[2011/04/12 16:24:58 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_540.exe
[2010/06/17 14:09:16 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_533.exe
[2010/06/16 09:02:39 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_438.exe
[2010/06/14 09:22:11 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_437.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/19 17:24:06 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/19 17:24:06 | 000,663,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/19 17:24:06 | 000,122,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/19 17:20:37 | 095,309,490 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/19 17:20:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
[2012/09/19 17:16:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/19 17:16:51 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 17:00:30 | 000,002,058 | -H-- | M] () -- C:\Users\Shane\Documents\Default.rdp
[2012/09/19 17:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/09/19 17:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/09/19 16:36:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-893593170-1733208149-1977151973-1001UA.job
[2012/09/19 16:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/09/19 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/09/19 15:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/09/19 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/09/19 14:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/09/19 14:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/09/19 13:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/09/19 13:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/09/19 12:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/09/19 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/09/19 11:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/09/19 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/09/19 10:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/09/19 10:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/09/19 09:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/09/19 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/09/19 08:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/09/19 08:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/09/19 07:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/09/19 07:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/09/19 06:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-893593170-1733208149-1977151973-1001Core.job
[2012/09/19 06:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/09/19 06:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/09/19 05:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/09/19 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/09/19 04:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/09/19 04:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/09/19 03:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/09/19 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/09/19 02:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/09/19 02:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/09/19 01:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/09/19 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/09/19 00:11:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/09/19 00:11:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/09/18 23:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/09/18 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/09/18 22:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/09/18 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/09/18 21:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/09/18 21:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/09/18 20:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/09/18 20:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/09/18 19:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/09/18 19:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/09/18 18:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/09/18 18:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/09/18 11:12:25 | 002,905,684 | ---- | M] () -- C:\Users\Shane\Desktop\Rafter - No F_cking Around (Kinetics & One Love Remix).mp3
[2012/09/17 18:16:26 | 000,424,138 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/17 15:17:16 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 15:17:16 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 21:51:29 | 000,000,326 | ---- | M] () -- C:\Users\Shane\Desktop\IPVanish.appref-ms
[2012/09/14 21:51:29 | 000,000,326 | ---- | M] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\IPVanish.appref-ms
[2012/09/14 21:51:24 | 000,031,232 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/09/13 09:31:52 | 000,002,010 | ---- | M] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/04 17:14:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\2U00Fta.dat
[2012/09/04 17:14:25 | 000,000,001 | ---- | M] () -- C:\ProgramData\FS584BdG.exe_.b
[2012/09/04 17:14:25 | 000,000,001 | ---- | M] () -- C:\ProgramData\FS584BdG.exe.b
[2012/08/31 10:00:47 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/18 11:12:19 | 002,905,684 | ---- | C] () -- C:\Users\Shane\Desktop\Rafter - No F_cking Around (Kinetics & One Love Remix).mp3
[2012/09/14 21:51:32 | 000,000,326 | ---- | C] () -- C:\Users\Shane\Desktop\IPVanish.appref-ms
[2012/09/14 21:51:32 | 000,000,326 | ---- | C] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\IPVanish.appref-ms
[2012/09/04 17:14:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\2U00Fta.dat
[2012/09/04 17:14:25 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/09/04 17:14:25 | 000,000,001 | ---- | C] () -- C:\ProgramData\FS584BdG.exe_.b
[2012/09/04 17:14:25 | 000,000,001 | ---- | C] () -- C:\ProgramData\FS584BdG.exe.b
[2012/09/04 17:14:24 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/09/04 17:14:24 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/09/04 17:14:23 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/09/04 17:14:23 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/09/04 17:14:22 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/09/04 17:14:22 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/09/04 17:14:21 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/09/04 17:14:21 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/09/04 17:14:21 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/09/04 17:14:20 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/09/04 17:14:20 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/09/04 17:14:19 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/09/04 17:14:19 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/09/04 17:14:18 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/09/04 17:14:18 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/09/04 17:14:17 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/09/04 17:14:17 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/09/04 17:14:16 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/09/04 17:14:16 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/09/04 17:14:15 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/09/04 17:14:15 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/09/04 17:14:14 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/09/04 17:14:14 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/09/04 17:14:13 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/09/04 17:14:13 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/09/04 17:14:12 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/09/04 17:14:12 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/09/04 17:14:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/09/04 17:14:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/09/04 17:14:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/09/04 17:14:10 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/09/04 17:14:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/09/04 17:14:09 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/09/04 17:14:08 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/09/04 17:14:08 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/09/04 17:14:07 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/09/04 17:14:07 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/09/04 17:14:06 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/09/04 17:14:06 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/09/04 17:14:05 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/09/04 17:14:05 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/09/04 17:14:04 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/09/04 17:14:04 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/09/04 17:14:03 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/09/04 17:14:03 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/09/04 17:14:02 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/09/04 17:14:02 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/06/10 17:49:29 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/28 08:42:09 | 000,003,584 | ---- | C] () -- C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 16:00:02 | 000,000,132 | ---- | C] () -- C:\Users\Shane\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/19 12:29:48 | 000,000,132 | ---- | C] () -- C:\Users\Shane\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/05/19 12:05:21 | 000,000,132 | ---- | C] () -- C:\Users\Shane\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/06/14 16:38:15 | 000,103,272 | ---- | C] () -- C:\Users\Shane\GoToAssistDownloadHelper.exe
[2010/06/12 20:49:33 | 000,000,089 | ---- | C] () -- C:\Users\Shane\userdic.tlx

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/07/27 12:39:00 | 000,000,000 | -H-D | M] -- C:\Users\Shane\AppData\Roaming\070F6750
[2012/03/06 10:46:32 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Amazon
[2012/06/29 21:29:51 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Audacity
[2010/10/20 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\AVG10
[2011/11/14 00:38:57 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\CheckPoint
[2010/08/05 12:02:48 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\DroidExplorer
[2011/12/13 10:06:36 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Gmote
[2011/07/11 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\ICAClient
[2012/03/06 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\InfraRecorder
[2010/06/14 10:36:25 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\NCH Swift Sound
[2012/06/10 17:49:29 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\PACE Anti-Piracy
[2010/06/10 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\PictureMover
[2012/09/17 09:14:45 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\PrimoPDF
[2010/08/04 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Samsung
[2011/05/18 10:49:06 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/19 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\uTorrent
[2012/02/07 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\webex

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1138 bytes -> C:\Program Files\Common Files\System:TPkEl0PKD14jQMSJfAHoyW4B5ehxG
@Alternate Data Stream - 1134 bytes -> C:\ProgramData\Microsoft:sqtB2DVvGe0kgjuzQ956VxT
@Alternate Data Stream - 1097 bytes -> C:\Users\Shane\AppData\Local\Temp:1Fwyy2ZAJJs5FHtrq9wBfRb
@Alternate Data Stream - 1068 bytes -> C:\ProgramData\Microsoft:PxuR5NizZuSsxie7rVrJRzspDfmNi

< End of report >

I appreciate any help given. Thanks.

Edited by JimmiesRustled, 19 September 2012 - 06:41 PM.

#2
RKinner

Posted 19 September 2012 - 11:07 PM

Malware Expert

Expert
24,625 posts

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE:64bit: - HKLM\..\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2012/02/21 17:28:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKCU..\Run: [KiesTrayAgent] File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA7C043E-2A16-44FD-98A2-2499B7AE66D9}: DhcpNameServer = 81.171.108.3 8.8.8.8
[2012/09/04 17:14:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\2U00Fta.dat
[2012/09/04 17:14:25 | 000,000,001 | ---- | M] () -- C:\ProgramData\FS584BdG.exe_.b
[2012/09/04 17:14:25 | 000,000,001 | ---- | M] () -- C:\ProgramData\FS584BdG.exe.b
[2012/07/27 12:39:00 | 000,000,000 | -H-D | M] -- C:\Users\Shane\AppData\Roaming\070F6750
@Alternate Data Stream - 1138 bytes -> C:\Program Files\Common Files\System:TPkEl0PKD14jQMSJfAHoyW4B5ehxG
@Alternate Data Stream - 1134 bytes -> C:\ProgramData\Microsoft:sqtB2DVvGe0kgjuzQ956VxT
@Alternate Data Stream - 1097 bytes -> C:\Users\Shane\AppData\Local\Temp:1Fwyy2ZAJJs5FHtrq9wBfRb
@Alternate Data Stream - 1068 bytes -> C:\ProgramData\Microsoft:PxuR5NizZuSsxie7rVrJRzspDfmNi

:files
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09182012-some number.log.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP. Let me know if it says at the end that it couldn't fix something.)

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do reboot for you then reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron

#3
JimmiesRustled

Posted 21 September 2012 - 12:28 AM

New Member

Topic Starter
Member
4 posts

Ron, thanks for taking the time out to help me. I've run all the things listed in your reply and here are all the logs, each separated by a good amount of spaces:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28347AC4-F13F-4469-B7BC-B7F5ABFD79B0}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DA7C043E-2A16-44FD-98A2-2499B7AE66D9}\\DhcpNameServer| /E : value set successfully!
C:\ProgramData\2U00Fta.dat moved successfully.
C:\ProgramData\FS584BdG.exe_.b moved successfully.
C:\ProgramData\FS584BdG.exe.b moved successfully.
C:\Users\Shane\AppData\Roaming\070F6750 folder moved successfully.
ADS C:\Program Files\Common Files\System:TPkEl0PKD14jQMSJfAHoyW4B5ehxG deleted successfully.
ADS C:\ProgramData\Microsoft:sqtB2DVvGe0kgjuzQ956VxT deleted successfully.
ADS C:\Users\Shane\AppData\Local\Temp:1Fwyy2ZAJJs5FHtrq9wBfRb deleted successfully.
ADS C:\ProgramData\Microsoft:PxuR5NizZuSsxie7rVrJRzspDfmNi deleted successfully.
========== FILES ==========
< at /c >
Status ID Day Time Command Line
-------------------------------------------------------------------------------
1 Each M T W Th F S Su 12:11 AM C:\ProgramData\FS584BdG.exe
10 Each M T W Th F S Su 9:00 AM C:\ProgramData\FS584BdG.exe
11 Each M T W Th F S Su 10:00 AM C:\ProgramData\FS584BdG.exe
12 Each M T W Th F S Su 11:00 AM C:\ProgramData\FS584BdG.exe
13 Each M T W Th F S Su 12:00 PM C:\ProgramData\FS584BdG.exe
14 Each M T W Th F S Su 1:00 PM C:\ProgramData\FS584BdG.exe
15 Each M T W Th F S Su 2:00 PM C:\ProgramData\FS584BdG.exe
16 Each M T W Th F S Su 3:00 PM C:\ProgramData\FS584BdG.exe
17 Each M T W Th F S Su 4:00 PM C:\ProgramData\FS584BdG.exe
18 Each M T W Th F S Su 5:00 PM C:\ProgramData\FS584BdG.exe
19 Each M T W Th F S Su 6:00 PM C:\ProgramData\FS584BdG.exe
2 Each M T W Th F S Su 1:00 AM C:\ProgramData\FS584BdG.exe
20 Each M T W Th F S Su 7:00 PM C:\ProgramData\FS584BdG.exe
21 Each M T W Th F S Su 8:00 PM C:\ProgramData\FS584BdG.exe
22 Each M T W Th F S Su 9:00 PM C:\ProgramData\FS584BdG.exe
23 Each M T W Th F S Su 10:00 PM C:\ProgramData\FS584BdG.exe
24 Each M T W Th F S Su 11:00 PM C:\ProgramData\FS584BdG.exe
25 Each M T W Th F S Su 12:11 AM C:\ProgramData\FS584BdG.exe_
26 Each M T W Th F S Su 1:00 AM C:\ProgramData\FS584BdG.exe_
27 Each M T W Th F S Su 2:00 AM C:\ProgramData\FS584BdG.exe_
28 Each M T W Th F S Su 3:00 AM C:\ProgramData\FS584BdG.exe_
29 Each M T W Th F S Su 4:00 AM C:\ProgramData\FS584BdG.exe_
3 Each M T W Th F S Su 2:00 AM C:\ProgramData\FS584BdG.exe
30 Each M T W Th F S Su 5:00 AM C:\ProgramData\FS584BdG.exe_
31 Each M T W Th F S Su 6:00 AM C:\ProgramData\FS584BdG.exe_
32 Each M T W Th F S Su 7:00 AM C:\ProgramData\FS584BdG.exe_
33 Each M T W Th F S Su 8:00 AM C:\ProgramData\FS584BdG.exe_
34 Each M T W Th F S Su 9:00 AM C:\ProgramData\FS584BdG.exe_
35 Each M T W Th F S Su 10:00 AM C:\ProgramData\FS584BdG.exe_
36 Each M T W Th F S Su 11:00 AM C:\ProgramData\FS584BdG.exe_
37 Each M T W Th F S Su 12:00 PM C:\ProgramData\FS584BdG.exe_
38 Each M T W Th F S Su 1:00 PM C:\ProgramData\FS584BdG.exe_
39 Each M T W Th F S Su 2:00 PM C:\ProgramData\FS584BdG.exe_
4 Each M T W Th F S Su 3:00 AM C:\ProgramData\FS584BdG.exe
40 Each M T W Th F S Su 3:00 PM C:\ProgramData\FS584BdG.exe_
41 Each M T W Th F S Su 4:00 PM C:\ProgramData\FS584BdG.exe_
42 Each M T W Th F S Su 5:00 PM C:\ProgramData\FS584BdG.exe_
43 Each M T W Th F S Su 6:00 PM C:\ProgramData\FS584BdG.exe_
44 Each M T W Th F S Su 7:00 PM C:\ProgramData\FS584BdG.exe_
45 Each M T W Th F S Su 8:00 PM C:\ProgramData\FS584BdG.exe_
46 Each M T W Th F S Su 9:00 PM C:\ProgramData\FS584BdG.exe_
47 Each M T W Th F S Su 10:00 PM C:\ProgramData\FS584BdG.exe_
48 Each M T W Th F S Su 11:00 PM C:\ProgramData\FS584BdG.exe_
5 Each M T W Th F S Su 4:00 AM C:\ProgramData\FS584BdG.exe
6 Each M T W Th F S Su 5:00 AM C:\ProgramData\FS584BdG.exe
7 Each M T W Th F S Su 6:00 AM C:\ProgramData\FS584BdG.exe
8 Each M T W Th F S Su 7:00 AM C:\ProgramData\FS584BdG.exe
9 Each M T W Th F S Su 8:00 AM C:\ProgramData\FS584BdG.exe
C:\Users\Shane\Desktop\cmd.bat deleted successfully.
C:\Users\Shane\Desktop\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Shane
->Flash cache emptied: 1555 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shane
->Java cache emptied: 9593726 bytes

Total Java Files Cleaned = 9.00 mb

OTL by OldTimer - Version 3.2.65.0 log created on 09202012_211918

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-20 21:26:04
-----------------------------
21:26:04.301 OS Version: Windows x64 6.1.7601 Service Pack 1
21:26:04.301 Number of processors: 2 586 0x602
21:26:04.301 ComputerName: SHANE-PC UserName: Shane
21:26:07.421 Initialize success
21:28:47.515 AVAST engine defs: 12092001
21:29:16.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
21:29:16.936 Disk 0 Vendor: ST350041 HP34 Size: 476940MB BusType: 3
21:29:16.952 Disk 0 MBR read successfully
21:29:16.952 Disk 0 MBR scan
21:29:16.968 Disk 0 unknown MBR code
21:29:16.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:29:16.983 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 466726 MB offset 206848
21:29:17.030 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10112 MB offset 956061696
21:29:17.077 Disk 0 scanning C:\Windows\system32\drivers
21:29:29.697 Service scanning
21:29:55.548 Modules scanning
21:30:03.208 AVAST engine scan C:\Windows
21:30:05.626 AVAST engine scan C:\Windows\system32
21:33:32.860 AVAST engine scan C:\Windows\system32\drivers
21:33:46.650 AVAST engine scan C:\Users\Shane
21:51:36.616 AVAST engine scan C:\ProgramData
21:54:05.959 Scan finished successfully
22:00:21.467 Disk 0 MBR has been saved successfully to "C:\Users\Shane\Desktop\MBR.dat"
22:00:21.467 The log file has been saved successfully to "C:\Users\Shane\Desktop\aswMBR.txt"

ComboFix 12-09-20.03 - Shane 09/20/2012 22:19:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.1733 [GMT -7:00]
Running from: c:\users\Shane\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Shane\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 05:25 . 2012-09-21 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-21 04:19 . 2012-09-21 04:19 -------- d-----w- C:\_OTL
2012-09-15 04:51 . 2012-09-15 04:51 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-09-12 04:15 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:15 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 04:15 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 04:15 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 04:15 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 04:15 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:15 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:15 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 04:15 . 2012-04-13 00:36 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 04:15 . 2011-06-29 15:59 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 10:01 . 2010-06-14 18:52 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-20 03:12 . 2012-07-20 03:13 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-20 03:12 . 2012-07-20 03:13 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-20 03:12 . 2012-07-20 03:12 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-20 03:12 . 2012-07-20 03:12 188912 ----a-w- c:\windows\system32\java.exe
2012-07-20 03:12 . 2010-08-01 00:33 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-18 18:15 . 2012-08-15 08:56 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 08:56 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:56 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:56 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:56 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 10:04 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 10:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 10:04 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 10:04 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 10:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 10:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 10:04 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 10:04 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 10:04 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 10:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 10:04 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 10:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 10:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 10:04 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 10:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 10:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 10:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 10:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 10:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"F.lux"="c:\users\Shane\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Audiogalaxy"="c:\users\Shane\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2011-12-17 2955496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 99352]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-16 99384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-16 203320]
R3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\DRIVERS\ssudnflt.sys [2011-02-18 19520]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-05 24600]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R4 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 948224]
R4 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 690688]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-03-15 134456]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 dgdersvc;Device Error Recovery Service;c:\windows\SysWOW64\dgdersvc.exe [2010-05-25 95568]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 50688]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-17 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-25 20568]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-893593170-1733208149-1977151973-1001Core.job
- c:\users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 06:07]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-893593170-1733208149-1977151973-1001UA.job
- c:\users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 06:07]
.
2012-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://advancedtx.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
AddRemove-MetaFrame Presentation Server Web Client for Win32 - c:\windows\system32\ctxsetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:99,2e,64,69,d2,ed,e3,13,23,ec,2f,59,f2,b2,e7,2d,64,62,6a,74,c6,
dd,fe,3c,d8,70,46,35,fd,b2,d0,d3,11,57,13,cb,5d,90,6f,2a,c7,4d,fa,21,a6,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:99,2e,64,69,d2,ed,e3,13,23,ec,2f,59,f2,b2,e7,2d,64,62,6a,74,c6,
dd,fe,3c,d8,70,46,35,fd,b2,d0,d3,11,57,13,cb,5d,90,6f,2a,c7,4d,fa,21,a6,22,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-09-20 22:32:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-21 05:32
.
Pre-Run: 248,072,757,248 bytes free
Post-Run: 247,887,163,392 bytes free
.
- - End Of File - - 9E4C3B1800CF7A4617029E884D53D18B

rectory: C:\Windows
22:36:34.0228 4720 System windows directory: C:\Windows
22:36:34.0228 4720 Running under WOW64
22:36:34.0228 4720 Processor architecture: Intel x64
22:36:34.0228 4720 Number of processors: 2
22:36:34.0228 4720 Page size: 0x1000
22:36:34.0228 4720 Boot type: Normal boot
22:36:34.0228 4720 ============================================================
22:36:35.0273 4720 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:36:35.0273 4720 ============================================================
22:36:35.0273 4720 \Device\Harddisk0\DR0:
22:36:35.0273 4720 MBR partitions:
22:36:35.0273 4720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:36:35.0273 4720 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38F93000
22:36:35.0273 4720 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FC5800, BlocksNum 0x13C0000
22:36:35.0273 4720 ============================================================
22:36:35.0288 4720 C: <-> \Device\Harddisk0\DR0\Partition2
22:36:35.0335 4720 D: <-> \Device\Harddisk0\DR0\Partition3
22:36:35.0335 4720 ============================================================
22:36:35.0335 4720 Initialize success
22:36:35.0335 4720 ============================================================
22:37:21.0996 4208 ============================================================
22:37:21.0996 4208 Scan started
22:37:21.0996 4208 Mode: Manual;
22:37:21.0996 4208 ============================================================
22:37:22.0604 4208 ================ Scan system memory ========================
22:37:22.0604 4208 System memory - ok
22:37:22.0604 4208 ================ Scan services =============================
22:37:22.0760 4208 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:37:22.0776 4208 1394ohci - ok
22:37:22.0823 4208 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:37:22.0823 4208 ACPI - ok
22:37:22.0869 4208 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:37:22.0869 4208 AcpiPmi - ok
22:37:22.0901 4208 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:37:22.0916 4208 adp94xx - ok
22:37:22.0947 4208 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:37:22.0963 4208 adpahci - ok
22:37:22.0979 4208 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:37:22.0979 4208 adpu320 - ok
22:37:22.0994 4208 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:37:23.0010 4208 AeLookupSvc - ok
22:37:23.0057 4208 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:37:23.0057 4208 AFD - ok
22:37:23.0088 4208 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
22:37:23.0088 4208 AgereModemAudio - ok
22:37:23.0135 4208 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:37:23.0166 4208 AgereSoftModem - ok
22:37:23.0213 4208 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:37:23.0213 4208 agp440 - ok
22:37:23.0400 4208 [ 91958663CBD8155D5E0F02182F8E4B78 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll
22:37:23.0400 4208 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll. md5: 91958663CBD8155D5E0F02182F8E4B78
22:37:23.0400 4208 Akamai ( HiddenFile.Multi.Generic ) - warning
22:37:23.0400 4208 Akamai - detected HiddenFile.Multi.Generic (1)
22:37:23.0431 4208 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:37:23.0447 4208 ALG - ok
22:37:23.0478 4208 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:37:23.0478 4208 aliide - ok
22:37:23.0493 4208 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:37:23.0509 4208 amdide - ok
22:37:23.0540 4208 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:37:23.0556 4208 AmdK8 - ok
22:37:23.0571 4208 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:37:23.0587 4208 AmdPPM - ok
22:37:23.0681 4208 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:37:23.0712 4208 amdsata - ok
22:37:23.0883 4208 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:37:23.0899 4208 amdsbs - ok
22:37:23.0915 4208 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:37:23.0915 4208 amdxata - ok
22:37:23.0961 4208 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:37:23.0961 4208 AppID - ok
22:37:23.0993 4208 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:37:23.0993 4208 AppIDSvc - ok
22:37:24.0024 4208 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:37:24.0024 4208 Appinfo - ok
22:37:24.0102 4208 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:37:24.0102 4208 Apple Mobile Device - ok
22:37:24.0133 4208 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:37:24.0133 4208 arc - ok
22:37:24.0149 4208 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:37:24.0149 4208 arcsas - ok
22:37:24.0258 4208 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:37:24.0258 4208 aspnet_state - ok
22:37:24.0289 4208 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:37:24.0289 4208 AsyncMac - ok
22:37:24.0336 4208 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:37:24.0336 4208 atapi - ok
22:37:24.0429 4208 [ 04B8D39566F7A10A6B52F24FA7BD8F4D ] atashost C:\Windows\SysWOW64\atashost.exe
22:37:24.0429 4208 atashost - ok
22:37:24.0476 4208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:37:24.0492 4208 AudioEndpointBuilder - ok
22:37:24.0507 4208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:37:24.0507 4208 AudioSrv - ok
22:37:24.0773 4208 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:37:24.0804 4208 AVGIDSAgent - ok
22:37:24.0835 4208 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:37:24.0835 4208 AVGIDSDriver - ok
22:37:24.0882 4208 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:37:24.0882 4208 AVGIDSEH - ok
22:37:24.0913 4208 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:37:24.0929 4208 AVGIDSFilter - ok
22:37:24.0975 4208 [ FF7383388A7D2283DAE5831ABC2B0720 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
22:37:24.0975 4208 Avgldx64 - ok
22:37:25.0007 4208 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
22:37:25.0007 4208 Avgmfx64 - ok
22:37:25.0022 4208 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
22:37:25.0038 4208 Avgrkx64 - ok
22:37:25.0069 4208 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
22:37:25.0069 4208 Avgtdia - ok
22:37:25.0100 4208 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
22:37:25.0100 4208 avgwd - ok
22:37:25.0147 4208 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:37:25.0147 4208 AxInstSV - ok
22:37:25.0194 4208 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:37:25.0209 4208 b06bdrv - ok
22:37:25.0241 4208 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:37:25.0256 4208 b57nd60a - ok
22:37:25.0287 4208 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:37:25.0287 4208 BDESVC - ok
22:37:25.0303 4208 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:37:25.0303 4208 Beep - ok
22:37:25.0350 4208 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:37:25.0365 4208 BFE - ok
22:37:25.0397 4208 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:37:25.0412 4208 BITS - ok
22:37:25.0428 4208 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:37:25.0428 4208 blbdrive - ok
22:37:25.0459 4208 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:37:25.0475 4208 bowser - ok
22:37:25.0490 4208 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:37:25.0506 4208 BrFiltLo - ok
22:37:25.0521 4208 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:37:25.0521 4208 BrFiltUp - ok
22:37:25.0568 4208 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:37:25.0568 4208 BridgeMP - ok
22:37:25.0584 4208 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:37:25.0599 4208 Browser - ok
22:37:25.0615 4208 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:37:25.0615 4208 Brserid - ok
22:37:25.0631 4208 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:37:25.0631 4208 BrSerWdm - ok
22:37:25.0631 4208 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:37:25.0646 4208 BrUsbMdm - ok
22:37:25.0646 4208 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:37:25.0646 4208 BrUsbSer - ok
22:37:25.0677 4208 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:37:25.0677 4208 BTHMODEM - ok
22:37:25.0709 4208 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:37:25.0709 4208 bthserv - ok
22:37:25.0724 4208 catchme - ok
22:37:25.0755 4208 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:37:25.0755 4208 cdfs - ok
22:37:25.0802 4208 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:37:25.0802 4208 cdrom - ok
22:37:25.0849 4208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:37:25.0849 4208 CertPropSvc - ok
22:37:25.0880 4208 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:37:25.0880 4208 circlass - ok
22:37:25.0911 4208 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:37:25.0927 4208 CLFS - ok
22:37:25.0974 4208 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:37:25.0974 4208 clr_optimization_v2.0.50727_32 - ok
22:37:26.0005 4208 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:37:26.0005 4208 clr_optimization_v2.0.50727_64 - ok
22:37:26.0067 4208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:37:26.0083 4208 clr_optimization_v4.0.30319_32 - ok
22:37:26.0083 4208 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:37:26.0099 4208 clr_optimization_v4.0.30319_64 - ok
22:37:26.0114 4208 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:37:26.0114 4208 CmBatt - ok
22:37:26.0130 4208 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:37:26.0130 4208 cmdide - ok
22:37:26.0177 4208 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:37:26.0177 4208 CNG - ok
22:37:26.0208 4208 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:37:26.0208 4208 Compbatt - ok
22:37:26.0239 4208 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:37:26.0255 4208 CompositeBus - ok
22:37:26.0270 4208 COMSysApp - ok
22:37:26.0301 4208 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:37:26.0301 4208 crcdisk - ok
22:37:26.0348 4208 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:37:26.0348 4208 CryptSvc - ok
22:37:26.0395 4208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:37:26.0411 4208 DcomLaunch - ok
22:37:26.0442 4208 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:37:26.0457 4208 defragsvc - ok
22:37:26.0489 4208 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:37:26.0504 4208 DfsC - ok
22:37:26.0551 4208 [ 867FA8B9E9E3078F68C4089904BBF4B0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
22:37:26.0551 4208 dgderdrv - ok
22:37:26.0582 4208 [ 1F7BACA7D1DD1B3D73B4C3934148FAD3 ] dgdersvc C:\Windows\SysWOW64\dgdersvc.exe
22:37:26.0598 4208 dgdersvc - ok
22:37:26.0613 4208 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
22:37:26.0629 4208 dg_ssudbus - ok
22:37:26.0676 4208 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:37:26.0676 4208 Dhcp - ok
22:37:26.0691 4208 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:37:26.0707 4208 discache - ok
22:37:26.0754 4208 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:37:26.0754 4208 Disk - ok
22:37:26.0801 4208 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
22:37:26.0801 4208 DNE - ok
22:37:26.0847 4208 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:37:26.0847 4208 Dnscache - ok
22:37:26.0879 4208 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:37:26.0894 4208 dot3svc - ok
22:37:26.0941 4208 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:37:26.0941 4208 DPS - ok
22:37:26.0972 4208 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:37:26.0972 4208 drmkaud - ok
22:37:27.0035 4208 dtpd - ok
22:37:27.0081 4208 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:37:27.0097 4208 DXGKrnl - ok
22:37:27.0128 4208 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:37:27.0128 4208 EapHost - ok
22:37:27.0206 4208 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:37:27.0269 4208 ebdrv - ok
22:37:27.0300 4208 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:37:27.0300 4208 EFS - ok
22:37:27.0347 4208 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:37:27.0347 4208 ehRecvr - ok
22:37:27.0362 4208 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:37:27.0362 4208 ehSched - ok
22:37:27.0393 4208 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:37:27.0409 4208 elxstor - ok
22:37:27.0425 4208 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:37:27.0440 4208 ErrDev - ok
22:37:27.0471 4208 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:37:27.0471 4208 EventSystem - ok
22:37:27.0487 4208 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:37:27.0503 4208 exfat - ok
22:37:27.0518 4208 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:37:27.0518 4208 fastfat - ok
22:37:27.0565 4208 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:37:27.0581 4208 Fax - ok
22:37:27.0596 4208 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:37:27.0596 4208 fdc - ok
22:37:27.0596 4208 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:37:27.0596 4208 fdPHost - ok
22:37:27.0612 4208 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:37:27.0612 4208 FDResPub - ok
22:37:27.0627 4208 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:37:27.0627 4208 FileInfo - ok
22:37:27.0643 4208 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:37:27.0643 4208 Filetrace - ok
22:37:27.0659 4208 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:37:27.0659 4208 flpydisk - ok
22:37:27.0674 4208 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:37:27.0674 4208 FltMgr - ok
22:37:27.0737 4208 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:37:27.0768 4208 FontCache - ok
22:37:27.0830 4208 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:37:27.0830 4208 FontCache3.0.0.0 - ok
22:37:27.0846 4208 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:37:27.0846 4208 FsDepends - ok
22:37:27.0893 4208 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:37:27.0893 4208 Fs_Rec - ok
22:37:27.0939 4208 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:37:27.0955 4208 fvevol - ok
22:37:27.0971 4208 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:37:27.0986 4208 gagp30kx - ok
22:37:28.0049 4208 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
22:37:28.0049 4208 getPlusHelper - ok
22:37:28.0111 4208 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:37:28.0127 4208 gpsvc - ok
22:37:28.0142 4208 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:37:28.0158 4208 hcw85cir - ok
22:37:28.0189 4208 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:37:28.0189 4208 HDAudBus - ok
22:37:28.0236 4208 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:37:28.0236 4208 HidBatt - ok
22:37:28.0251 4208 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:37:28.0251 4208 HidBth - ok
22:37:28.0267 4208 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:37:28.0267 4208 HidIr - ok
22:37:28.0298 4208 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:37:28.0298 4208 hidserv - ok
22:37:28.0329 4208 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:37:28.0329 4208 HidUsb - ok
22:37:28.0361 4208 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:37:28.0361 4208 hkmsvc - ok
22:37:28.0392 4208 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:37:28.0407 4208 HomeGroupListener - ok
22:37:28.0407 4208 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:37:28.0423 4208 HomeGroupProvider - ok
22:37:28.0454 4208 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:37:28.0454 4208 HpSAMD - ok
22:37:28.0501 4208 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:37:28.0517 4208 HTTP - ok
22:37:28.0563 4208 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:37:28.0563 4208 hwpolicy - ok
22:37:28.0595 4208 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:37:28.0610 4208 i8042prt - ok
22:37:28.0626 4208 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:37:28.0641 4208 iaStorV - ok
22:37:28.0688 4208 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:37:28.0704 4208 idsvc - ok
22:37:28.0735 4208 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:37:28.0751 4208 iirsp - ok
22:37:28.0751 4208 iked - ok
22:37:28.0813 4208 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:37:28.0829 4208 IKEEXT - ok
22:37:28.0922 4208 [ EF75C94792187A143871FBB87611B0B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:37:28.0985 4208 IntcAzAudAddService - ok
22:37:29.0016 4208 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:37:29.0031 4208 intelide - ok
22:37:29.0063 4208 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:37:29.0063 4208 intelppm - ok
22:37:29.0141 4208 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:37:29.0141 4208 IntuitUpdateService - ok
22:37:29.0187 4208 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:37:29.0187 4208 IPBusEnum - ok
22:37:29.0234 4208 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:37:29.0234 4208 IpFilterDriver - ok
22:37:29.0265 4208 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:37:29.0281 4208 iphlpsvc - ok
22:37:29.0312 4208 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:37:29.0328 4208 IPMIDRV - ok
22:37:29.0343 4208 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:37:29.0343 4208 IPNAT - ok
22:37:29.0343 4208 ipsecd - ok
22:37:29.0375 4208 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:37:29.0375 4208 IRENUM - ok
22:37:29.0390 4208 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:37:29.0390 4208 isapnp - ok
22:37:29.0406 4208 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:37:29.0406 4208 iScsiPrt - ok
22:37:29.0499 4208 [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:37:29.0499 4208 ISWKL - ok
22:37:29.0562 4208 [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
22:37:29.0577 4208 IswSvc - ok
22:37:29.0593 4208 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:37:29.0593 4208 kbdclass - ok
22:37:29.0609 4208 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:37:29.0624 4208 kbdhid - ok
22:37:29.0624 4208 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:37:29.0624 4208 KeyIso - ok
22:37:29.0671 4208 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:37:29.0671 4208 KSecDD - ok
22:37:29.0718 4208 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:37:29.0733 4208 KSecPkg - ok
22:37:29.0749 4208 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:37:29.0749 4208 ksthunk - ok
22:37:29.0780 4208 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:37:29.0780 4208 KtmRm - ok
22:37:29.0827 4208 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:37:29.0843 4208 LanmanServer - ok
22:37:29.0874 4208 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:37:29.0889 4208 LanmanWorkstation - ok
22:37:29.0921 4208 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:37:29.0952 4208 LightScribeService - ok
22:37:29.0967 4208 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:37:29.0967 4208 lltdio - ok
22:37:29.0999 4208 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:37:29.0999 4208 lltdsvc - ok
22:37:30.0014 4208 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:37:30.0014 4208 lmhosts - ok
22:37:30.0123 4208 [ CC24EAD43A7B1B5E3F38AC6E9CF7FFF2 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
22:37:30.0123 4208 LMIGuardianSvc - ok
22:37:30.0155 4208 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
22:37:30.0155 4208 LMIInfo - ok
22:37:30.0170 4208 [ 49A09A7948529F694353F466C0DE7B8A ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
22:37:30.0170 4208 LMIMaint - ok
22:37:30.0201 4208 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
22:37:30.0201 4208 lmimirr - ok
22:37:30.0217 4208 LMIRfsClientNP - ok
22:37:30.0233 4208 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
22:37:30.0233 4208 LMIRfsDriver - ok
22:37:30.0248 4208 [ 5AAA4186E0558546AF5FAA8EADCA5E35 ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
22:37:30.0248 4208 LogMeIn - ok
22:37:30.0279 4208 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:37:30.0295 4208 LSI_FC - ok
22:37:30.0311 4208 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:37:30.0311 4208 LSI_SAS - ok
22:37:30.0326 4208 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:37:30.0326 4208 LSI_SAS2 - ok
22:37:30.0342 4208 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:37:30.0342 4208 LSI_SCSI - ok
22:37:30.0373 4208 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:37:30.0373 4208 luafv - ok
22:37:30.0404 4208 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:37:30.0404 4208 Mcx2Svc - ok
22:37:30.0435 4208 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:37:30.0435 4208 megasas - ok
22:37:30.0451 4208 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:37:30.0467 4208 MegaSR - ok
22:37:30.0498 4208 Microsoft SharePoint Workspace Audit Service - ok
22:37:30.0513 4208 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:37:30.0513 4208 MMCSS - ok
22:37:30.0529 4208 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:37:30.0529 4208 Modem - ok
22:37:30.0560 4208 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:37:30.0560 4208 monitor - ok
22:37:30.0560 4208 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:37:30.0560 4208 mouclass - ok
22:37:30.0591 4208 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:37:30.0591 4208 mouhid - ok
22:37:30.0638 4208 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:37:30.0638 4208 mountmgr - ok
22:37:30.0732 4208 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:37:30.0747 4208 MozillaMaintenance - ok
22:37:30.0779 4208 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:37:30.0779 4208 mpio - ok
22:37:30.0810 4208 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:37:30.0810 4208 mpsdrv - ok
22:37:30.0872 4208 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:37:30.0888 4208 MpsSvc - ok
22:37:30.0935 4208 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:37:30.0935 4208 MRxDAV - ok
22:37:30.0981 4208 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:37:30.0981 4208 mrxsmb - ok
22:37:31.0028 4208 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:37:31.0044 4208 mrxsmb10 - ok
22:37:31.0059 4208 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:37:31.0059 4208 mrxsmb20 - ok
22:37:31.0091 4208 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:37:31.0091 4208 msahci - ok
22:37:31.0122 4208 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:37:31.0137 4208 msdsm - ok
22:37:31.0153 4208 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:37:31.0169 4208 MSDTC - ok
22:37:31.0200 4208 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:37:31.0200 4208 Msfs - ok
22:37:31.0215 4208 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:37:31.0231 4208 mshidkmdf - ok
22:37:31.0262 4208 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:37:31.0262 4208 msisadrv - ok
22:37:31.0278 4208 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:37:31.0278 4208 MSiSCSI - ok
22:37:31.0293 4208 msiserver - ok
22:37:31.0309 4208 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:37:31.0309 4208 MSKSSRV - ok
22:37:31.0325 4208 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:37:31.0325 4208 MSPCLOCK - ok
22:37:31.0340 4208 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:37:31.0340 4208 MSPQM - ok
22:37:31.0371 4208 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:37:31.0371 4208 MsRPC - ok
22:37:31.0387 4208 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:37:31.0387 4208 mssmbios - ok
22:37:31.0418 4208 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:37:31.0418 4208 MSTEE - ok
22:37:31.0418 4208 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:37:31.0434 4208 MTConfig - ok
22:37:31.0449 4208 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:37:31.0449 4208 Mup - ok
22:37:31.0481 4208 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:37:31.0481 4208 napagent - ok
22:37:31.0512 4208 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:37:31.0512 4208 NativeWifiP - ok
22:37:31.0559 4208 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:37:31.0559 4208 NDIS - ok
22:37:31.0590 4208 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:37:31.0590 4208 NdisCap - ok
22:37:31.0605 4208 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:37:31.0605 4208 NdisTapi - ok
22:37:31.0637 4208 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:37:31.0637 4208 Ndisuio - ok
22:37:31.0668 4208 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:37:31.0668 4208 NdisWan - ok
22:37:31.0715 4208 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:37:31.0715 4208 NDProxy - ok
22:37:31.0730 4208 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:37:31.0730 4208 NetBIOS - ok
22:37:31.0777 4208 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:37:31.0777 4208 NetBT - ok
22:37:31.0808 4208 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:37:31.0808 4208 Netlogon - ok
22:37:31.0839 4208 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:37:31.0839 4208 Netman - ok
22:37:31.0902 4208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:31.0917 4208 NetMsmqActivator - ok
22:37:31.0917 4208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:31.0933 4208 NetPipeActivator - ok
22:37:31.0949 4208 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:37:31.0964 4208 netprofm - ok
22:37:31.0964 4208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:31.0964 4208 NetTcpActivator - ok
22:37:31.0964 4208 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:37:31.0980 4208 NetTcpPortSharing - ok
22:37:31.0995 4208 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:37:31.0995 4208 nfrd960 - ok
22:37:32.0027 4208 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:37:32.0027 4208 NlaSvc - ok
22:37:32.0058 4208 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:37:32.0058 4208 Npfs - ok
22:37:32.0058 4208 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:37:32.0058 4208 nsi - ok
22:37:32.0073 4208 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:37:32.0073 4208 nsiproxy - ok
22:37:32.0151 4208 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:37:32.0167 4208 Ntfs - ok
22:37:32.0167 4208 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:37:32.0167 4208 Null - ok
22:37:32.0401 4208 [ AC8CBE9A0663E88F6429EE5530D5E32B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:37:32.0604 4208 nvlddmkm - ok
22:37:32.0635 4208 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
22:37:32.0635 4208 NVNET - ok
22:37:32.0651 4208 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:37:32.0651 4208 nvraid - ok
22:37:32.0697 4208 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:37:32.0697 4208 nvstor - ok
22:37:32.0729 4208 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
22:37:32.0729 4208 nvstor64 - ok
22:37:32.0775 4208 [ B9CF28813A6F19DA9776A7E49C61CD6E ] nvsvc C:\Windows\system32\nvvsvc.exe
22:37:32.0791 4208 nvsvc - ok
22:37:32.0807 4208 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:37:32.0822 4208 nv_agp - ok
22:37:32.0838 4208 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:37:32.0853 4208 ohci1394 - ok
22:37:32.0900 4208 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:37:32.0900 4208 ose - ok
22:37:33.0072 4208 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:37:33.0165 4208 osppsvc - ok
22:37:33.0181 4208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:37:33.0197 4208 p2pimsvc - ok
22:37:33.0212 4208 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:37:33.0212 4208 p2psvc - ok
22:37:33.0228 4208 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:37:33.0228 4208 Parport - ok
22:37:33.0275 4208 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:37:33.0275 4208 partmgr - ok
22:37:33.0290 4208 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:37:33.0290 4208 PcaSvc - ok
22:37:33.0337 4208 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:37:33.0337 4208 pci - ok
22:37:33.0353 4208 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:37:33.0353 4208 pciide - ok
22:37:33.0384 4208 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:37:33.0384 4208 pcmcia - ok
22:37:33.0399 4208 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:37:33.0399 4208 pcw - ok
22:37:33.0415 4208 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:37:33.0431 4208 PEAUTH - ok
22:37:33.0477 4208 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:37:33.0493 4208 PerfHost - ok
22:37:33.0571 4208 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:37:33.0602 4208 pla - ok
22:37:33.0665 4208 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:37:33.0665 4208 PlugPlay - ok
22:37:33.0696 4208 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:37:33.0696 4208 PNRPAutoReg - ok
22:37:33.0711 4208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:37:33.0711 4208 PNRPsvc - ok
22:37:33.0743 4208 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:37:33.0743 4208 PolicyAgent - ok
22:37:33.0774 4208 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:37:33.0774 4208 Power - ok
22:37:33.0821 4208 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:37:33.0821 4208 PptpMiniport - ok
22:37:33.0852 4208 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:37:33.0867 4208 Processor - ok
22:37:33.0899 4208 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:37:33.0899 4208 ProfSvc - ok
22:37:33.0914 4208 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:37:33.0914 4208 ProtectedStorage - ok
22:37:33.0961 4208 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:37:33.0961 4208 Psched - ok
22:37:34.0008 4208 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:37:34.0008 4208 PxHlpa64 - ok
22:37:34.0148 4208 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:37:34.0195 4208 ql2300 - ok
22:37:34.0242 4208 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:37:34.0242 4208 ql40xx - ok
22:37:34.0273 4208 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:37:34.0289 4208 QWAVE - ok
22:37:34.0304 4208 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:37:34.0320 4208 QWAVEdrv - ok
22:37:34.0335 4208 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:37:34.0335 4208 RasAcd - ok
22:37:34.0367 4208 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:37:34.0367 4208 RasAgileVpn - ok
22:37:34.0382 4208 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:37:34.0398 4208 RasAuto - ok
22:37:34.0445 4208 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:37:34.0445 4208 Rasl2tp - ok
22:37:34.0460 4208 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:37:34.0476 4208 RasMan - ok
22:37:34.0491 4208 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:37:34.0491 4208 RasPppoe - ok
22:37:34.0491 4208 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:37:34.0507 4208 RasSstp - ok
22:37:34.0523 4208 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:37:34.0523 4208 rdbss - ok
22:37:34.0538 4208 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:37:34.0538 4208 rdpbus - ok
22:37:34.0554 4208 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:37:34.0554 4208 RDPCDD - ok
22:37:34.0585 4208 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:37:34.0585 4208 RDPENCDD - ok
22:37:34.0601 4208 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:37:34.0601 4208 RDPREFMP - ok
22:37:34.0647 4208 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:37:34.0647 4208 RDPWD - ok
22:37:34.0679 4208 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:37:34.0694 4208 rdyboost - ok
22:37:34.0710 4208 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:37:34.0710 4208 RemoteAccess - ok
22:37:34.0725 4208 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:37:34.0741 4208 RemoteRegistry - ok
22:37:34.0741 4208 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:37:34.0741 4208 RpcEptMapper - ok
22:37:34.0757 4208 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:37:34.0772 4208 RpcLocator - ok
22:37:34.0803 4208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:37:34.0803 4208 RpcSs - ok
22:37:34.0835 4208 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:37:34.0835 4208 rspndr - ok
22:37:34.0850 4208 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:37:34.0850 4208 SamSs - ok
22:37:34.0881 4208 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:37:34.0881 4208 sbp2port - ok
22:37:34.0913 4208 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:37:34.0928 4208 SCardSvr - ok
22:37:34.0959 4208 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:37:34.0959 4208 scfilter - ok
22:37:35.0022 4208 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:37:35.0053 4208 Schedule - ok
22:37:35.0084 4208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:37:35.0084 4208 SCPolicySvc - ok
22:37:35.0115 4208 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:37:35.0131 4208 SDRSVC - ok
22:37:35.0162 4208 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:37:35.0162 4208 secdrv - ok
22:37:35.0178 4208 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:37:35.0178 4208 seclogon - ok
22:37:35.0209 4208 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:37:35.0209 4208 SENS - ok
22:37:35.0225 4208 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:37:35.0240 4208 SensrSvc - ok
22:37:35.0256 4208 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:37:35.0256 4208 Serenum - ok
22:37:35.0287 4208 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:37:35.0287 4208 Serial - ok
22:37:35.0318 4208 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:37:35.0318 4208 sermouse - ok
22:37:35.0381 4208 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:37:35.0381 4208 SessionEnv - ok
22:37:35.0412 4208 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:37:35.0412 4208 sffdisk - ok
22:37:35.0427 4208 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:37:35.0443 4208 sffp_mmc - ok
22:37:35.0459 4208 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:37:35.0459 4208 sffp_sd - ok
22:37:35.0474 4208 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:37:35.0474 4208 sfloppy - ok
22:37:35.0490 4208 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:37:35.0490 4208 SharedAccess - ok
22:37:35.0537 4208 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:37:35.0537 4208 ShellHWDetection - ok
22:37:35.0568 4208 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:37:35.0568 4208 SiSRaid2 - ok
22:37:35.0599 4208 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:37:35.0599 4208 SiSRaid4 - ok
22:37:35.0615 4208 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:37:35.0615 4208 Smb - ok
22:37:35.0661 4208 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:37:35.0661 4208 SNMPTRAP - ok
22:37:35.0661 4208 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:37:35.0661 4208 spldr - ok
22:37:35.0677 4208 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:37:35.0693 4208 Spooler - ok
22:37:35.0786 4208 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:37:35.0864 4208 sppsvc - ok
22:37:35.0880 4208 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:37:35.0880 4208 sppuinotify - ok
22:37:35.0911 4208 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:37:35.0927 4208 srv - ok
22:37:35.0973 4208 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:37:35.0989 4208 srv2 - ok
22:37:36.0020 4208 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:37:36.0020 4208 srvnet - ok
22:37:36.0051 4208 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:37:36.0051 4208 SSDPSRV - ok
22:37:36.0067 4208 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:37:36.0067 4208 SstpSvc - ok
22:37:36.0098 4208 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
22:37:36.0114 4208 ssudmdm - ok
22:37:36.0145 4208 [ 29207B1D7FC5692C2FEACF5AAB5DC066 ] ssudnflt C:\Windows\system32\DRIVERS\ssudnflt.sys
22:37:36.0145 4208 ssudnflt - ok
22:37:36.0161 4208 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:37:36.0161 4208 stexstor - ok
22:37:36.0207 4208 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:37:36.0223 4208 stisvc - ok
22:37:36.0254 4208 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:37:36.0254 4208 swenum - ok
22:37:36.0301 4208 [ BA41A448446FDF839A32E27A8DCB7C9D ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
22:37:36.0317 4208 SWGVCSvc - ok
22:37:36.0348 4208 [ 1E036F98E6C780DD7669F516E8BE0CEA ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
22:37:36.0363 4208 SWIPsec - ok
22:37:36.0473 4208 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:37:36.0504 4208 SwitchBoard - ok
22:37:36.0535 4208 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:37:36.0551 4208 swprv - ok
22:37:36.0597 4208 [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
22:37:36.0613 4208 SWVNIC - ok
22:37:36.0707 4208 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:37:36.0738 4208 SysMain - ok
22:37:36.0769 4208 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:37:36.0785 4208 TabletInputService - ok
22:37:36.0816 4208 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
22:37:36.0816 4208 tap0901 - ok
22:37:36.0847 4208 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:37:36.0847 4208 TapiSrv - ok
22:37:36.0878 4208 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:37:36.0878 4208 TBS - ok
22:37:36.0956 4208 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:37:36.0987 4208 Tcpip - ok
22:37:37.0034 4208 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:37:37.0050 4208 TCPIP6 - ok
22:37:37.0097 4208 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:37:37.0097 4208 tcpipreg - ok
22:37:37.0112 4208 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:37:37.0112 4208 TDPIPE - ok
22:37:37.0143 4208 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:37:37.0143 4208 TDTCP - ok
22:37:37.0175 4208 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:37:37.0190 4208 tdx - ok
22:37:37.0190 4208 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:37:37.0206 4208 TermDD - ok
22:37:37.0253 4208 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:37:37.0268 4208 TermService - ok
22:37:37.0299 4208 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
22:37:37.0299 4208 TFsExDisk - ok
22:37:37.0331 4208 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:37:37.0331 4208 Themes - ok
22:37:37.0362 4208 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:37:37.0362 4208 THREADORDER - ok
22:37:37.0377 4208 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:37:37.0377 4208 TrkWks - ok
22:37:37.0424 4208 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:37:37.0424 4208 TrustedInstaller - ok
22:37:37.0487 4208 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:37:37.0487 4208 tssecsrv - ok
22:37:37.0533 4208 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:37:37.0533 4208 TsUsbFlt - ok
22:37:37.0580 4208 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:37:37.0580 4208 tunnel - ok
22:37:37.0611 4208 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:37:37.0627 4208 uagp35 - ok
22:37:37.0658 4208 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:37:37.0658 4208 udfs - ok
22:37:37.0705 4208 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:37:37.0705 4208 UI0Detect - ok
22:37:37.0721 4208 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:37:37.0721 4208 uliagpkx - ok
22:37:37.0767 4208 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:37:37.0767 4208 umbus - ok
22:37:37.0799 4208 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:37:37.0799 4208 UmPass - ok
22:37:37.0814 4208 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:37:37.0830 4208 upnphost - ok
22:37:37.0845 4208 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:37:37.0845 4208 USBAAPL64 - ok
22:37:37.0861 4208 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:37:37.0877 4208 usbccgp - ok
22:37:37.0908 4208 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:37:37.0908 4208 usbcir - ok
22:37:37.0923 4208 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:37:37.0923 4208 usbehci - ok
22:37:37.0955 4208 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:37:37.0955 4208 usbhub - ok
22:37:37.0970 4208 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:37:37.0970 4208 usbohci - ok
22:37:37.0986 4208 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:37:37.0986 4208 usbprint - ok
22:37:38.0033 4208 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:37:38.0033 4208 usbscan - ok
22:37:38.0048 4208 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:37:38.0048 4208 USBSTOR - ok
22:37:38.0095 4208 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:37:38.0095 4208 usbuhci - ok
22:37:38.0126 4208 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
22:37:38.0126 4208 usb_rndisx - ok
22:37:38.0157 4208 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:37:38.0157 4208 UxSms - ok
22:37:38.0173 4208 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:37:38.0173 4208 VaultSvc - ok
22:37:38.0220 4208 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:37:38.0220 4208 vdrvroot - ok
22:37:38.0267 4208 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:37:38.0282 4208 vds - ok
22:37:38.0329 4208 [ 70EB327D68D7CEC357B734B0BE5B4A21 ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
22:37:38.0329 4208 vflt - ok
22:37:38.0360 4208 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:37:38.0360 4208 vga - ok
22:37:38.0376 4208 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:37:38.0391 4208 VgaSave - ok
22:37:38.0423 4208 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:37:38.0423 4208 vhdmp - ok
22:37:38.0454 4208 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:37:38.0454 4208 viaide - ok
22:37:38.0501 4208 [ 71BF90872B6A7B34A26F4794DDA7AEC3 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
22:37:38.0501 4208 vnet - ok
22:37:38.0516 4208 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:37:38.0516 4208 volmgr - ok
22:37:38.0547 4208 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:37:38.0563 4208 volmgrx - ok
22:37:38.0610 4208 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:37:38.0610 4208 volsnap - ok
22:37:38.0672 4208 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
22:37:38.0672 4208 Vsdatant - ok
22:37:38.0719 4208 vsmon - ok
22:37:38.0750 4208 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:37:38.0766 4208 vsmraid - ok
22:37:38.0828 4208 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:37:38.0875 4208 VSS - ok
22:37:38.0891 4208 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:37:38.0906 4208 vwifibus - ok
22:37:38.0922 4208 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:37:38.0922 4208 W32Time - ok
22:37:38.0953 4208 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:37:38.0953 4208 WacomPen - ok
22:37:39.0000 4208 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:37:39.0000 4208 WANARP - ok
22:37:39.0015 4208 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:37:39.0015 4208 Wanarpv6 - ok
22:37:39.0078 4208 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:37:39.0125 4208 WatAdminSvc - ok
22:37:39.0187 4208 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:37:39.0234 4208 wbengine - ok
22:37:39.0249 4208 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:37:39.0265 4208 WbioSrvc - ok
22:37:39.0327 4208 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:37:39.0359 4208 wcncsvc - ok
22:37:39.0374 4208 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:37:39.0390 4208 WcsPlugInService - ok
22:37:39.0405 4208 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:37:39.0405 4208 Wd - ok
22:37:39.0452 4208 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:37:39.0468 4208 Wdf01000 - ok
22:37:39.0483 4208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:37:39.0483 4208 WdiServiceHost - ok
22:37:39.0499 4208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:37:39.0499 4208 WdiSystemHost - ok
22:37:39.0546 4208 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:37:39.0546 4208 WebClient - ok
22:37:39.0577 4208 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:37:39.0577 4208 Wecsvc - ok
22:37:39.0593 4208 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:37:39.0593 4208 wercplsupport - ok
22:37:39.0608 4208 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:37:39.0624 4208 WerSvc - ok
22:37:39.0639 4208 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:37:39.0639 4208 WfpLwf - ok
22:37:39.0655 4208 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:37:39.0655 4208 WIMMount - ok
22:37:39.0671 4208 WinDefend - ok
22:37:39.0686 4208 WinHttpAutoProxySvc - ok
22:37:39.0733 4208 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:37:39.0733 4208 Winmgmt - ok
22:37:39.0827 4208 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:37:39.0873 4208 WinRM - ok
22:37:39.0920 4208 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:37:39.0920 4208 WinUsb - ok
22:37:39.0951 4208 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:37:39.0967 4208 Wlansvc - ok
22:37:39.0983 4208 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:37:39.0998 4208 WmiAcpi - ok
22:37:40.0014 4208 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:37:40.0014 4208 wmiApSrv - ok
22:37:40.0045 4208 WMPNetworkSvc - ok
22:37:40.0061 4208 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:37:40.0061 4208 WPCSvc - ok
22:37:40.0107 4208 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:37:40.0107 4208 WPDBusEnum - ok
22:37:40.0123 4208 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:37:40.0123 4208 ws2ifsl - ok
22:37:40.0139 4208 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:37:40.0139 4208 wscsvc - ok
22:37:40.0139 4208 WSearch - ok
22:37:40.0232 4208 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:37:40.0279 4208 wuauserv - ok
22:37:40.0279 4208 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:37:40.0295 4208 WudfPf - ok
22:37:40.0326 4208 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:37:40.0326 4208 WUDFRd - ok
22:37:40.0357 4208 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:37:40.0373 4208 wudfsvc - ok
22:37:40.0388 4208 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:37:40.0388 4208 WwanSvc - ok
22:37:40.0451 4208 ================ Scan global ===============================
22:37:40.0466 4208 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:37:40.0497 4208 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:37:40.0513 4208 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:37:40.0529 4208 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:37:40.0544 4208 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:37:40.0560 4208 [Global] - ok
22:37:40.0560 4208 ================ Scan MBR ==================================
22:37:40.0560 4208 [ 9C479F84F1B2F80F6886F2BC0C306F2E ] \Device\Harddisk0\DR0
22:37:40.0747 4208 \Device\Harddisk0\DR0 - ok
22:37:40.0747 4208 ================ Scan VBR ==================================
22:37:40.0747 4208 [ 103D677B09F8C37BDE4663BADCC817C9 ] \Device\Harddisk0\DR0\Partition1
22:37:40.0747 4208 \Device\Harddisk0\DR0\Partition1 - ok
22:37:40.0763 4208 [ C77A69A047FC4126BD62D316DB8B3D52 ] \Device\Harddisk0\DR0\Partition2
22:37:40.0763 4208 \Device\Harddisk0\DR0\Partition2 - ok
22:37:40.0778 4208 [ 9BC3EC1739A3CA7C1F93F261B743A54E ] \Device\Harddisk0\DR0\Partition3
22:37:40.0794 4208 \Device\Harddisk0\DR0\Partition3 - ok
22:37:40.0794 4208 ============================================================
22:37:40.0794 4208 Scan finished
22:37:40.0794 4208 ============================================================
22:37:40.0794 2252 Detected object count: 1
22:37:40.0794 2252 Actual detected object count: 1
22:37:54.0241 2252 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
22:37:54.0241 2252 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
22:38:27.0892 6368 ============================================================
22:38:27.0892 6368 Scan started
22:38:27.0892 6368 Mode: Manual; SigCheck; TDLFS;
22:38:27.0892 6368 ============================================================
22:38:28.0126 6368 ================ Scan system memory ========================
22:38:28.0126 6368 System memory - ok
22:38:28.0126 6368 ================ Scan services =============================
22:38:28.0282 6368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:38:28.0376 6368 1394ohci - ok
22:38:28.0423 6368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:38:28.0454 6368 ACPI - ok
22:38:28.0454 6368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:38:28.0532 6368 AcpiPmi - ok
22:38:28.0563 6368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:38:28.0579 6368 adp94xx - ok
22:38:28.0610 6368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:38:28.0625 6368 adpahci - ok
22:38:28.0657 6368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:38:28.0672 6368 adpu320 - ok
22:38:28.0688 6368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:38:28.0735 6368 AeLookupSvc - ok
22:38:28.0766 6368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:38:28.0797 6368 AFD - ok
22:38:28.0828 6368 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
22:38:28.0875 6368 AgereModemAudio - ok
22:38:28.0937 6368 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
22:38:28.0969 6368 AgereSoftModem - ok
22:38:29.0000 6368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:38:29.0000 6368 agp440 - ok
22:38:29.0140 6368 [ 91958663CBD8155D5E0F02182F8E4B78 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll
22:38:29.0140 6368 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll. md5: 91958663CBD8155D5E0F02182F8E4B78
22:38:29.0140 6368 Akamai ( HiddenFile.Multi.Generic ) - warning
22:38:29.0140 6368 Akamai - detected HiddenFile.Multi.Generic (1)
22:38:29.0171 6368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:38:29.0187 6368 ALG - ok
22:38:29.0203 6368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:38:29.0203 6368 aliide - ok
22:38:29.0218 6368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:38:29.0218 6368 amdide - ok
22:38:29.0249 6368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:38:29.0296 6368 AmdK8 - ok
22:38:29.0312 6368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:38:29.0343 6368 AmdPPM - ok
22:38:29.0374 6368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:38:29.0390 6368 amdsata - ok
22:38:29.0421 6368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:38:29.0437 6368 amdsbs - ok
22:38:29.0452 6368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:38:29.0452 6368 amdxata - ok
22:38:29.0483 6368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:38:29.0593 6368 AppID - ok
22:38:29.0608 6368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:38:29.0686 6368 AppIDSvc - ok
22:38:29.0702 6368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:38:29.0749 6368 Appinfo - ok
22:38:29.0811 6368 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:38:29.0827 6368 Apple Mobile Device - ok
22:38:29.0858 6368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:38:29.0873 6368 arc - ok
22:38:29.0889 6368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:38:29.0889 6368 arcsas - ok
22:38:29.0983 6368 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:38:30.0014 6368 aspnet_state - ok
22:38:30.0045 6368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:30.0076 6368 AsyncMac - ok
22:38:30.0123 6368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:38:30.0154 6368 atapi - ok
22:38:30.0217 6368 [ 04B8D39566F7A10A6B52F24FA7BD8F4D ] atashost C:\Windows\SysWOW64\atashost.exe
22:38:30.0248 6368 atashost - ok
22:38:30.0310 6368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:38:30.0373 6368 AudioEndpointBuilder - ok
22:38:30.0373 6368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:38:30.0419 6368 AudioSrv - ok
22:38:30.0653 6368 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:38:30.0747 6368 AVGIDSAgent - ok
22:38:30.0794 6368 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:38:30.0825 6368 AVGIDSDriver - ok
22:38:30.0856 6368 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:38:30.0872 6368 AVGIDSEH - ok
22:38:30.0903 6368 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:38:30.0919 6368 AVGIDSFilter - ok
22:38:30.0965 6368 [ FF7383388A7D2283DAE5831ABC2B0720 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
22:38:30.0997 6368 Avgldx64 - ok
22:38:31.0012 6368 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
22:38:31.0028 6368 Avgmfx64 - ok
22:38:31.0043 6368 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
22:38:31.0059 6368 Avgrkx64 - ok
22:38:31.0090 6368 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
22:38:31.0090 6368 Avgtdia - ok
22:38:31.0121 6368 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
22:38:31.0137 6368 avgwd - ok
22:38:31.0153 6368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:38:31.0246 6368 AxInstSV - ok
22:38:31.0277 6368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:38:31.0324 6368 b06bdrv - ok
22:38:31.0355 6368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:38:31.0371 6368 b57nd60a - ok
22:38:31.0387 6368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:38:31.0433 6368 BDESVC - ok
22:38:31.0449 6368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:38:31.0511 6368 Beep - ok
22:38:31.0558 6368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:38:31.0636 6368 BFE - ok
22:38:31.0667 6368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:38:31.0699 6368 BITS - ok
22:38:31.0714 6368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:38:31.0714 6368 blbdrive - ok
22:38:31.0745 6368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:38:31.0777 6368 bowser - ok
22:38:31.0792 6368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:38:31.0823 6368 BrFiltLo - ok
22:38:31.0823 6368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:38:31.0839 6368 BrFiltUp - ok
22:38:31.0870 6368 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:38:31.0886 6368 BridgeMP - ok
22:38:31.0917 6368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:38:31.0917 6368 Browser - ok
22:38:31.0948 6368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:38:31.0979 6368 Brserid - ok
22:38:31.0995 6368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:38:32.0026 6368 BrSerWdm - ok
22:38:32.0026 6368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:38:32.0073 6368 BrUsbMdm - ok
22:38:32.0089 6368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:38:32.0104 6368 BrUsbSer - ok
22:38:32.0120 6368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:38:32.0151 6368 BTHMODEM - ok
22:38:32.0182 6368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:38:32.0245 6368 bthserv - ok
22:38:32.0260 6368 catchme - ok
22:38:32.0276 6368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:38:32.0307 6368 cdfs - ok
22:38:32.0338 6368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:38:32.0385 6368 cdrom - ok
22:38:32.0416 6368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:38:32.0463 6368 CertPropSvc - ok
22:38:32.0494 6368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:38:32.0510 6368 circlass - ok
22:38:32.0525 6368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:38:32.0541 6368 CLFS - ok
22:38:32.0635 6368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:38:32.0666 6368 clr_optimization_v2.0.50727_32 - ok
22:38:32.0744 6368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:38:32.0775 6368 clr_optimization_v2.0.50727_64 - ok
22:38:32.0822 6368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:38:32.0853 6368 clr_optimization_v4.0.30319_32 - ok
22:38:32.0853 6368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:38:32.0869 6368 clr_optimization_v4.0.30319_64 - ok
22:38:32.0900 6368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:38:32.0915 6368 CmBatt - ok
22:38:32.0931 6368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:38:32.0947 6368 cmdide - ok
22:38:32.0978 6368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:38:33.0009 6368 CNG - ok
22:38:33.0025 6368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:38:33.0040 6368 Compbatt - ok
22:38:33.0071 6368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:38:33.0118 6368 CompositeBus - ok
22:38:33.0118 6368 COMSysApp - ok
22:38:33.0149 6368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:38:33.0165 6368 crcdisk - ok
22:38:33.0212 6368 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:38:33.0243 6368 CryptSvc - ok
22:38:33.0274 6368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:38:33.0321 6368 DcomLaunch - ok
22:38:33.0337 6368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:38:33.0383 6368 defragsvc - ok
22:38:33.0415 6368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:38:33.0477 6368 DfsC - ok
22:38:33.0508 6368 [ 867FA8B9E9E3078F68C4089904BBF4B0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
22:38:33.0539 6368 dgderdrv - ok
22:38:33.0571 6368 [ 1F7BACA7D1DD1B3D73B4C3934148FAD3 ] dgdersvc C:\Windows\SysWOW64\dgdersvc.exe
22:38:33.0586 6368 dgdersvc - ok
22:38:33.0602 6368 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
22:38:33.0633 6368 dg_ssudbus - ok
22:38:33.0664 6368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:38:33.0727 6368 Dhcp - ok
22:38:33.0758 6368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:38:33.0789 6368 discache - ok
22:38:33.0805 6368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:38:33.0805 6368 Disk - ok
22:38:33.0851 6368 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
22:38:33.0867 6368 DNE - ok
22:38:33.0898 6368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:38:33.0961 6368 Dnscache - ok
22:38:33.0992 6368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:38:34.0054 6368 dot3svc - ok
22:38:34.0085 6368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:38:34.0163 6368 DPS - ok
22:38:34.0179 6368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:38:34.0195 6368 drmkaud - ok
22:38:34.0257 6368 dtpd - ok
22:38:34.0319 6368 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:38:34.0351 6368 DXGKrnl - ok
22:38:34.0382 6368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:38:34.0413 6368 EapHost - ok
22:38:34.0507 6368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:38:34.0569 6368 ebdrv - ok
22:38:34.0600 6368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:38:34.0600 6368 EFS - ok
22:38:34.0663 6368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:38:34.0725 6368 ehRecvr - ok
22:38:34.0756 6368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:38:34.0803 6368 ehSched - ok
22:38:34.0850 6368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:38:34.0865 6368 elxstor - ok
22:38:34.0897 6368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:38:34.0928 6368 ErrDev - ok
22:38:34.0959 6368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:38:34.0990 6368 EventSystem - ok
22:38:35.0021 6368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:38:35.0037 6368 exfat - ok
22:38:35.0053 6368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:38:35.0099 6368 fastfat - ok
22:38:35.0131 6368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:38:35.0177 6368 Fax - ok
22:38:35.0193 6368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:38:35.0209 6368 fdc - ok
22:38:35.0240 6368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:38:35.0271 6368 fdPHost - ok
22:38:35.0271 6368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:38:35.0318 6368 FDResPub - ok
22:38:35.0349 6368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:38:35.0349 6368 FileInfo - ok
22:38:35.0365 6368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:38:35.0411 6368 Filetrace - ok
22:38:35.0427 6368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:38:35.0443 6368 flpydisk - ok
22:38:35.0474 6368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:38:35.0489 6368 FltMgr - ok
22:38:35.0536 6368 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:38:35.0552 6368 FontCache - ok
22:38:35.0614 6368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:38:35.0630 6368 FontCache3.0.0.0 - ok
22:38:35.0661 6368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:38:35.0677 6368 FsDepends - ok
22:38:35.0708 6368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:38:35.0723 6368 Fs_Rec - ok
22:38:35.0755 6368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:38:35.0770 6368 fvevol - ok
22:38:35.0801 6368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:38:35.0801 6368 gagp30kx - ok
22:38:35.0864 6368 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
22:38:35.0895 6368 getPlusHelper - ok
22:38:35.0942 6368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:38:36.0004 6368 gpsvc - ok
22:38:36.0020 6368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:38:36.0082 6368 hcw85cir - ok
22:38:36.0113 6368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:38:36.0160 6368 HDAudBus - ok
22:38:36.0176 6368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:38:36.0191 6368 HidBatt - ok
22:38:36.0223 6368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:38:36.0254 6368 HidBth - ok
22:38:36.0269 6368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:38:36.0285 6368 HidIr - ok
22:38:36.0301 6368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:38:36.0347 6368 hidserv - ok
22:38:36.0379 6368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:38:36.0394 6368 HidUsb - ok
22:38:36.0425 6368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:38:36.0457 6368 hkmsvc - ok
22:38:36.0488 6368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:38:36.0519 6368 HomeGroupListener - ok
22:38:36.0550 6368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:38:36.0581 6368 HomeGroupProvider - ok
22:38:36.0613 6368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:38:36.0613 6368 HpSAMD - ok
22:38:36.0659 6368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:38:36.0737 6368 HTTP - ok
22:38:36.0769 6368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:38:36.0769 6368 hwpolicy - ok
22:38:36.0800 6368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:38:36.0831 6368 i8042prt - ok
22:38:36.0847 6368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:38:36.0878 6368 iaStorV - ok
22:38:36.0925 6368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:38:36.0956 6368 idsvc - ok
22:38:36.0971 6368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:38:36.0987 6368 iirsp - ok
22:38:36.0987 6368 iked - ok
22:38:37.0049 6368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:38:37.0112 6368 IKEEXT - ok
22:38:37.0159 6368 [ EF75C94792187A143871FBB87611B0B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:38:37.0190 6368 IntcAzAudAddService - ok
22:38:37.0221 6368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:38:37.0221 6368 intelide - ok
22:38:37.0252 6368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:38:37.0268 6368 intelppm - ok
22:38:37.0346 6368 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:38:37.0377 6368 IntuitUpdateService - ok
22:38:37.0393 6368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:38:37.0455 6368 IPBusEnum - ok
22:38:37.0486 6368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:38:37.0549 6368 IpFilterDriver - ok
22:38:37.0580 6368 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:38:37.0627 6368 iphlpsvc - ok
22:38:37.0658 6368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:38:37.0689 6368 IPMIDRV - ok
22:38:37.0705 6368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:38:37.0751 6368 IPNAT - ok
22:38:37.0751 6368 ipsecd - ok
22:38:37.0767 6368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:38:37.0798 6368 IRENUM - ok
22:38:37.0814 6368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:38:37.0814 6368 isapnp - ok
22:38:37.0829 6368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:38:37.0845 6368 iScsiPrt - ok
22:38:37.0923 6368 [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:38:37.0954 6368 ISWKL - ok
22:38:37.0985 6368 [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
22:38:38.0017 6368 IswSvc - ok
22:38:38.0032 6368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:38:38.0032 6368 kbdclass - ok
22:38:38.0063 6368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:38:38.0110 6368 kbdhid - ok
22:38:38.0126 6368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:38:38.0141 6368 KeyIso - ok
22:38:38.0173 6368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:38:38.0173 6368 KSecDD - ok
22:38:38.0219 6368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:38:38.0251 6368 KSecPkg - ok
22:38:38.0266 6368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:38:38.0313 6368 ksthunk - ok
22:38:38.0344 6368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:38:38.0391 6368 KtmRm - ok
22:38:38.0422 6368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:38:38.0469 6368 LanmanServer - ok
22:38:38.0500 6368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:38:38.0547 6368 LanmanWorkstation - ok
22:38:38.0578 6368 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:38:38.0594 6368 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:38:38.0594 6368 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:38:38.0625 6368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:38:38.0672 6368 lltdio - ok
22:38:38.0703 6368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:38:38.0750 6368 lltdsvc - ok
22:38:38.0765 6368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:38:38.0781 6368 lmhosts - ok
22:38:38.0875 6368 [ CC24EAD43A7B1B5E3F38AC6E9CF7FFF2 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
22:38:38.0921 6368 LMIGuardianSvc - ok
22:38:38.0921 6368 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
22:38:38.0937 6368 LMIInfo - ok
22:38:38.0953 6368 [ 49A09A7948529F694353F466C0DE7B8A ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
22:38:38.0968 6368 LMIMaint - ok
22:38:38.0968 6368 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
22:38:38.0984 6368 lmimirr - ok
22:38:38.0984 6368 LMIRfsClientNP - ok
22:38:38.0984 6368 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
22:38:38.0999 6368 LMIRfsDriver - ok
22:38:39.0031 6368 [ 5AAA4186E0558546AF5FAA8EADCA5E35 ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
22:38:39.0046 6368 LogMeIn - ok
22:38:39.0062 6368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:38:39.0077 6368 LSI_FC - ok
22:38:39.0093 6368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:38:39.0109 6368 LSI_SAS - ok
22:38:39.0124 6368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:38:39.0140 6368 LSI_SAS2 - ok
22:38:39.0155 6368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:38:39.0155 6368 LSI_SCSI - ok
22:38:39.0187 6368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:38:39.0218 6368 luafv - ok
22:38:39.0249 6368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:38:39.0265 6368 Mcx2Svc - ok
22:38:39.0265 6368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:38:39.0280 6368 megasas - ok
22:38:39.0296 6368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:38:39.0311 6368 MegaSR - ok
22:38:39.0343 6368 Microsoft SharePoint Workspace Audit Service - ok
22:38:39.0358 6368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:38:39.0389 6368 MMCSS - ok
22:38:39.0421 6368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:38:39.0452 6368 Modem - ok
22:38:39.0483 6368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:38:39.0514 6368 monitor - ok
22:38:39.0530 6368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:38:39.0545 6368 mouclass - ok
22:38:39.0561 6368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:38:39.0592 6368 mouhid - ok
22:38:39.0623 6368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:38:39.0639 6368 mountmgr - ok
22:38:39.0701 6368 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:38:39.0733 6368 MozillaMaintenance - ok
22:38:39.0764 6368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:38:39.0764 6368 mpio - ok
22:38:39.0795 6368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:38:39.0826 6368 mpsdrv - ok
22:38:39.0857 6368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:38:39.0904 6368 MpsSvc - ok
22:38:39.0951 6368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:38:39.0967 6368 MRxDAV - ok
22:38:39.0998 6368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:38:40.0045 6368 mrxsmb - ok
22:38:40.0076 6368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:38:40.0091 6368 mrxsmb10 - ok
22:38:40.0107 6368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:38:40.0123 6368 mrxsmb20 - ok
22:38:40.0169 6368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:38:40.0201 6368 msahci - ok
22:38:40.0216 6368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:38:40.0232 6368 msdsm - ok
22:38:40.0247 6368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:38:40.0263 6368 MSDTC - ok
22:38:40.0294 6368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:38:40.0310 6368 Msfs - ok
22:38:40.0325 6368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:38:40.0357 6368 mshidkmdf - ok
22:38:40.0388 6368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:38:40.0403 6368 msisadrv - ok
22:38:40.0419 6368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:38:40.0466 6368 MSiSCSI - ok
22:38:40.0466 6368 msiserver - ok
22:38:40.0481 6368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:38:40.0513 6368 MSKSSRV - ok
22:38:40.0528 6368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:38:40.0559 6368 MSPCLOCK - ok
22:38:40.0575 6368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:38:40.0622 6368 MSPQM - ok
22:38:40.0653 6368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:38:40.0669 6368 MsRPC - ok
22:38:40.0715 6368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:38:40.0715 6368 mssmbios - ok
22:38:40.0731 6368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:38:40.0762 6368 MSTEE - ok
22:38:40.0762 6368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:38:40.0793 6368 MTConfig - ok
22:38:40.0809 6368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:38:40.0825 6368 Mup - ok
22:38:40.0825 6368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:38:40.0871 6368 napagent - ok
22:38:40.0887 6368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:38:40.0918 6368 NativeWifiP - ok
22:38:40.0965 6368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:38:40.0996 6368 NDIS - ok
22:38:41.0012 6368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:38:41.0043 6368 NdisCap - ok
22:38:41.0043 6368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:38:41.0074 6368 NdisTapi - ok
22:38:41.0105 6368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:38:41.0152 6368 Ndisuio - ok
22:38:41.0183 6368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:38:41.0215 6368 NdisWan - ok
22:38:41.0246 6368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:38:41.0308 6368 NDProxy - ok
22:38:41.0308 6368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:38:41.0355 6368 NetBIOS - ok
22:38:41.0386 6368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:38:41.0464 6368 NetBT - ok
22:38:41.0464 6368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:38:41.0480 6368 Netlogon - ok
22:38:41.0511 6368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:38:41.0542 6368 Netman - ok
22:38:41.0605 6368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:41.0636 6368 NetMsmqActivator - ok
22:38:41.0636 6368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:41.0651 6368 NetPipeActivator - ok
22:38:41.0698 6368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:38:41.0761 6368 netprofm - ok
22:38:41.0761 6368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:41.0761 6368 NetTcpActivator - ok
22:38:41.0776 6368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:41.0776 6368 NetTcpPortSharing - ok
22:38:41.0792 6368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:38:41.0807 6368 nfrd960 - ok
22:38:41.0839 6368 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:38:41.0917 6368 NlaSvc - ok
22:38:41.0932 6368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:38:41.0963 6368 Npfs - ok
22:38:41.0979 6368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:38:41.0995 6368 nsi - ok
22:38:42.0010 6368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:38:42.0057 6368 nsiproxy - ok
22:38:42.0119 6368 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:38:42.0166 6368 Ntfs - ok
22:38:42.0182 6368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:38:42.0213 6368 Null - ok
22:38:42.0431 6368 [ AC8CBE9A0663E88F6429EE5530D5E32B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:38:42.0603 6368 nvlddmkm - ok
22:38:42.0619 6368 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
22:38:42.0634 6368 NVNET - ok
22:38:42.0650 6368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:38:42.0665 6368 nvraid - ok
22:38:42.0697 6368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:38:42.0712 6368 nvstor - ok
22:38:42.0728 6368 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
22:38:42.0743 6368 nvstor64 - ok
22:38:42.0759 6368 [ B9CF28813A6F19DA9776A7E49C61CD6E ] nvsvc C:\Windows\system32\nvvsvc.exe
22:38:42.0775 6368 nvsvc - ok
22:38:42.0790 6368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:38:42.0806 6368 nv_agp - ok
22:38:42.0837 6368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:38:42.0853 6368 ohci1394 - ok
22:38:42.0899 6368 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:38:42.0915 6368 ose - ok
22:38:43.0071 6368 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:38:43.0133 6368 osppsvc - ok
22:38:43.0165 6368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:38:43.0196 6368 p2pimsvc - ok
22:38:43.0211 6368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:38:43.0227 6368 p2psvc - ok
22:38:43.0243 6368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:38:43.0289 6368 Parport - ok
22:38:43.0305 6368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:38:43.0321 6368 partmgr - ok
22:38:43.0336 6368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:38:43.0367 6368 PcaSvc - ok
22:38:43.0399 6368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:38:43.0414 6368 pci - ok
22:38:43.0414 6368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:38:43.0430 6368 pciide - ok
22:38:43.0445 6368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:38:43.0461 6368 pcmcia - ok
22:38:43.0477 6368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:38:43.0492 6368 pcw - ok
22:38:43.0508 6368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:38:43.0555 6368 PEAUTH - ok
22:38:43.0601 6368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:38:43.0617 6368 PerfHost - ok
22:38:43.0695 6368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:38:43.0742 6368 pla - ok
22:38:43.0789 6368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:38:43.0820 6368 PlugPlay - ok
22:38:43.0835 6368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:38:43.0851 6368 PNRPAutoReg - ok
22:38:43.0867 6368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:38:43.0882 6368 PNRPsvc - ok
22:38:43.0898 6368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:38:43.0945 6368 PolicyAgent - ok
22:38:43.0976 6368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:38:44.0007 6368 Power - ok
22:38:44.0038 6368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:38:44.0085 6368 PptpMiniport - ok
22:38:44.0116 6368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:38:44.0147 6368 Processor - ok
22:38:44.0163 6368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:38:44.0194 6368 ProfSvc - ok
22:38:44.0210 6368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:38:44.0225 6368 ProtectedStorage - ok
22:38:44.0257 6368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:38:44.0288 6368 Psched - ok
22:38:44.0319 6368 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:38:44.0319 6368 PxHlpa64 - ok
22:38:44.0366 6368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:38:44.0397 6368 ql2300 - ok
22:38:44.0413 6368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:38:44.0428 6368 ql40xx - ok
22:38:44.0459 6368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:38:44.0475 6368 QWAVE - ok
22:38:44.0491 6368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:38:44.0522 6368 QWAVEdrv - ok
22:38:44.0537 6368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:38:44.0569 6368 RasAcd - ok
22:38:44.0600 6368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:38:44.0615 6368 RasAgileVpn - ok
22:38:44.0631 6368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:38:44.0678 6368 RasAuto - ok
22:38:44.0709 6368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:38:44.0756 6368 Rasl2tp - ok
22:38:44.0771 6368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:38:44.0803 6368 RasMan - ok
22:38:44.0818 6368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:38:44.0849 6368 RasPppoe - ok
22:38:44.0865 6368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:38:44.0881 6368 RasSstp - ok
22:38:44.0896 6368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:38:44.0927 6368 rdbss - ok
22:38:44.0943 6368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:38:44.0959 6368 rdpbus - ok
22:38:44.0974 6368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:38:45.0005 6368 RDPCDD - ok
22:38:45.0021 6368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:38:45.0052 6368 RDPENCDD - ok
22:38:45.0068 6368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:38:45.0099 6368 RDPREFMP - ok
22:38:45.0130 6368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:38:45.0193 6368 RDPWD - ok
22:38:45.0224 6368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:38:45.0255 6368 rdyboost - ok
22:38:45.0286 6368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:38:45.0333 6368 RemoteAccess - ok
22:38:45.0364 6368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:38:45.0395 6368 RemoteRegistry - ok
22:38:45.0395 6368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:38:45.0442 6368 RpcEptMapper - ok
22:38:45.0458 6368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:38:45.0458 6368 RpcLocator - ok
22:38:45.0505 6368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:38:45.0536 6368 RpcSs - ok
22:38:45.0551 6368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:38:45.0598 6368 rspndr - ok
22:38:45.0614 6368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:38:45.0629 6368 SamSs - ok
22:38:45.0661 6368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:38:45.0676 6368 sbp2port - ok
22:38:45.0692 6368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:38:45.0723 6368 SCardSvr - ok
22:38:45.0754 6368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:38:45.0785 6368 scfilter - ok
22:38:45.0832 6368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:38:45.0863 6368 Schedule - ok
22:38:45.0895 6368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:38:45.0926 6368 SCPolicySvc - ok
22:38:45.0957 6368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:38:46.0004 6368 SDRSVC - ok
22:38:46.0035 6368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:38:46.0082 6368 secdrv - ok
22:38:46.0097 6368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:38:46.0113 6368 seclogon - ok
22:38:46.0144 6368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:38:46.0191 6368 SENS - ok
22:38:46.0207 6368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:38:46.0222 6368 SensrSvc - ok
22:38:46.0238 6368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:38:46.0269 6368 Serenum - ok
22:38:46.0316 6368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:38:46.0331 6368 Serial - ok
22:38:46.0363 6368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:38:46.0409 6368 sermouse - ok
22:38:46.0441 6368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:38:46.0487 6368 SessionEnv - ok
22:38:46.0519 6368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:38:46.0565 6368 sffdisk - ok
22:38:46.0581 6368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:38:46.0581 6368 sffp_mmc - ok
22:38:46.0597 6368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:38:46.0612 6368 sffp_sd - ok
22:38:46.0643 6368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:38:46.0643 6368 sfloppy - ok
22:38:46.0675 6368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:38:46.0706 6368 SharedAccess - ok
22:38:46.0737 6368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:38:46.0768 6368 ShellHWDetection - ok
22:38:46.0784 6368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:38:46.0799 6368 SiSRaid2 - ok
22:38:46.0815 6368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:38:46.0831 6368 SiSRaid4 - ok
22:38:46.0846 6368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:38:46.0893 6368 Smb - ok
22:38:46.0924 6368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:38:46.0940 6368 SNMPTRAP - ok
22:38:46.0955 6368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:38:46.0955 6368 spldr - ok
22:38:46.0987 6368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:38:47.0002 6368 Spooler - ok
22:38:47.0111 6368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:38:47.0205 6368 sppsvc - ok
22:38:47.0221 6368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:38:47.0252 6368 sppuinotify - ok
22:38:47.0283 6368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:38:47.0330 6368 srv - ok
22:38:47.0377 6368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:38:47.0408 6368 srv2 - ok
22:38:47.0439 6368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:38:47.0455 6368 srvnet - ok
22:38:47.0470 6368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:38:47.0501 6368 SSDPSRV - ok
22:38:47.0517 6368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:38:47.0533 6368 SstpSvc - ok
22:38:47.0564 6368 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
22:38:47.0611 6368 ssudmdm - ok
22:38:47.0626 6368 [ 29207B1D7FC5692C2FEACF5AAB5DC066 ] ssudnflt C:\Windows\system32\DRIVERS\ssudnflt.sys
22:38:47.0642 6368 ssudnflt - ok
22:38:47.0642 6368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:38:47.0657 6368 stexstor - ok
22:38:47.0704 6368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:38:47.0751 6368 stisvc - ok
22:38:47.0782 6368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:38:47.0782 6368 swenum - ok
22:38:47.0829 6368 [ BA41A448446FDF839A32E27A8DCB7C9D ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
22:38:47.0845 6368 SWGVCSvc - ok
22:38:47.0876 6368 [ 1E036F98E6C780DD7669F516E8BE0CEA ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
22:38:47.0891 6368 SWIPsec - ok
22:38:47.0969 6368 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:38:48.0016 6368 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:38:48.0016 6368 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
22:38:48.0047 6368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:38:48.0094 6368 swprv - ok
22:38:48.0125 6368 [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
22:38:48.0125 6368 SWVNIC - ok
22:38:48.0172 6368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:38:48.0219 6368 SysMain - ok
22:38:48.0250 6368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:38:48.0266 6368 TabletInputService - ok
22:38:48.0297 6368 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
22:38:48.0328 6368 tap0901 - ok
22:38:48.0344 6368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:38:48.0375 6368 TapiSrv - ok
22:38:48.0391 6368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:38:48.0422 6368 TBS - ok
22:38:48.0469 6368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:38:48.0500 6368 Tcpip - ok
22:38:48.0547 6368 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:38:48.0578 6368 TCPIP6 - ok
22:38:48.0609 6368 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:38:48.0656 6368 tcpipreg - ok
22:38:48.0687 6368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:38:48.0734 6368 TDPIPE - ok
22:38:48.0765 6368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:38:48.0781 6368 TDTCP - ok
22:38:48.0812 6368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:38:48.0843 6368 tdx - ok
22:38:48.0859 6368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:38:48.0859 6368 TermDD - ok
22:38:48.0905 6368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:38:48.0968 6368 TermService - ok
22:38:48.0999 6368 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
22:38:48.0999 6368 TFsExDisk - ok
22:38:49.0030 6368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:38:49.0046 6368 Themes - ok
22:38:49.0061 6368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:38:49.0093 6368 THREADORDER - ok
22:38:49.0108 6368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:38:49.0139 6368 TrkWks - ok
22:38:49.0186 6368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:38:49.0249 6368 TrustedInstaller - ok
22:38:49.0280 6368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:38:49.0342 6368 tssecsrv - ok
22:38:49.0373 6368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:38:49.0389 6368 TsUsbFlt - ok
22:38:49.0436 6368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:38:49.0467 6368 tunnel - ok
22:38:49.0483 6368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:38:49.0498 6368 uagp35 - ok
22:38:49.0529 6368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:38:49.0561 6368 udfs - ok
22:38:49.0607 6368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:38:49.0623 6368 UI0Detect - ok
22:38:49.0639 6368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:38:49.0639 6368 uliagpkx - ok
22:38:49.0685 6368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:38:49.0701 6368 umbus - ok
22:38:49.0732 6368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:38:49.0748 6368 UmPass - ok
22:38:49.0779 6368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:38:49.0810 6368 upnphost - ok
22:38:49.0841 6368 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:38:49.0857 6368 USBAAPL64 - ok
22:38:49.0873 6368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:38:49.0919 6368 usbccgp - ok
22:38:49.0951 6368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:38:49.0966 6368 usbcir - ok
22:38:49.0982 6368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:38:49.0997 6368 usbehci - ok
22:38:50.0029 6368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:38:50.0060 6368 usbhub - ok
22:38:50.0075 6368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:38:50.0091 6368 usbohci - ok
22:38:50.0107 6368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:38:50.0122 6368 usbprint - ok
22:38:50.0153 6368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:38:50.0185 6368 usbscan - ok
22:38:50.0200 6368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:38:50.0231 6368 USBSTOR - ok
22:38:50.0278 6368 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:38:50.0309 6368 usbuhci - ok
22:38:50.0341 6368 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
22:38:50.0356 6368 usb_rndisx - ok
22:38:50.0372 6368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:38:50.0419 6368 UxSms - ok
22:38:50.0434 6368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:38:50.0450 6368 VaultSvc - ok
22:38:50.0481 6368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:38:50.0497 6368 vdrvroot - ok
22:38:50.0528 6368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:38:50.0575 6368 vds - ok
22:38:50.0606 6368 [ 70EB327D68D7CEC357B734B0BE5B4A21 ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
22:38:50.0637 6368 vflt - ok
22:38:50.0653 6368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:38:50.0668 6368 vga - ok
22:38:50.0684 6368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:38:50.0731 6368 VgaSave - ok
22:38:50.0762 6368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:38:50.0777 6368 vhdmp - ok
22:38:50.0809 6368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:38:50.0809 6368 viaide - ok
22:38:50.0840 6368 [ 71BF90872B6A7B34A26F4794DDA7AEC3 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
22:38:50.0887 6368 vnet - ok
22:38:50.0902 6368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:38:50.0902 6368 volmgr - ok
22:38:50.0949 6368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:38:50.0980 6368 volmgrx - ok
22:38:51.0027 6368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:38:51.0043 6368 volsnap - ok
22:38:51.0074 6368 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
22:38:51.0089 6368 Vsdatant - ok
22:38:51.0121 6368 vsmon - ok
22:38:51.0152 6368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:38:51.0183 6368 vsmraid - ok
22:38:51.0230 6368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:38:51.0292 6368 VSS - ok
22:38:51.0323 6368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:38:51.0339 6368 vwifibus - ok
22:38:51.0355 6368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:38:51.0386 6368 W32Time - ok
22:38:51.0401 6368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:38:51.0417 6368 WacomPen - ok
22:38:51.0448 6368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:38:51.0526 6368 WANARP - ok
22:38:51.0526 6368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:38:51.0557 6368 Wanarpv6 - ok
22:38:51.0635 6368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:38:51.0682 6368 WatAdminSvc - ok
22:38:51.0760 6368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:38:51.0854 6368 wbengine - ok
22:38:51.0869 6368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:38:51.0885 6368 WbioSrvc - ok
22:38:51.0932 6368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:38:51.0979 6368 wcncsvc - ok
22:38:51.0994 6368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:38:52.0025 6368 WcsPlugInService - ok
22:38:52.0041 6368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:38:52.0057 6368 Wd - ok
22:38:52.0072 6368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:38:52.0088 6368 Wdf01000 - ok
22:38:52.0103 6368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:38:52.0150 6368 WdiServiceHost - ok
22:38:52.0150 6368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:38:52.0166 6368 WdiSystemHost - ok
22:38:52.0213 6368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:38:52.0259 6368 WebClient - ok
22:38:52.0291 6368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:38:52.0337 6368 Wecsvc - ok
22:38:52.0353 6368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:38:52.0384 6368 wercplsupport - ok
22:38:52.0384 6368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:38:52.0415 6368 WerSvc - ok
22:38:52.0431 6368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:38:52.0447 6368 WfpLwf - ok
22:38:52.0462 6368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:38:52.0478 6368 WIMMount - ok
22:38:52.0493 6368 WinDefend - ok
22:38:52.0493 6368 WinHttpAutoProxySvc - ok
22:38:52.0556 6368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:38:52.0618 6368 Winmgmt - ok
22:38:52.0696 6368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:38:52.0759 6368 WinRM - ok
22:38:52.0805 6368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:38:52.0805 6368 WinUsb - ok
22:38:52.0837 6368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:38:52.0868 6368 Wlansvc - ok
22:38:52.0868 6368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:38:52.0899 6368 WmiAcpi - ok
22:38:52.0930 6368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:38:52.0961 6368 wmiApSrv - ok
22:38:52.0977 6368 WMPNetworkSvc - ok
22:38:52.0977 6368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:38:52.0993 6368 WPCSvc - ok
22:38:53.0039 6368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:38:53.0071 6368 WPDBusEnum - ok
22:38:53.0086 6368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:38:53.0133 6368 ws2ifsl - ok
22:38:53.0149 6368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:38:53.0180 6368 wscsvc - ok
22:38:53.0180 6368 WSearch - ok
22:38:53.0273 6368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:38:53.0336 6368 wuauserv - ok
22:38:53.0351 6368 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:38:53.0398 6368 WudfPf - ok
22:38:53.0429 6368 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:38:53.0492 6368 WUDFRd - ok
22:38:53.0523 6368 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:38:53.0554 6368 wudfsvc - ok
22:38:53.0570 6368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:38:53.0601 6368 WwanSvc - ok
22:38:53.0617 6368 ================ Scan global ===============================
22:38:53.0632 6368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:38:53.0679 6368 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:38:53.0695 6368 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:38:53.0710 6368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:38:53.0726 6368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:38:53.0726 6368 [Global] - ok
22:38:53.0726 6368 ================ Scan MBR ==================================
22:38:53.0741 6368 [ 9C479F84F1B2F80F6886F2BC0C306F2E ] \Device\Harddisk0\DR0
22:38:54.0007 6368 \Device\Harddisk0\DR0 - ok
22:38:54.0007 6368 ================ Scan VBR ==================================
22:38:54.0022 6368 [ 103D677B09F8C37BDE4663BADCC817C9 ] \Device\Harddisk0\DR0\Partition1
22:38:54.0022 6368 \Device\Harddisk0\DR0\Partition1 - ok
22:38:54.0053 6368 [ C77A69A047FC4126BD62D316DB8B3D52 ] \Device\Harddisk0\DR0\Partition2
22:38:54.0053 6368 \Device\Harddisk0\DR0\Partition2 - ok
22:38:54.0069 6368 [ 9BC3EC1739A3CA7C1F93F261B743A54E ] \Device\Harddisk0\DR0\Partition3
22:38:54.0085 6368 \Device\Harddisk0\DR0\Partition3 - ok
22:38:54.0085 6368 ============================================================
22:38:54.0085 6368 Scan finished
22:38:54.0085 6368 ============================================================
22:38:54.0085 1228 Detected object count: 3
22:38:54.0085 1228 Actual detected object count: 3
22:39:07.0579 1228 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
22:39:07.0579 1228 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
22:39:07.0594 1228 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:07.0594 1228 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:39:07.0594 1228 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:39:07.0594 1228 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:39:17.0360 6996 Deinitialize success

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shane :: SHANE-PC [administrator]

9/20/2012 10:42:12 PM
mbam-log-2012-09-20 (22-42-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202957
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SFC scan did not find any integrity violations.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/09/2012 11:08:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/09/2012 6:06:20 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: SWIPsec

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/09/2012 11:09:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/09/2012 6:03:40 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-893593170-1733208149-1977151973-1001:
Process 1640 (\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-893593170-1733208149-1977151973-1001
Process 1640 (\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-893593170-1733208149-1977151973-1001\Software\CheckPoint\ISW\Stats

OTL logfile created on: 9/20/2012 11:10:33 PM - Run 2
OTL by OldTimer - Version 3.2.65.0 Folder = C:\Users\Shane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.56% Memory free
6.00 Gb Paging File | 4.43 Gb Available in Paging File | 73.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.79 Gb Total Space | 230.91 Gb Free Space | 50.66% Space Free | Partition Type: NTFS
Drive D: | 9.87 Gb Total Space | 1.47 Gb Free Space | 14.90% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/20 21:17:26 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
PRC - [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2012/03/15 15:02:19 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/12/16 19:28:20 | 002,955,496 | ---- | M] (AG Entertainment Inc) -- C:\Users\Shane\AppData\Local\Audiogalaxy\Audiogalaxy.exe
PRC - [2011/11/09 21:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 21:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/24 23:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Shane\Local Settings\Apps\F.lux\flux.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/13 09:26:01 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/14 11:19:04 | 000,780,288 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\tag.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/01 13:20:06 | 001,014,286 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\avcodec-52.dll
MOD - [2011/03/01 13:20:06 | 000,208,910 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\avformat-52.dll
MOD - [2011/03/01 13:20:06 | 000,082,958 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\avutil-50.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/18 16:28:42 | 000,558,133 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\sqlite3.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Shane\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/05/30 11:11:42 | 000,059,904 | ---- | M] () -- C:\Users\Shane\AppData\Local\Audiogalaxy\zlib1.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/11/03 07:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2009/11/15 11:31:04 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2009/11/15 11:28:44 | 000,948,224 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/11/15 11:26:26 | 000,690,688 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/05 23:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2012/09/13 09:26:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/15 15:02:19 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/17 18:10:12 | 003,313,752 | ---- | M] () [Disabled | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/11/09 21:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/16 18:50:06 | 000,120,712 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2010/09/16 18:50:00 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/31 11:31:10 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Start_Pending] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/24 23:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/14 21:51:24 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/11/03 07:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/07 18:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/17 22:40:06 | 000,019,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudnflt.sys -- (ssudnflt)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/16 18:50:24 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/05/24 23:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/24 23:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2009/11/18 17:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009/11/18 17:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009/08/13 04:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/05 23:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2009/03/04 18:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/05/24 23:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/05/24 23:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2AA4E381-EE6F-4C66-AA85-61286D7AB482}
IE:64bit: - HKLM\..\SearchScopes\{2AA4E381-EE6F-4C66-AA85-61286D7AB482}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {2AA4E381-EE6F-4C66-AA85-61286D7AB482}
IE - HKLM\..\SearchScopes\{2AA4E381-EE6F-4C66-AA85-61286D7AB482}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://advancedtx.com/
IE - HKCU\..\SearchScopes,DefaultScope = {2AA4E381-EE6F-4C66-AA85-61286D7AB482}
IE - HKCU\..\SearchScopes\{2AA4E381-EE6F-4C66-AA85-61286D7AB482}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.6.2
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.8
FF - prefs.js..extensions.enabledAddons: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledAddons: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.7
FF - prefs.js..extensions.enabledAddons: {7EE8902C-75BE-4286-A6CE-0C483607A322}:2.0.0
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
FF - prefs.js..extensions.enabledAddons: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.6.3
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4
FF - prefs.js..extensions.enabledAddons: {D21D77F3-C7A9-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/09 10:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 09:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/14 00:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/13 09:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/20 21:19:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D21D77F3-C7A9-11E1-8270-B8AC6F996F26}: C:\Users\Shane\AppData\Local\{D21D77F3-C7A9-11E1-8270-B8AC6F996F26}\ [2012/07/06 13:33:28 | 000,000,000 | ---D | M]

[2010/06/10 22:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Extensions
[2012/09/14 13:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions
[2012/01/05 10:03:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/03/22 13:32:00 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/08/02 14:56:04 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2010/06/10 23:09:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/05/21 17:09:02 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2012/07/18 04:36:42 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2011/08/11 09:08:32 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2011/08/04 10:05:10 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\[email protected]
[2011/07/17 11:14:32 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2011/08/16 18:45:02 | 000,059,893 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}.xpi
[2011/08/16 14:05:34 | 000,010,884 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{7EE8902C-75BE-4286-A6CE-0C483607A322}.xpi
[2012/06/03 17:22:07 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2011/09/06 19:31:28 | 000,004,550 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}.xpi
[2012/08/22 20:13:01 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/05/10 17:43:34 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2012/07/24 16:21:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/23 09:48:06 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/09/14 13:29:17 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\w2352h5m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/13 09:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/06 13:33:28 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\SHANE\APPDATA\LOCAL\{D21D77F3-C7A9-11E1-8270-B8AC6F996F26}
[2012/09/13 09:26:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/28 10:51:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/28 10:51:40 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Shane\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Shane\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: AVG Safe Search = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.7_0\
CHR - Extension: Gmail = C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/20 22:27:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Audiogalaxy] C:\Users\Shane\AppData\Local\Audiogalaxy\Audiogalaxy.exe (AG Entertainment Inc)
O4 - HKCU..\Run: [F.lux] C:\Users\Shane\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{154C2789-C10D-4BF8-A22D-621B67D7108F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99F55DF7-8C43-464C-A8A9-FA3F847467CB}: DhcpNameServer = 192.168.5.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe - (Hewlett-Packard Company)
MsConfig:64bit - StartUpFolder: C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GmoteServer.lnk - C:\Program Files (x86)\GmoteServer\GmoteServer.exe - ()
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: camint - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HP Remote Solution - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpsysdrv - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig:64bit - StartUpReg: PC-Doctor for Windows localizer - hkey= - key= - C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
MsConfig:64bit - StartUpReg: rdscs - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Spark - hkey= - key= - C:\Program Files (x86)\Spark\Spark.exe (Jive Software)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: atashost - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 23:02:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/20 22:41:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/20 22:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 22:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/20 22:40:41 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shane\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/20 22:35:55 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shane\Desktop\tdsskiller.exe
[2012/09/20 22:27:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/20 22:17:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/20 22:17:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/20 22:17:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/20 22:17:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/20 22:17:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/20 22:02:34 | 004,754,290 | R--- | C] (Swearware) -- C:\Users\Shane\Desktop\ComboFix.exe
[2012/09/20 21:25:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Shane\Desktop\aswMBR.exe
[2012/09/20 21:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/20 21:17:23 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
[2012/09/20 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\Shane\Desktop\t_files
[2012/09/14 22:15:57 | 000,000,000 | ---D | C] -- C:\Users\Shane\Desktop\VPNetMon_W7_2012
[2012/09/14 21:51:29 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/09/14 21:51:29 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IPVanish.com
[2012/09/13 09:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/11 21:15:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rndismpx.sys
[2012/09/11 21:15:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/11 21:15:52 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/11 21:15:51 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/11 21:15:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/01/11 14:48:23 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_635.exe
[2011/11/10 13:09:19 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_626.exe
[2011/04/12 16:24:58 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_540.exe
[2010/06/17 14:09:16 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_533.exe
[2010/06/16 09:02:39 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_438.exe
[2010/06/14 09:22:11 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Shane\gotomypc_437.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/20 23:13:26 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 23:13:26 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 23:07:24 | 000,061,440 | ---- | M] ( ) -- C:\Users\Shane\Desktop\VEW.exe
[2012/09/20 23:04:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/20 23:04:40 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 23:01:56 | 004,009,167 | ---- | M] () -- C:\Users\Shane\Desktop\ServicesRepair.exe
[2012/09/20 22:40:45 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shane\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/20 22:36:00 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shane\Desktop\tdsskiller.exe
[2012/09/20 22:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-893593170-1733208149-1977151973-1001UA.job
[2012/09/20 22:27:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 22:02:49 | 004,754,290 | R--- | M] (Swearware) -- C:\Users\Shane\Desktop\ComboFix.exe
[2012/09/20 22:00:21 | 000,000,512 | ---- | M] () -- C:\Users\Shane\Desktop\MBR.dat
[2012/09/20 21:25:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Shane\Desktop\aswMBR.exe
[2012/09/20 21:17:26 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
[2012/09/20 21:15:05 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/20 21:15:05 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/20 21:11:11 | 000,166,437 | ---- | M] () -- C:\Users\Shane\Desktop\t.htm
[2012/09/20 17:01:29 | 000,002,058 | -H-- | M] () -- C:\Users\Shane\Documents\Default.rdp
[2012/09/20 09:31:44 | 095,346,364 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/20 06:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-893593170-1733208149-1977151973-1001Core.job
[2012/09/19 21:02:31 | 000,000,573 | ---- | M] () -- C:\Users\Shane\Desktop\OFC COMP.ahk
[2012/09/19 17:24:06 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/19 17:24:06 | 000,663,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/19 17:24:06 | 000,122,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/18 11:12:25 | 002,905,684 | ---- | M] () -- C:\Users\Shane\Desktop\Rafter - No F_cking Around (Kinetics & One Love Remix).mp3
[2012/09/17 18:16:26 | 000,424,138 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/14 21:51:29 | 000,000,326 | ---- | M] () -- C:\Users\Shane\Desktop\IPVanish.appref-ms
[2012/09/14 21:51:29 | 000,000,326 | ---- | M] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\IPVanish.appref-ms
[2012/09/14 21:51:24 | 000,031,232 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/09/13 09:31:52 | 000,002,010 | ---- | M] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/31 10:00:47 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/08/22 11:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 11:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 23:07:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Shane\Desktop\VEW.exe
[2012/09/20 23:01:40 | 004,009,167 | ---- | C] () -- C:\Users\Shane\Desktop\ServicesRepair.exe
[2012/09/20 22:17:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/20 22:17:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/20 22:17:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/20 22:17:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/20 22:17:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/20 22:00:21 | 000,000,512 | ---- | C] () -- C:\Users\Shane\Desktop\MBR.dat
[2012/09/20 21:11:09 | 000,166,437 | ---- | C] () -- C:\Users\Shane\Desktop\t.htm
[2012/09/19 21:19:05 | 000,000,573 | ---- | C] () -- C:\Users\Shane\Desktop\OFC COMP.ahk
[2012/09/18 11:12:19 | 002,905,684 | ---- | C] () -- C:\Users\Shane\Desktop\Rafter - No F_cking Around (Kinetics & One Love Remix).mp3
[2012/09/14 21:51:32 | 000,000,326 | ---- | C] () -- C:\Users\Shane\Desktop\IPVanish.appref-ms
[2012/09/14 21:51:32 | 000,000,326 | ---- | C] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\IPVanish.appref-ms
[2012/06/10 17:49:29 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/28 08:42:09 | 000,003,584 | ---- | C] () -- C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 16:00:02 | 000,000,132 | ---- | C] () -- C:\Users\Shane\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/19 12:29:48 | 000,000,132 | ---- | C] () -- C:\Users\Shane\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/05/19 12:05:21 | 000,000,132 | ---- | C] () -- C:\Users\Shane\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/06/12 20:49:33 | 000,000,089 | ---- | C] () -- C:\Users\Shane\userdic.tlx

========== ZeroAccess Check ==========

[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerFedFormset\010.000.4012_msp\v1\N
[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerFedFormset\010.000.4012_msp\v1\N\en-US
[2011/04/07 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerFedFormset\010.000.4227_msp\v1\N
[2011/04/07 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerFedFormset\010.000.4227_msp\v1\N\en-US
[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerReleaseEngine\010.000.0457_msp\v1\N
[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerReleaseEngine\010.000.0457_msp\v1\N\en-US
[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerTaxSupport\010.000.0213_msp\v1\N
[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerTaxSupport\010.000.0213_msp\v1\N\en-US
[2011/04/07 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerTaxSupport\010.000.0214_msp\v1\N
[2011/04/07 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-WinPerTaxSupport\010.000.0214_msp\v1\N\en-US
[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-wrapper\010.000.0157_msp\v1\N
[2011/03/31 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intuit\Common\Update Service\v2\Data\a525e00b6609442e9dcd64453c233e8d\C\C-wrapper\010.000.0157_msp\v1\N\en-US
[2010/08/15 15:27:11 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\LocalLow\Microsoft\Silverlight\is\kmlnwxa5.dcs\evqt30qx.r4q\1\l
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST350041 8AS SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 456.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 489503588352
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/06/10 17:55:56 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Adobe
[2011/05/18 10:49:06 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Adobe Mini Bridge CS5
[2012/03/06 10:46:32 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Amazon
[2012/01/13 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Apple Computer
[2012/06/29 21:29:51 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Audacity
[2010/10/20 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\AVG10
[2011/11/14 00:38:57 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\CheckPoint
[2010/10/04 15:29:16 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\CyberLink
[2012/04/07 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\DivX
[2010/08/05 12:02:48 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\DroidExplorer
[2011/12/13 10:06:36 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Gmote
[2010/06/11 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Hewlett-Packard
[2010/06/11 19:06:15 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\hpqLog
[2011/07/11 15:02:31 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\ICAClient
[2010/06/10 20:15:48 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Identities
[2012/03/06 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\InfraRecorder
[2011/03/31 20:30:33 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Intuit
[2010/06/10 20:17:10 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Macromedia
[2012/07/17 10:56:54 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Malwarebytes
[2009/07/14 00:44:38 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Media Center Programs
[2012/08/17 13:37:29 | 000,000,000 | --SD | M] -- C:\Users\Shane\AppData\Roaming\Microsoft
[2010/08/18 16:37:53 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Mozilla
[2012/06/29 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\NCH Software
[2010/06/14 10:36:25 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\NCH Swift Sound
[2012/01/19 12:17:24 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Nero
[2012/06/10 17:49:19 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\NVIDIA
[2012/06/10 17:49:29 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\PACE Anti-Piracy
[2010/06/10 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\PictureMover
[2012/09/17 09:14:45 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\PrimoPDF
[2010/08/04 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Samsung
[2011/05/02 12:07:25 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\SonicWALL
[2011/05/18 10:49:06 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/20 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\uTorrent
[2012/02/07 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\webex

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/10/05 23:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/05 23:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/05 23:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/05 22:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 06:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/20 06:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 06:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 06:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010/11/20 06:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/13 09:26:01 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/13 09:26:01 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/13 09:26:01 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Shane\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Shane\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Shane\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Shane\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/05 19:30:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/05 19:30:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/05 19:30:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/09/13 09:26:01 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/09/13 09:26:01 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/09/13 09:26:01 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/09/13 09:26:01 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\SHANE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\SHANE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\SHANE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\SHANE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/05 19:30:50 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/05 19:30:50 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/05 19:30:50 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 18:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 9/20/2012 11:10:33 PM - Run 2
OTL by OldTimer - Version 3.2.65.0 Folder = C:\Users\Shane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.56% Memory free
6.00 Gb Paging File | 4.43 Gb Available in Paging File | 73.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.79 Gb Total Space | 230.91 Gb Free Space | 50.66% Space Free | Partition Type: NTFS
Drive D: | 9.87 Gb Total Space | 1.47 Gb Free Space | 14.90% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DE9E18-FB36-478B-B780-BE561A779B38}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{13705CC8-DEF9-4EDF-AFF3-E9B29A8814AB}" = lport=63397 | protocol=6 | dir=in | name=akamai netsession interface |
"{239B51C4-52F6-413C-804E-7A988645083F}" = rport=139 | protocol=6 | dir=out | app=system |
"{29164AA2-0017-41B0-AE86-C108F2D69B12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E08C4F1-7734-457B-B81F-B396AE0BAD0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FAC4193-4C2C-49D3-9013-645114A04632}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{314ABE41-1810-468E-910B-B3DE91EA0ED7}" = lport=138 | protocol=17 | dir=in | app=system |
"{3A54D9A7-068A-4F5E-BA2A-CA4FFAE11C3B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3B793CBA-972D-48D4-B435-3A8BC04458EF}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{411E0330-9E6A-4589-B509-FC5CA8E16600}" = lport=2869 | protocol=6 | dir=in | app=system |
"{417E89CA-E9A2-4588-87DB-A14C7B390AEA}" = rport=137 | protocol=17 | dir=out | app=system |
"{45BE99E9-4FE6-4BB4-920B-A86E8844BD33}" = lport=49431 | protocol=6 | dir=in | name=akamai netsession interface |
"{45DC12F7-930D-46FA-951E-4F8A602A85F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46DFCEF0-482A-4F32-BDA2-0530211AFC8D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{47757B93-CF51-4D49-AD42-82E7BD61BECB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48CD827C-8F47-49ED-96B9-4B2F403657BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B0FE258-BC16-4A20-B3BB-51F294E40D5E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57806EF9-1269-400E-9169-7B13A558D153}" = rport=138 | protocol=17 | dir=out | app=system |
"{5809647F-7023-40CA-9262-C35507B9B4A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FB7243D-846F-4BA4-85E1-4E7B84C764AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{601D5C7F-9743-4205-9224-46ABD9FA4F5B}" = rport=137 | protocol=17 | dir=out | app=system |
"{68D33805-000E-4F55-A5FA-63490EB8E550}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71E7D733-C7F3-440A-826A-7974BFE1876A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7B15E1C1-B1AF-4E4B-89E0-E2733634002F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B18428F-63C6-4E1C-81E2-008BC4F1423D}" = rport=138 | protocol=17 | dir=out | app=system |
"{80C0F5BF-DC80-4270-832A-C2D482929CCC}" = lport=138 | protocol=17 | dir=in | app=system |
"{85D2505E-7D75-4A13-9637-FB613FC312C0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8C6E3168-D75D-4FAD-BAE1-BC5345AA0ADC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8D67C485-1A2F-4AB8-A93D-75C85E90322F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DC51FE7-B5DE-47BD-9FAC-3CAB516147DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F34C882-1FCF-4A7B-9332-658DB78C0EED}" = lport=445 | protocol=6 | dir=in | app=system |
"{9C345E6F-C5D3-4683-AAE5-77236B44F5A0}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F3A0063-200C-483B-AE57-35ACE6A93FA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A112C893-F38B-4F95-8C0D-4D16298A7B6C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A412712D-53CC-4E6F-9F8C-A3F873AD9836}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAA3C4C9-3B87-4AD2-BF7A-05739E213BF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B795D4AB-4FB6-41CB-90CC-121FBD1A48FB}" = lport=137 | protocol=17 | dir=in | app=system |
"{BD64A843-62DA-4200-A3EA-58B9AC650827}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8C8081D-232E-478E-B6D3-2039D4923E02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE187FCA-326B-424F-94A5-D6F55CFC6EFA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D5757FA8-D25B-46F5-8D96-BFC49650A7BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{D58BBCB9-49CE-44FE-A81D-51AF19312904}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0FFF629-EF26-45F4-BE8D-39A0BEAA89F0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FB56E2B8-E656-4584-8A7E-38559B382DEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FCD82EF2-BBAD-46FD-8D4E-622962CA07B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC9C67F-433D-4E7F-8768-167D5B5922FB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{0FE23F03-5DC3-46A1-808F-CE96E069E714}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{13C7BE97-CEAD-42C3-9CB2-9B96D6A87E24}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1DDBC005-5567-437B-8F9E-6BF3C2C661D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{1DEA8465-FD97-484D-A096-962B591A58A6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1E0C4B6F-6B13-46D6-A463-47C8CD851187}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{1EE9D1E2-9724-4935-B681-6135F97F9CD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22783464-CD75-4D79-BA15-FC2A951FA201}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25C0DB8E-AB37-405E-BAF0-491C8C0358AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{290A0E47-153E-4DF6-AD4F-FEA60537B6D7}" = protocol=1 | dir=out | [email protected],-28544 |
"{29B1D67A-E601-4A30-98B2-29BCD37992DD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{2CFBAC55-9504-43A5-AEB8-4A9DD6EA0A51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{2E0899E9-4AD9-49FC-9DC3-4AF7BFF510AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{2E0CEC4C-4204-44A5-8F55-C3311B80C29D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{32F13905-B1D9-46A2-8C09-C782E202B0E8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34191576-6139-4BCC-9957-38CB7AF9D313}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34DEE1A3-D376-4648-8B4D-A107E765B494}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37E1D78A-35E1-4AE3-84D6-5ACFB988F3E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3DA393B8-257E-4579-8EB1-F3859DCEAB68}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{43B3A04F-C25D-4A63-B925-88D3455F2437}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4EE6DCF3-CA14-49B6-9782-BD0C950309D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51257B4E-FFEF-49F3-9A6E-D6F3B4A23C58}" = protocol=1 | dir=out | [email protected],-28544 |
"{556F8F14-5F14-4794-BA38-4DBF89D01B71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{573931C6-F454-4B23-AC18-FA0A6968FA0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{58B49A69-FA12-4082-9D81-E4CFBFD6C511}" = protocol=6 | dir=out | app=system |
"{5A1BA332-C122-4ED3-8612-699ADC3E824E}" = protocol=58 | dir=in | [email protected],-28545 |
"{64C0C261-F24F-47DF-8CAA-8938F7F581D2}" = protocol=58 | dir=out | [email protected],-28546 |
"{6A6C09FE-B1EF-47C5-8CCC-0AAA66A5D62D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{7991F9B5-1CB1-4F9B-9224-E366E2ED9860}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{79EAD437-0C0F-41E2-ADB3-5962C54653BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC024D1-229C-4E20-AF61-7BFF36F54E63}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{8186FAE3-B92B-452F-8C53-9349A1C4E7D9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{869E95E8-75FC-4092-84AC-D52401D44780}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{8765C04B-7B89-4EEB-808A-2B32B3605C48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90F02906-0074-4877-87AD-FED2D06E5160}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92FCEE67-DC4F-4356-809A-EB51ECCDD3B7}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{9D7492D6-DC45-4980-879E-119B9CE8F5D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0304872-33B5-4DDB-95B3-45E01004F771}" = protocol=1 | dir=in | [email protected],-28543 |
"{A5CAB3E0-23BE-4355-97AF-57B3158EB0B8}" = protocol=58 | dir=in | [email protected],-28545 |
"{A6504B35-9A29-445A-A914-C975F1995E54}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{A6765390-C38D-4DCE-AB69-748473EED353}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{AD00522A-F612-42F8-BD2C-B305CEB55E39}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{B5052542-A8AC-4114-9B9F-F25E391359B8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{BEF153A2-96C2-4884-93FF-362DB597E227}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C67343FC-AB85-484C-BB9B-22E0769DD849}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C866234B-94BB-44A3-88B7-B30B400E5FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C8F591B5-2574-4095-BEDA-91449BC5E3A5}" = protocol=58 | dir=out | [email protected],-28546 |
"{C90D37A0-A201-40B7-B7D5-3FCB08D43326}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{CB82EFD1-4A05-4DC1-B8EF-E1F3E5FD421C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{CEE92D30-4AB3-4C69-AB63-7FC89B278EC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D068BE68-67E7-4EA4-83FC-411CFB3EF5F1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DC66ABD5-3A63-4C52-9170-F179B4D3A430}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DE05D6C6-A803-4EF2-AEE5-832E46BA28ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFB3576B-5151-4A1D-96E8-7C9EF40BAF1E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F3B49E80-0C70-4D6A-9F22-5BCF8787EA08}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{F46AD926-EA55-4C1F-BF9D-059ECF2FBCC3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F7D58802-FBD4-4F83-A8D6-1A8B045B0E35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FACC927A-7A1C-4BE9-881D-2DAF420F56F8}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{25BF84AE-8A9B-4350-A570-1736CC20B7C8}C:\program files (x86)\spark\spark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spark\spark.exe |
"TCP Query User{4F734278-999C-4095-B42A-B2B9A92F5C1C}C:\users\shane\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\shane\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A0F4C0EF-7C1A-44F9-9C78-731B277792C9}C:\program files (x86)\spark\spark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spark\spark.exe |
"TCP Query User{D3B6105C-B017-4D3D-B857-4DB025C12E30}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0B6C4CC3-462B-4FAD-A034-5E497573C0C5}C:\program files (x86)\spark\spark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spark\spark.exe |
"UDP Query User{1E5E989E-2E01-4373-805B-81887C1F2EEF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{B2853911-EAFD-4B8D-9305-EF6A1E335CC9}C:\program files (x86)\spark\spark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spark\spark.exe |
"UDP Query User{D5A751D6-2061-4C5E-95C3-BAC7D7E61622}C:\users\shane\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\shane\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{122CFA16-E9CF-488D-9D4E-60D81F619724}" = AVG 2011
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0914-000001000000}" = 7-Zip 9.14 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}" = HP Deskjet 2050 J510 series Basic Device Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}" = SonicWALL Global VPN Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21 (64-bit)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{902DCF72-EB95-4154-A81B-81000969927E}" = AVG 2011
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2720566F-51F4-4581-BC78-8BBF1D34986F}" = WebEx One-Click Meeting
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E33E2A-4F19-4DBC-B0BE-E165DFC9DFD8}" = FreeDocumentViewer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7962FC39-62AF-4FFC-8F6A-7A01341C9659}" = LogMeIn
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E82097B9-A3B8-404A-9A92-AC16A8AC9576}" = Adobe After Effects CS5.5
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA4FFFE4-0517-46AC-A19B-A8013985F766}" = Microsoft Live Search Toolbar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38A7704-2D05-4F7D-B64A-1C716C77EAC2}" = AIO Captivate Toolbox
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"AC3Filter_is1" = AC3Filter 1.63b
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AutoHotkey" = AutoHotkey 1.0.48.05
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"Express" = Express Dictate
"HaaliMkx" = Haali Media Splitter
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PS3 Media Server" = PS3 Media Server
"RocketDock_is1" = RocketDock 1.3.5
"Scribe" = Express Scribe
"Spark 2.5.8" = Spark 2.5.8
"ToneGen" = NCH Tone Generator
"TurboTax 2010" = TurboTax 2010
"UltraISO_is1" = UltraISO Premium V9.52
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm Free" = ZoneAlarm Free

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"80030f8e66f1b450" = IPVanish
"Akamai" = Akamai NetSession Interface
"Audiogalaxy" = Audiogalaxy
"Flux" = F.lux
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 6/11/2010 9:56:17 PM | Computer Name = Shane-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ System Events ]
Error - 9/21/2012 2:06:20 AM | Computer Name = Shane-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SWIPsec

< End of report >

Farbar Service Scanner Version: 19-09-2012
Ran by Shane (administrator) on 20-09-2012 at 23:25:53
Running from "C:\Users\Shane\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#4
RKinner

Posted 21 September 2012 - 01:30 AM

Malware Expert

Expert
24,625 posts

Are you still getting redirected?

#5
JimmiesRustled

Posted 21 September 2012 - 10:07 AM

New Member

Topic Starter
Member
4 posts

Unfortunately, yes. I just clicked a CNet link from Google and was taken to a website called batteriesandbutter first.

#6
RKinner

Posted 21 September 2012 - 11:03 AM

Malware Expert

Expert
24,625 posts

Try running Firefox in Safe Mode. http://support.mozil...using-safe-mode

This will temporarily turn off all of your add-0ns. You have too many for me to go through them. See if you still get redirected.

If that stops it then one of the add-ons is at fault. Go back in and turn on a few at a time until you find the culprit.

If that doesn't help then how do you connect to the internet? Is there a separate DSL or Cable modem and also a router? Are you using wireless or wired? IF wireless are you using encryption? WEP or WPA/WPA2?

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

netsh  -c  interface  dump  >  \junk.txt

Attach the file c:\junk.txt to your next post.

#7
JimmiesRustled

Posted 21 September 2012 - 11:34 AM

New Member

Topic Starter
Member
4 posts

You might be on to something with the Firefox extensions. I've been running FF in safe mode for a little while now and have yet to been redirected. I'm going to test this out for a bit more, and if I still don't get redirected then I'll go through and uninstall all my extensions and slowly add just the most important ones back one by one, and try to pin down the problem.