Edited by biggy c, 27 March 2013 - 05:39 PM.
svchost (LocalService) downloading files continuously to C: drive
Started by
biggy c
, Mar 27 2013 05:37 PM
#1
Posted 27 March 2013 - 05:37 PM
#2
Posted 28 March 2013 - 10:30 AM
Go in to Safe Mode with Networking:
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)
In IE, Tools, Internet Options then hit the Delete button under Browsing History. Uncheck anything you want to keep like Passwords and Cookies then Delete. (Usually takes a while to do its thing.) Now under Browsing History click on Settings. Then change where it says: Disk Space to Use ... to 50 then OK.
Also in IE, Tools, Manage Addons. Click on each currently loaded add-on under Toolbars and Extensions and Disable. Close IE.
Do Disk Cleanup. Don not let it compress your drive.
Disk Cleanup in XP:
http://support.microsoft.com/kb/310312
Disk Cleanup in Vista/Win 7:
http://windows.micro...ng-disk-cleanup
Now see if you can get OTL to run.
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)
In IE, Tools, Internet Options then hit the Delete button under Browsing History. Uncheck anything you want to keep like Passwords and Cookies then Delete. (Usually takes a while to do its thing.) Now under Browsing History click on Settings. Then change where it says: Disk Space to Use ... to 50 then OK.
Also in IE, Tools, Manage Addons. Click on each currently loaded add-on under Toolbars and Extensions and Disable. Close IE.
Do Disk Cleanup. Don not let it compress your drive.
Disk Cleanup in XP:
http://support.microsoft.com/kb/310312
Disk Cleanup in Vista/Win 7:
http://windows.micro...ng-disk-cleanup
Now see if you can get OTL to run.
#3
Posted 28 March 2013 - 08:12 PM
I actually started deleting C:/Windows/System32/config/systemprofile/AppData/Local before your post. It took some hours, but it was successful save a couple files (index.dat and others). After that I ran OTL and it was successful. Here's the log:
OTL logfile created on: 3/28/2013 9:39:18 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 25.75% Memory free
7.25 Gb Paging File | 4.37 Gb Available in Paging File | 60.31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 26.20 Gb Free Space | 32.74% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 15.36 Gb Free Space | 3.98% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 440.20 Gb Free Space | 23.63% Space Free | Partition Type: NTFS
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/03/15 17:29:12 | 001,632,680 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\steam.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/09/19 20:38:54 | 002,686,976 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.127\deploy\LoLLauncher.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/11/11 00:24:57 | 001,294,336 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2010/09/08 17:56:04 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- G:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.254\deploy\LolClient.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/15 17:29:10 | 000,990,120 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/14 21:19:02 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/12 17:10:10 | 000,649,216 | ---- | M] () -- D:\Program Files\Steam\sdl2.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/09/19 20:38:54 | 002,686,976 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.127\deploy\LoLLauncher.exe
MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd
MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll
MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd
MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd
MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd
MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd
MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd
MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd
MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd
MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll
MOD - [2011/11/11 00:24:57 | 001,294,336 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- D:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2013/03/25 16:56:45 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/09 17:01:38 | 000,062,720 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\200429017a5e0442.sys -- (200429017a5e0442)
SRV - [2013/02/09 17:00:36 | 000,200,704 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454}\syshost.exe -- (syshost32)
SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2013/02/09 17:01:38 | 000,062,720 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\200429017a5e0442.sys -- (200429017a5e0442)
DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/06 14:21:39 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\utqymjgy.sys -- (utqymjgy)
DRV - [2010/07/04 16:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\vmm.sys -- (vmm)
DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 15:18:53 | 000,245,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/11/02 15:15:59 | 000,258,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vpchbus.sys -- (vpcbus)
DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vpcusb.sys -- (vpcusb)
DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vm3dmp.sys -- (vm3dmp)
DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 22:19:11 | 000,297,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 22:19:11 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/13 22:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,159,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 22:19:10 | 000,053,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp)
DRV - [2009/07/13 22:19:10 | 000,053,312 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,032,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:17:06 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:55:02 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6)
DRV - [2009/07/13 20:55:02 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (WANARP)
DRV - [2009/07/13 20:55:02 | 000,016,384 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 20:53:51 | 000,009,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 20:52:02 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 20:51:31 | 000,075,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2009/07/13 20:51:23 | 000,080,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2009/07/13 20:51:19 | 000,074,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/07/13 20:51:18 | 000,086,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2009/07/13 20:51:14 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2009/07/13 20:51:14 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/07/13 20:51:10 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2009/07/13 20:50:45 | 000,132,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV - [2009/07/13 20:50:17 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2009/07/13 20:46:53 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 20:25:51 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 20:25:49 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga)
DRV - [2009/07/13 20:19:17 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 20:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/19 07:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\V0510Vid.sys -- (V0510Dev)
DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma)
DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}: "URL" = http://www.dealio.co...d={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/16 21:44:16 | 000,000,000 | ---D | M]
[2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O1 HOSTS File: ([2013/03/28 21:37:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2013/03/02 14:12:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Perforce
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/28 21:13:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/28 12:13:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 00:10:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/03/26 07:42:16 | 000,730,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/26 07:42:16 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013/03/26 07:42:16 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013/03/26 07:42:15 | 000,151,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/26 07:05:02 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 07:05:01 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 07:49:42 | 000,002,100 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel
[2013/02/27 01:25:06 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- C:\procmon.chm
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm
[2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2013/02/09 17:01:38 | 000,062,720 | ---- | C] () -- C:\Windows\System32\drivers\200429017a5e0442.sys
[2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc
[2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/06/25 19:32:06 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\tap0901t.sys
[2012/06/14 11:00:28 | 000,196,064 | ---- | C] () -- C:\Windows\System32\drivers\windrvr6.sys
[2012/06/13 17:04:09 | 000,073,032 | ---- | C] () -- C:\Windows\System32\drivers\ftser2k.sys
[2012/06/13 17:04:09 | 000,060,104 | ---- | C] () -- C:\Windows\System32\drivers\ftdibus.sys
[2012/05/31 23:19:44 | 011,354,944 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini
[2012/03/15 19:43:52 | 000,044,784 | ---- | C] () -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/03/08 23:54:29 | 003,921,448 | ---- | C] () -- C:\Windows\System32\drivers\RTKVHDA.sys
[2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/01/13 23:06:14 | 000,361,032 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/13 23:06:14 | 000,054,232 | ---- | C] () -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/13 23:06:14 | 000,021,256 | ---- | C] () -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/13 23:06:13 | 000,738,504 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini
[2011/06/14 14:26:23 | 000,047,616 | ---- | C] () -- C:\Windows\System32\drivers\Haspnt.sys
[2011/06/14 14:26:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\haspvdd.dll
[2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/06/14 14:26:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2011/06/14 14:26:16 | 000,049,664 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL
[2011/06/14 14:26:16 | 000,018,432 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL
[2011/06/14 14:26:13 | 000,020,032 | R--- | C] () -- C:\Windows\System32\drivers\SNTNLUSB.SYS
[2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2011/06/14 00:40:18 | 000,693,760 | ---- | C] () -- C:\Windows\System32\drivers\hardlock.sys
[2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe
[2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/20 16:16:37 | 000,728,448 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011/05/20 16:16:37 | 000,219,008 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/05/20 16:16:37 | 000,107,520 | ---- | C] () -- C:\Windows\System32\cdd.dll
[2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg
[2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe
[2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png
[2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png
[2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png
[2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png
[2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX
[2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png
[2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png
[2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png
[2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties
[2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png
[2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png
[2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png
[2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png
[2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png
[2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png
[2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png
[2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png
[2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] () -- \東方幻奏箱.mp3.sfk
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] () -- \東方幻奏箱.mp3
[2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini
[2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg
[2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb
[2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg
[2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds
[2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm
[2010/05/19 01:43:56 | 004,286,360 | ---- | C] () -- \AirRivals_HackShield_[1.0.0.39].exe
[2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif
[2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session
[2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm
[2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe
[2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf
[2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf
[2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd
[2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif
[2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov
[2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf
[2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf
[2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg
[2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk
[2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3
[2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav
[2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk
[2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav
[2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk
[2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3
[2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3
[2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3
[2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe
[2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3
[2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV
[2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3
[2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak
[2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr
[2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] () -- \EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] () -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin
[2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp
[2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3
[2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH
[2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin
[2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3
[2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3
[2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3
[2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg
[2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg
[2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG
[2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3
[2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe
[2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3
[2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3
[2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg
[2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg
[2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg
[2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3
[2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3
[2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld
[2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak
[2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr
========== ZeroAccess Check ==========
[2013/02/09 17:00:46 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\@
[2013/02/09 17:00:46 | 000,048,640 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n
[2013/02/09 17:00:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L
[2013/03/08 06:28:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U
[2013/02/15 14:37:16 | 000,000,928 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\00000001.@
[2013/02/09 17:00:50 | 000,011,776 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\80000000.@
[2013/03/08 06:28:19 | 000,021,504 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\800000cb.@
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\n. -- File not found
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n. -- [2013/02/09 17:00:46 | 000,048,640 | -HS- | M] ()
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
========== Purity Check ==========
< End of report >
OTL logfile created on: 3/28/2013 9:39:18 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 25.75% Memory free
7.25 Gb Paging File | 4.37 Gb Available in Paging File | 60.31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 26.20 Gb Free Space | 32.74% Space Free | Partition Type: NTFS
Drive D: | 385.76 Gb Total Space | 15.36 Gb Free Space | 3.98% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 440.20 Gb Free Space | 23.63% Space Free | Partition Type: NTFS
Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2013/03/15 17:29:12 | 001,632,680 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\steam.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/09/19 20:38:54 | 002,686,976 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.127\deploy\LoLLauncher.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/11/11 00:24:57 | 001,294,336 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2010/09/08 17:56:04 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- G:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.254\deploy\LolClient.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe
PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe
PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/15 17:29:10 | 000,990,120 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/03/14 21:19:02 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll
MOD - [2013/03/12 17:10:10 | 000,649,216 | ---- | M] () -- D:\Program Files\Steam\sdl2.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/09/19 20:38:54 | 002,686,976 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.127\deploy\LoLLauncher.exe
MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd
MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd
MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd
MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll
MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd
MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd
MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd
MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd
MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd
MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd
MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd
MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll
MOD - [2011/11/11 00:24:57 | 001,294,336 | ---- | M] () -- G:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- D:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2013/03/25 16:56:45 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/03/15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/09 17:01:38 | 000,062,720 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\200429017a5e0442.sys -- (200429017a5e0442)
SRV - [2013/02/09 17:00:36 | 000,200,704 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454}\syshost.exe -- (syshost32)
SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2013/02/09 17:01:38 | 000,062,720 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\200429017a5e0442.sys -- (200429017a5e0442)
DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/11/06 14:21:39 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\utqymjgy.sys -- (utqymjgy)
DRV - [2010/07/04 16:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\vmm.sys -- (vmm)
DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/02 15:18:53 | 000,245,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/11/02 15:15:59 | 000,258,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vpchbus.sys -- (vpcbus)
DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vpcusb.sys -- (vpcusb)
DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vmmouse.sys -- (vmmouse)
DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vm3dmp.sys -- (vm3dmp)
DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup)
DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2009/07/13 22:19:11 | 000,297,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 22:19:11 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/13 22:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:19:10 | 000,159,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 22:19:10 | 000,053,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp)
DRV - [2009/07/13 22:19:10 | 000,053,312 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:19:10 | 000,032,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:17:06 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:55:02 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6)
DRV - [2009/07/13 20:55:02 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (WANARP)
DRV - [2009/07/13 20:55:02 | 000,016,384 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 20:53:51 | 000,009,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 20:52:02 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 20:51:31 | 000,075,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2009/07/13 20:51:23 | 000,080,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2009/07/13 20:51:19 | 000,074,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/07/13 20:51:18 | 000,086,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2009/07/13 20:51:14 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2009/07/13 20:51:14 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2009/07/13 20:51:10 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2009/07/13 20:50:45 | 000,132,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV - [2009/07/13 20:50:17 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2009/07/13 20:46:53 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 20:25:51 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 20:25:49 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga)
DRV - [2009/07/13 20:19:17 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 20:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/19 07:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\V0510Vid.sys -- (V0510Dev)
DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma)
DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1)
DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\V0510Vfx.sys -- (V0510Vfx)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp)
DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}: "URL" = http://www.dealio.co...d={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/16 21:44:16 | 000,000,000 | ---D | M]
[2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O1 HOSTS File: ([2013/03/28 21:37:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe
[2013/03/02 14:12:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Perforce
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/28 21:13:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/28 12:13:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 00:10:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2013/03/26 07:42:16 | 000,730,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/26 07:42:16 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2013/03/26 07:42:16 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2013/03/26 07:42:15 | 000,151,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/26 07:05:02 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 07:05:01 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 07:49:42 | 000,002,100 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel
[2013/02/27 01:25:06 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- C:\procmon.chm
[2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm
[2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2013/02/09 17:01:38 | 000,062,720 | ---- | C] () -- C:\Windows\System32\drivers\200429017a5e0442.sys
[2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc
[2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/06/25 19:32:06 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\tap0901t.sys
[2012/06/14 11:00:28 | 000,196,064 | ---- | C] () -- C:\Windows\System32\drivers\windrvr6.sys
[2012/06/13 17:04:09 | 000,073,032 | ---- | C] () -- C:\Windows\System32\drivers\ftser2k.sys
[2012/06/13 17:04:09 | 000,060,104 | ---- | C] () -- C:\Windows\System32\drivers\ftdibus.sys
[2012/05/31 23:19:44 | 011,354,944 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini
[2012/03/15 19:43:52 | 000,044,784 | ---- | C] () -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/03/08 23:54:29 | 003,921,448 | ---- | C] () -- C:\Windows\System32\drivers\RTKVHDA.sys
[2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/01/13 23:06:14 | 000,361,032 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/13 23:06:14 | 000,054,232 | ---- | C] () -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/13 23:06:14 | 000,021,256 | ---- | C] () -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/13 23:06:13 | 000,738,504 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll
[2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini
[2011/06/14 14:26:23 | 000,047,616 | ---- | C] () -- C:\Windows\System32\drivers\Haspnt.sys
[2011/06/14 14:26:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\haspvdd.dll
[2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2011/06/14 14:26:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2011/06/14 14:26:16 | 000,049,664 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL
[2011/06/14 14:26:16 | 000,018,432 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL
[2011/06/14 14:26:13 | 000,020,032 | R--- | C] () -- C:\Windows\System32\drivers\SNTNLUSB.SYS
[2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2011/06/14 00:40:18 | 000,693,760 | ---- | C] () -- C:\Windows\System32\drivers\hardlock.sys
[2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe
[2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/20 16:16:37 | 000,728,448 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011/05/20 16:16:37 | 000,219,008 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/05/20 16:16:37 | 000,107,520 | ---- | C] () -- C:\Windows\System32\cdd.dll
[2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg
[2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe
[2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png
[2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png
[2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png
[2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png
[2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX
[2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png
[2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png
[2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png
[2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties
[2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png
[2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png
[2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png
[2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png
[2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png
[2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png
[2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png
[2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png
[2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010/10/30 19:36:07 | 000,221,216 | ---- | C] () -- \東方幻奏箱.mp3.sfk
[2010/10/30 15:13:40 | 002,567,549 | ---- | C] () -- \東方幻奏箱.mp3
[2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini
[2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg
[2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb
[2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg
[2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds
[2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm
[2010/05/19 01:43:56 | 004,286,360 | ---- | C] () -- \AirRivals_HackShield_[1.0.0.39].exe
[2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif
[2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session
[2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm
[2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe
[2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf
[2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf
[2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd
[2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif
[2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov
[2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf
[2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf
[2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg
[2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk
[2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3
[2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav
[2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk
[2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav
[2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk
[2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3
[2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3
[2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3
[2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe
[2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3
[2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV
[2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3
[2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak
[2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr
[2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3
[2010/02/06 15:14:18 | 005,570,592 | ---- | C] () -- \EastNewSound 悖徳数列組曲(x≒y).mp3
[2010/02/06 15:09:15 | 004,729,658 | ---- | C] () -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3
[2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin
[2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp
[2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3
[2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH
[2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin
[2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3
[2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3
[2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3
[2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg
[2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg
[2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG
[2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3
[2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe
[2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3
[2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3
[2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg
[2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg
[2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg
[2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm
[2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm
[2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm
[2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3
[2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3
[2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld
[2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak
[2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr
========== ZeroAccess Check ==========
[2013/02/09 17:00:46 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\@
[2013/02/09 17:00:46 | 000,048,640 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n
[2013/02/09 17:00:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L
[2013/03/08 06:28:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U
[2013/02/15 14:37:16 | 000,000,928 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\00000001.@
[2013/02/09 17:00:50 | 000,011,776 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\80000000.@
[2013/03/08 06:28:19 | 000,021,504 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U\800000cb.@
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\n. -- File not found
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\n. -- [2013/02/09 17:00:46 | 000,048,640 | -HS- | M] ()
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
========== Purity Check ==========
< End of report >
#4
Posted 28 March 2013 - 08:45 PM
Looks like Zero Access and some friends.
Copy the text in the code box by highlighting and Ctrl + c
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03282013-some number.log so look there if you don't see it.
Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.
If TDSSKiller alerts you that the system needs to reboot, please consent.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free
SAVE Malwarebytes' Anti-Malware to your desktop.
* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Download the adwCleaner
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
(Does this complain that it could not fix all of your files?)
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
If it doesn't do it for you:
Reboot.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.
Copy the text in the code box:
Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
Select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Copy the text in the code box by highlighting and Ctrl + c
:OTL IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}: "URL" = http://www.dealio.co...d={searchTerms} O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found. O4 - HKCU..\Run: [AdobeBridge] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O20 - AppInit_DLLs: ({DLL_Str}) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found :files sc stop Akamai /c sc delete Akamai /c c:\program files\common files\akamai/netsession_win_ca0e279.dll sc stop syshost32 /c sc delete syshost32 /c C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454} sc stop 200429017a5e0442 /c sc delete 200429017a5e0442 /c C:\Windows\System32\drivers\200429017a5e0442.sys 200429017a5e0442 sfc /scanfile=C:\Windows\System32\drivers\umpass.sys sc stop utqymjgy /c sc delete utqymjgy /c C:\Windows\System32\Drivers\utqymjgy.sys C:\$RECYCLE.BIN\S-1-5-18 :Commands [EMPTYFLASH] [EMPTYJAVA] [purity] [Reboot]
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03282013-some number.log so look there if you don't see it.
Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
ComboFix
:!: It must be saved to your desktop, do not run it from your browser:!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Rightclick on ComboFix and select Run As Administrator to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.
If TDSSKiller alerts you that the system needs to reboot, please consent.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free
SAVE Malwarebytes' Anti-Malware to your desktop.
* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Download the adwCleaner
- Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option - Select the Delete button.
- When the scan completes, it will open a notepad windows.
- Please, copy the content of this file in your next reply.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(Does this complain that it could not fix all of your files?)
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
If it doesn't do it for you:
Reboot.
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.
Copy the text in the code box:
DRIVES nnetsvcs %SYSTEMDRIVE%\*.exe %systemroot%\assembly\GAC_32\*.ini %systemroot%\assembly\GAC_64\*.ini msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start rsvpsp.dll pnrpnsp.dll nwprovau.dll nlaapi.dll napinsp.dll mswsock.dll winrnr.dll wshelper.dll services.exe atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll user32.dll /md5stop C:\Windows\assembly\tmp\U\*.* /s %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %ProgramFiles%\WINDOWS NT\*.* /s %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT
Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
Select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
#5
Posted 30 March 2013 - 12:26 PM
When running the OTL fix, a prompt comes up when doing delete Akamai: "Cannot create file C:\\cmd.bat." The program doesn't hang after clicking ok, but it seems to try to delete Akamai indefinitely. What should I do to fix this?
#6
Posted 30 March 2013 - 03:15 PM
My fault. I left off the /c on the first two commands. I did an edit on the post and fixed it so try it again.
#7
Posted 31 March 2013 - 06:04 AM
Unfortunately it's still erroring with the same message, at the same place as last time. I double checked that the sc commands for Akamai (and the other sc commands) have /c on the end and they all do.
#8
Posted 31 March 2013 - 08:26 AM
OK Try it without the akamai.
:OTL IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}: "URL" = http://www.dealio.co...d={searchTerms} O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found. O4 - HKCU..\Run: [AdobeBridge] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O20 - AppInit_DLLs: ({DLL_Str}) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Value error. File not found O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - Reg Error: Value error. File not found O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - Reg Error: Value error. File not found :files c:\program files\common files\akamai/netsession_win_ca0e279.dll sc stop syshost32 /c sc delete syshost32 /c C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454} sc stop 200429017a5e0442 /c sc delete 200429017a5e0442 /c C:\Windows\System32\drivers\200429017a5e0442.sys 200429017a5e0442 sfc /scanfile=C:\Windows\System32\drivers\umpass.sys sc stop utqymjgy /c sc delete utqymjgy /c C:\Windows\System32\Drivers\utqymjgy.sys C:\$RECYCLE.BIN\S-1-5-18 :Commands [EMPTYFLASH] [EMPTYJAVA] [purity] [Reboot]
#9
Posted 02 April 2013 - 03:34 PM
Any of the /c commands keep giving the same error; I've looked around but I'm not sure how to fix it. Is it because C:\\ is an invalid address?
#10
Posted 02 April 2013 - 06:07 PM
Not sure why the /c commands aren't working. They should work. Could be the malware is fighting them. Just leave them out.
#11
Posted 09 April 2013 - 08:31 AM
Here's the first OTL log:
When I tried scanning with aswMBR, it just said "Scan error, incorrect parameter." Should I just skip this part?
========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7F55892-C8F6-4418-B838-E3554BB14BBC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7F55892-C8F6-4418-B838-E3554BB14BBC}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:{DLL_Str} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC654325-1273-C2A9-2B7C-45D29BCE68FB} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC654325-1273-C2A9-2B7C-45D29BCE68FB}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC654325-1273-C2A9-2B7C-45D29BCE68FD} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC654325-1273-C2A9-2B7C-45D29BCE68FD}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC654325-1273-C2A9-2B7C-45D29BCE68FF} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC654325-1273-C2A9-2B7C-45D29BCE68FF}\ not found. ========== FILES ========== Invalid Switch: netsession_win_ca0e279.dll File\Folder C:\Windows\Installer\{A692F7D8-D04C-300B-AA7A-8A478A5C6454} not found. File\Folder C:\Windows\System32\drivers\200429017a5e0442.sys 200429017a5e0442 not found. Invalid Switch: scanfile=C:\Windows\System32\drivers\umpass.sys File move failed. C:\Windows\System32\Drivers\utqymjgy.sys scheduled to be moved on reboot. C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\U folder moved successfully. C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4\L folder moved successfully. C:\$RECYCLE.BIN\S-1-5-18\$6de1a95143337ffdd7495b20c85643f4 folder moved successfully. C:\$RECYCLE.BIN\S-1-5-18 folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: %username% User: Administrator User: All Users User: Default User: Default User User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: %username% User: Administrator User: All Users User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04092013_110838 Files\Folders moved on Reboot... File\Folder C:\Windows\System32\Drivers\utqymjgy.sys not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
When I tried scanning with aswMBR, it just said "Scan error, incorrect parameter." Should I just skip this part?
Edited by biggy c, 09 April 2013 - 08:32 AM.
#12
Posted 09 April 2013 - 08:49 AM
Yes skip any scan that doesn't want to run.
#13
Posted 12 April 2013 - 03:30 PM
ComboFix log:
TDSSKiller log:
Malwarebytes log:
adwCleaner log:
VEW System log:
VEW Application log:
New OTL log:
Extras log:
ComboFix 13-04-09.01 - Administrator 9/2013 Tue 15:56:34.5.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1033.18.3327.1695 [GMT -3:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\@ c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\n c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\00000001.@ c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\80000000.@ c:\$recycle.bin\S-1-5-21-2814810016-525067999-3679616187-500\$6de1a95143337ffdd7495b20c85643f4\U\800000cb.@ c:\program files\Common Files\ComObject c:\program files\Common Files\ComObject\AccessibleMarshal.dll c:\program files\Common Files\ComObject\application.ini c:\program files\Common Files\ComObject\blocklist.xml c:\program files\Common Files\ComObject\browserconfig.properties c:\program files\Common Files\ComObject\chrome\browser.jar c:\program files\Common Files\ComObject\chrome\browser.manifest c:\program files\Common Files\ComObject\chrome\classic.jar c:\program files\Common Files\ComObject\chrome\classic.manifest c:\program files\Common Files\ComObject\chrome\comm.jar c:\program files\Common Files\ComObject\chrome\comm.manifest c:\program files\Common Files\ComObject\chrome\en-US.jar c:\program files\Common Files\ComObject\chrome\en-US.manifest c:\program files\Common Files\ComObject\chrome\pippki.jar c:\program files\Common Files\ComObject\chrome\pippki.manifest c:\program files\Common Files\ComObject\chrome\reporter.jar c:\program files\Common Files\ComObject\chrome\reporter.manifest c:\program files\Common Files\ComObject\chrome\toolkit.jar c:\program files\Common Files\ComObject\chrome\toolkit.manifest c:\program files\Common Files\ComObject\components\browser.xpt c:\program files\Common Files\ComObject\components\browserdirprovider.dll c:\program files\Common Files\ComObject\components\brwsrcmp.dll c:\program files\Common Files\ComObject\components\components.list c:\program files\Common Files\ComObject\components\compreg.dat c:\program files\Common Files\ComObject\components\FeedConverter.js c:\program files\Common Files\ComObject\components\FeedProcessor.js c:\program files\Common Files\ComObject\components\FeedWriter.js c:\program files\Common Files\ComObject\components\fuelApplication.js c:\program files\Common Files\ComObject\components\GPSDGeolocationProvider.js c:\program files\Common Files\ComObject\components\jsconsole-clhandler.js c:\program files\Common Files\ComObject\components\NetworkGeolocationProvider.js c:\program files\Common Files\ComObject\components\nsAddonRepository.js c:\program files\Common Files\ComObject\components\nsBadCertHandler.js c:\program files\Common Files\ComObject\components\nsBlocklistService.js c:\program files\Common Files\ComObject\components\nsBrowserContentHandler.js c:\program files\Common Files\ComObject\components\nsBrowserGlue.js c:\program files\Common Files\ComObject\components\nsContentDispatchChooser.js c:\program files\Common Files\ComObject\components\nsContentPrefService.js c:\program files\Common Files\ComObject\components\nsDefaultCLH.js c:\program files\Common Files\ComObject\components\nsDownloadManagerUI.js c:\program files\Common Files\ComObject\components\nsExtensionManager.js c:\program files\Common Files\ComObject\components\nsFormAutoComplete.js c:\program files\Common Files\ComObject\components\nsHandlerService.js c:\program files\Common Files\ComObject\components\nsHelperAppDlg.js c:\program files\Common Files\ComObject\components\nsINIProcessor.js c:\program files\Common Files\ComObject\components\nsLivemarkService.js c:\program files\Common Files\ComObject\components\nsLoginInfo.js c:\program files\Common Files\ComObject\components\nsLoginManager.js c:\program files\Common Files\ComObject\components\nsLoginManagerPrompter.js c:\program files\Common Files\ComObject\components\nsMicrosummaryService.js c:\program files\Common Files\ComObject\components\nsPlacesAutoComplete.js c:\program files\Common Files\ComObject\components\nsPlacesDBFlush.js c:\program files\Common Files\ComObject\components\nsPlacesTransactionsService.js c:\program files\Common Files\ComObject\components\nsPrivateBrowsingService.js c:\program files\Common Files\ComObject\components\nsProxyAutoConfig.js c:\program files\Common Files\ComObject\components\nsSafebrowsingApplication.js c:\program files\Common Files\ComObject\components\nsSearchService.js c:\program files\Common Files\ComObject\components\nsSearchSuggestions.js c:\program files\Common Files\ComObject\components\nsSessionStartup.js c:\program files\Common Files\ComObject\components\nsSessionStore.js c:\program files\Common Files\ComObject\components\nsSetDefaultBrowser.js c:\program files\Common Files\ComObject\components\nsSidebar.js c:\program files\Common Files\ComObject\components\nsTaggingService.js c:\program files\Common Files\ComObject\components\nsTryToClose.js c:\program files\Common Files\ComObject\components\nsUpdateService.js c:\program files\Common Files\ComObject\components\nsUpdateServiceStub.js c:\program files\Common Files\ComObject\components\nsUpdateTimerManager.js c:\program files\Common Files\ComObject\components\nsUrlClassifierLib.js c:\program files\Common Files\ComObject\components\nsUrlClassifierListManager.js c:\program files\Common Files\ComObject\components\nsURLFormatter.js c:\program files\Common Files\ComObject\components\nsWebHandlerApp.js c:\program files\Common Files\ComObject\components\pluginGlue.js c:\program files\Common Files\ComObject\components\storage-Legacy.js c:\program files\Common Files\ComObject\components\storage-mozStorage.js c:\program files\Common Files\ComObject\components\txEXSLTRegExFunctions.js c:\program files\Common Files\ComObject\components\WebContentConverter.js c:\program files\Common Files\ComObject\components\xpti.dat c:\program files\Common Files\ComObject\crashreporter-override.ini c:\program files\Common Files\ComObject\crashreporter.exe c:\program files\Common Files\ComObject\crashreporter.ini c:\program files\Common Files\ComObject\data.js c:\program files\Common Files\ComObject\defaults\autoconfig\platform.js c:\program files\Common Files\ComObject\defaults\autoconfig\prefcalls.js c:\program files\Common Files\ComObject\defaults\pref\channel-prefs.js c:\program files\Common Files\ComObject\defaults\pref\firefox-branding.js c:\program files\Common Files\ComObject\defaults\pref\firefox-l10n.js c:\program files\Common Files\ComObject\defaults\pref\firefox.js c:\program files\Common Files\ComObject\defaults\pref\reporter.js c:\program files\Common Files\ComObject\defaults\profile\bookmarks.html c:\program files\Common Files\ComObject\defaults\profile\chrome\userChrome-example.css c:\program files\Common Files\ComObject\defaults\profile\chrome\userContent-example.css c:\program files\Common Files\ComObject\defaults\profile\localstore.rdf c:\program files\Common Files\ComObject\defaults\profile\mimeTypes.rdf c:\program files\Common Files\ComObject\defaults\profile\prefs.js c:\program files\Common Files\ComObject\dictionaries\en-US.aff c:\program files\Common Files\ComObject\dictionaries\en-US.dic c:\program files\Common Files\ComObject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png c:\program files\Common Files\ComObject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf c:\program files\Common Files\ComObject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png c:\program files\Common Files\ComObject\freebl3.chk c:\program files\Common Files\ComObject\freebl3.dll c:\program files\Common Files\ComObject\greprefs\all.js c:\program files\Common Files\ComObject\greprefs\security-prefs.js c:\program files\Common Files\ComObject\greprefs\xpinstall.js c:\program files\Common Files\ComObject\js3250.dll c:\program files\Common Files\ComObject\LICENSE c:\program files\Common Files\ComObject\modules\CertUtils.jsm c:\program files\Common Files\ComObject\modules\CrashSubmit.jsm c:\program files\Common Files\ComObject\modules\ctypes.jsm c:\program files\Common Files\ComObject\modules\debug.js c:\program files\Common Files\ComObject\modules\distribution.js c:\program files\Common Files\ComObject\modules\DownloadLastDir.jsm c:\program files\Common Files\ComObject\modules\DownloadUtils.jsm c:\program files\Common Files\ComObject\modules\FileUtils.jsm c:\program files\Common Files\ComObject\modules\ISO8601DateUtils.jsm c:\program files\Common Files\ComObject\modules\LightweightThemeConsumer.jsm c:\program files\Common Files\ComObject\modules\LightweightThemeManager.jsm c:\program files\Common Files\ComObject\modules\Microformats.js c:\program files\Common Files\ComObject\modules\NetUtil.jsm c:\program files\Common Files\ComObject\modules\NetworkPrioritizer.jsm c:\program files\Common Files\ComObject\modules\openLocationLastURL.jsm c:\program files\Common Files\ComObject\modules\PlacesDBUtils.jsm c:\program files\Common Files\ComObject\modules\PluralForm.jsm c:\program files\Common Files\ComObject\modules\SpatialNavigation.js c:\program files\Common Files\ComObject\modules\utils.js c:\program files\Common Files\ComObject\modules\WindowDraggingUtils.jsm c:\program files\Common Files\ComObject\modules\WindowsPreviewPerTab.jsm c:\program files\Common Files\ComObject\modules\XPCOMUtils.jsm c:\program files\Common Files\ComObject\mozcpp19.dll c:\program files\Common Files\ComObject\mozcrt19.dll c:\program files\Common Files\ComObject\nspr4.dll c:\program files\Common Files\ComObject\nss3.dll c:\program files\Common Files\ComObject\nssckbi.dll c:\program files\Common Files\ComObject\nssdbm3.chk c:\program files\Common Files\ComObject\nssdbm3.dll c:\program files\Common Files\ComObject\nssutil3.dll c:\program files\Common Files\ComObject\platform.ini c:\program files\Common Files\ComObject\plc4.dll c:\program files\Common Files\ComObject\plds4.dll c:\program files\Common Files\ComObject\plugins\npbasic.dll c:\program files\Common Files\ComObject\plugins\npnul32.dll c:\program files\Common Files\ComObject\README.txt c:\program files\Common Files\ComObject\res\arrow.gif c:\program files\Common Files\ComObject\res\arrowd.gif c:\program files\Common Files\ComObject\res\broken-image.png c:\program files\Common Files\ComObject\res\charsetalias.properties c:\program files\Common Files\ComObject\res\charsetData.properties c:\program files\Common Files\ComObject\res\contenteditable.css c:\program files\Common Files\ComObject\res\designmode.css c:\program files\Common Files\ComObject\res\dtd\mathml.dtd c:\program files\Common Files\ComObject\res\dtd\xhtml11.dtd c:\program files\Common Files\ComObject\res\EditorOverride.css c:\program files\Common Files\ComObject\res\entityTables\html40Latin1.properties c:\program files\Common Files\ComObject\res\entityTables\html40Special.properties c:\program files\Common Files\ComObject\res\entityTables\html40Symbols.properties c:\program files\Common Files\ComObject\res\entityTables\htmlEntityVersions.properties c:\program files\Common Files\ComObject\res\entityTables\mathml20.properties c:\program files\Common Files\ComObject\res\entityTables\transliterate.properties c:\program files\Common Files\ComObject\res\fonts\mathfont.properties c:\program files\Common Files\ComObject\res\fonts\mathfontStandardSymbolsL.properties c:\program files\Common Files\ComObject\res\fonts\mathfontSTIXNonUnicode.properties c:\program files\Common Files\ComObject\res\fonts\mathfontSTIXSize1.properties c:\program files\Common Files\ComObject\res\fonts\mathfontSymbol.properties c:\program files\Common Files\ComObject\res\fonts\mathfontUnicode.properties c:\program files\Common Files\ComObject\res\forms.css c:\program files\Common Files\ComObject\res\grabber.gif c:\program files\Common Files\ComObject\res\hiddenWindow.html c:\program files\Common Files\ComObject\res\html.css c:\program files\Common Files\ComObject\res\html\folder.png c:\program files\Common Files\ComObject\res\langGroups.properties c:\program files\Common Files\ComObject\res\language.properties c:\program files\Common Files\ComObject\res\loading-image.png c:\program files\Common Files\ComObject\res\mathml.css c:\program files\Common Files\ComObject\res\quirk.css c:\program files\Common Files\ComObject\res\svg.css c:\program files\Common Files\ComObject\res\table-add-column-after-active.gif c:\program files\Common Files\ComObject\res\table-add-column-after-hover.gif c:\program files\Common Files\ComObject\res\table-add-column-after.gif c:\program files\Common Files\ComObject\res\table-add-column-before-active.gif c:\program files\Common Files\ComObject\res\table-add-column-before-hover.gif c:\program files\Common Files\ComObject\res\table-add-column-before.gif c:\program files\Common Files\ComObject\res\table-add-row-after-active.gif c:\program files\Common Files\ComObject\res\table-add-row-after-hover.gif c:\program files\Common Files\ComObject\res\table-add-row-after.gif c:\program files\Common Files\ComObject\res\table-add-row-before-active.gif c:\program files\Common Files\ComObject\res\table-add-row-before-hover.gif c:\program files\Common Files\ComObject\res\table-add-row-before.gif c:\program files\Common Files\ComObject\res\table-remove-column-active.gif c:\program files\Common Files\ComObject\res\table-remove-column-hover.gif c:\program files\Common Files\ComObject\res\table-remove-column.gif c:\program files\Common Files\ComObject\res\table-remove-row-active.gif c:\program files\Common Files\ComObject\res\table-remove-row-hover.gif c:\program files\Common Files\ComObject\res\table-remove-row.gif c:\program files\Common Files\ComObject\res\ua.css c:\program files\Common Files\ComObject\res\viewsource.css c:\program files\Common Files\ComObject\res\wincharset.properties c:\program files\Common Files\ComObject\searchplugins\amazondotcom.xml c:\program files\Common Files\ComObject\searchplugins\answers.xml c:\program files\Common Files\ComObject\searchplugins\creativecommons.xml c:\program files\Common Files\ComObject\searchplugins\eBay.xml c:\program files\Common Files\ComObject\searchplugins\google.xml c:\program files\Common Files\ComObject\searchplugins\wikipedia.xml c:\program files\Common Files\ComObject\searchplugins\yahoo.xml c:\program files\Common Files\ComObject\smime3.dll c:\program files\Common Files\ComObject\softokn3.chk c:\program files\Common Files\ComObject\softokn3.dll c:\program files\Common Files\ComObject\sq0.exe c:\program files\Common Files\ComObject\sqlite3.dll c:\program files\Common Files\ComObject\ssl3.dll c:\program files\Common Files\ComObject\uninstall\helper.exe c:\program files\Common Files\ComObject\update.locale c:\program files\Common Files\ComObject\updater.ini c:\program files\Common Files\ComObject\updatewin32.exe c:\program files\Common Files\ComObject\xpcom.dll c:\program files\Common Files\ComObject\xul.dll c:\users\Administrator\AppData\Roaming\Local c:\users\Public\Desktop\Search.lnk c:\windows\apppatch\AppLoc.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\isRS-000.tmp c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\123ff01.dll c:\windows\system32\12b137d1.dll c:\windows\system32\1326b1ae.dll c:\windows\system32\1518a062.dll c:\windows\system32\1527ef1c.dll c:\windows\system32\154c7224.dll c:\windows\system32\15fab922.dll c:\windows\system32\172e8d1e.dll c:\windows\system32\175ea104.dll c:\windows\system32\19053af2.dll c:\windows\system32\197f2b0.dll c:\windows\system32\1af1d4ba.dll c:\windows\system32\25443ff.dll c:\windows\system32\26bafd8.dll c:\windows\system32\26fe0a60.dll c:\windows\system32\28fe240.dll c:\windows\system32\29a6eb78.dll c:\windows\system32\2b44edb2.dll c:\windows\system32\2e45260.dll c:\windows\system32\30a9d982.dll c:\windows\system32\39097cc7.dll c:\windows\system32\4cd553e.dll c:\windows\system32\5915b80.dll c:\windows\system32\6340f38.dll c:\windows\system32\6f50a16.dll c:\windows\system32\7b6ce9c.dll c:\windows\system32\a7ef1d8.dll c:\windows\system32\d1cd822.dll c:\windows\system32\d375e80.dll c:\windows\system32\drivers\200429017a5e0442.sys c:\windows\system32\f66bbcf.dll c:\windows\system32\SET55E4.tmp c:\windows\system32\SET6371.tmp c:\windows\system32\SET6BCE.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_syshost32 -------\Legacy_200429017a5e0442 -------\Service_200429017a5e0442 . . ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 ))))))))))))))))))))))))))))))) . . 2013-04-09 21:27 . 2013-04-09 21:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-04-09 21:27 . 2013-04-09 21:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-09 21:27 . 2013-04-09 21:27 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-09 21:27 . 2013-04-09 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-30 17:08 . 2013-03-30 17:08 -------- d-----w- C:\_OTL 2013-03-17 14:47 . 2012-07-11 20:45 2474608 ----a-w- C:\Procmon.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-26 23:01 . 2011-05-19 00:51 602112 ----a-w- C:\OTL.exe 2009-11-20 00:08 . 2009-11-20 00:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll 2009-11-20 00:08 . 2009-11-20 00:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 121528 ----a-w- d:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 13:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay] @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}" [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}] 2012-06-06 16:32 1899144 ----a-w- g:\udk\Perforce\p4exp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay] @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}" [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}] 2012-06-06 16:32 1899144 ----a-w- g:\udk\Perforce\p4exp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay] @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}" [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}] 2012-06-06 16:32 1899144 ----a-w- g:\udk\Perforce\p4exp.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\program files\Steam\steam.exe" [2013-03-29 1631144] "NVIDIA nTune"="g:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496] "Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096] "LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048] "V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768] "PlusService"="d:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848] "TortoiseHgOverlayIconServer"="g:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-07-03 47880] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFileAssociate"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFileAssociate"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll" [2008-04-05 90112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi8"=mapledxp.dll . [HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] 2011-10-23 20:07 1044992 ----a-w- g:\program files\FileZilla Server\FileZilla Server Interface.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2011-07-01 17:44 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] 2010-02-03 10:40 394984 ----a-w- d:\program files\Sandboxie\SbieCtrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Akamai REG_MULTI_SZ Akamai nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cbc.ca/news uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 24.222.0.94 24.222.0.95 FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/news FF - ExtSQL: 2013-03-10 14:04; {30E08C68-889E-11E0-95EF-DA7E4824019B}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) MSConfigStartUp-EvtMgr6 - d:\program files\Logitech\SetPointP\SetPoint.exe AddRemove-ArnA 2: Combined Operations - g:\program files\ArmA 2\uninstall.exe AddRemove-BattlEye for A2 - g:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe AddRemove-Fraps - d:\fraps\uninstall.exe AddRemove-Hellfire - d:\sierra\HELLFIRE\Uninst.isu AddRemove-Hisoutensoku English - d:\touhou games\th123 - Copy\uninstall_th123e.exe AddRemove-1_is1 - d:\touhou games\ƒJƒXƒKƒ\ƒtƒg\–Z‚µ‚¢l‚̀‚½‚ß‚̀‚±‚¤‚Ü‚«‚傤\unins000.exe AddRemove-4_is1 - d:\touhou games\ƒJƒXƒKƒ\ƒtƒg\–Z‚µ‚¢l‚̀‚½‚ß‚̀‚悤‚悤‚̃EXTRA\unins000.exe AddRemove-JDIMJFPLIPJHJCIGIMIA - d:\touhou games\“Œ•û—’†Œ€\_uninst.exe AddRemove-JDIMJFPLJHFGIJIDJAKCIKEF - d:\touhou games\thworld\_uninst.exe AddRemove-Mumble - d:\program files\Mumble\Uninstall.exe AddRemove-SWR English - d:\touhou games\Touhou 10.5 Scarlet Weather Rhapsody\uninstall_th105e.exe AddRemove-TM Plot_is1 - g:\tm\TM Plot\unins000.exe AddRemove-UDK-ebfcc32b-3229-4c5a-9cae-822c4c9f11cc - g:\udk\Whizzle\Binaries\UnSetup.exe AddRemove-{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1 - d:\touhou games\Touhou 12.3 ~ Unthinkable Natural Law\unins000.exe AddRemove-{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1 - d:\touhou games\Touhou 10.5 Scarlet Weather Rhapsody\unins000.exe AddRemove-•sv‹c‚̀Œ¶‘z‹½_is1 - d:\touhou games\•sv‹c‚̀Œ¶‘z‹½\unins000.exe AddRemove-ªˆÅ“`à_is1 - d:\touhou games\ªˆÅ“`à\unins000.exe AddRemove-“Œ•û‘å‰^“®‰ï - d:\touhou games\“Œ•û‘å‰^“®‰ï\uninstall.exe AddRemove-“Œ•ûŒ¶‘z–ƒ_is1 - d:\touhou games\“Œ•ûŒ¶‘z–ƒ\unins000.exe AddRemove-ªF¤è¤f³U¾Ôª§EVO - d:\touhou games\ªF¤è¤f³U¾Ôª§EVO\uninstall.exe AddRemove-GCalc 3 - c:\windows\system32\javaws.exe . . "ImagePath"="System32\DRIVERS\fvevol.sys" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\G:/UDK/Perforce/P4VResources/p4ob.exe] . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*] "value"="?\08\05\05\03 $?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5116) d:\program files\Xfire\xfire_toucan_45547.dll g:\program files\TortoiseHg\ThgShellx86.dll c:\windows\System32\Branding\folderbg\VistaFolderBackground.dll d:\program files\Microsoft Virtual PC\VPCShExH.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\windows\system32\WUDFHost.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WUDFHost.exe d:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe d:\program files\LogMeIn Hamachi\hamachi-2.exe d:\program files\LogMeIn\x86\LMIGuardianSvc.exe d:\program files\LogMeIn\x86\RaMaint.exe d:\program files\LogMeIn\x86\LogMeIn.exe g:\program files\Alias\Maya7.0\docs\wrapper.exe g:\program files\NVIDIA Corporation\nTune\nTuneService.exe g:\program files\Alias\Maya7.0\docs\jre\bin\java.exe c:\windows\system32\conhost.exe d:\program files\Sandboxie\SbieSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe d:\program files\Xfire\Xfire.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Completion time: 2013-04-09 19:02:55 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-09 22:02 . Pre-Run: 114,384,896 bytes free Post-Run: 996,241,408 bytes free . - - End Of File - - 973610E91FAD5870B8ED1C5EBEDDA4EC
TDSSKiller log:
12:39:16.0898 2980 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 12:39:17.0250 2980 ============================================================ 12:39:17.0250 2980 Current date / time: 2013/04/10 12:39:17.0250 12:39:17.0250 2980 SystemInfo: 12:39:17.0251 2980 12:39:17.0251 2980 OS Version: 6.1.7600 ServicePack: 0.0 12:39:17.0251 2980 Product type: Workstation 12:39:17.0251 2980 ComputerName: HEAVENH-B8RJ5SH 12:39:17.0251 2980 UserName: Administrator 12:39:17.0251 2980 Windows directory: C:\Windows 12:39:17.0251 2980 System windows directory: C:\Windows 12:39:17.0251 2980 Processor architecture: Intel x86 12:39:17.0251 2980 Number of processors: 2 12:39:17.0251 2980 Page size: 0x1000 12:39:17.0251 2980 Boot type: Normal boot 12:39:17.0251 2980 ============================================================ 12:39:18.0559 2980 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:39:18.0587 2980 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:39:18.0603 2980 ============================================================ 12:39:18.0603 2980 \Device\Harddisk1\DR1: 12:39:18.0603 2980 MBR partitions: 12:39:18.0603 2980 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000 12:39:18.0603 2980 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x30385000 12:39:18.0603 2980 \Device\Harddisk0\DR0: 12:39:18.0604 2980 MBR partitions: 12:39:18.0604 2980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 12:39:18.0604 2980 ============================================================ 12:39:18.0679 2980 C: <-> \Device\Harddisk1\DR1\Partition1 12:39:18.0734 2980 D: <-> \Device\Harddisk1\DR1\Partition2 12:39:18.0810 2980 G: <-> \Device\Harddisk0\DR0\Partition1 12:39:18.0824 2980 ============================================================ 12:39:18.0824 2980 Initialize success 12:39:18.0824 2980 ============================================================ 12:40:15.0828 5992 ============================================================ 12:40:15.0828 5992 Scan started 12:40:15.0828 5992 Mode: Manual; SigCheck; TDLFS; 12:40:15.0828 5992 ============================================================ 12:40:18.0351 5992 ================ Scan system memory ======================== 12:40:18.0351 5992 System memory - ok 12:40:18.0352 5992 ================ Scan services ============================= 12:40:18.0616 5992 [ BF02F806C873ABB04B197161E8E5A316 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:40:19.0333 5992 1394ohci - ok 12:40:19.0425 5992 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:40:19.0450 5992 ACPI - ok 12:40:19.0474 5992 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:40:19.0566 5992 AcpiPmi - ok 12:40:19.0594 5992 adfs - ok 12:40:19.0754 5992 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 12:40:19.0782 5992 AdobeARMservice - ok 12:40:19.0846 5992 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 12:40:19.0862 5992 adp94xx - ok 12:40:19.0890 5992 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 12:40:19.0903 5992 adpahci - ok 12:40:19.0936 5992 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 12:40:19.0947 5992 adpu320 - ok 12:40:19.0994 5992 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:40:20.0098 5992 AeLookupSvc - ok 12:40:20.0132 5992 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys 12:40:20.0226 5992 AFD - ok 12:40:20.0256 5992 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 12:40:20.0265 5992 agp440 - ok 12:40:20.0305 5992 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 12:40:20.0315 5992 aic78xx - ok 12:40:20.0509 5992 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files\common files\akamai/netsession_win_ca0e279.dll 12:40:20.0509 5992 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE 12:40:20.0518 5992 Akamai ( HiddenFile.Multi.Generic ) - warning 12:40:20.0518 5992 Akamai - detected HiddenFile.Multi.Generic (1) 12:40:20.0557 5992 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 12:40:20.0612 5992 ALG - ok 12:40:20.0631 5992 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 12:40:20.0640 5992 aliide - ok 12:40:20.0650 5992 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 12:40:20.0660 5992 amdagp - ok 12:40:20.0668 5992 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 12:40:20.0676 5992 amdide - ok 12:40:20.0699 5992 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 12:40:20.0796 5992 AmdK8 - ok 12:40:20.0817 5992 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 12:40:20.0850 5992 AmdPPM - ok 12:40:20.0868 5992 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:40:20.0878 5992 amdsata - ok 12:40:20.0893 5992 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 12:40:20.0904 5992 amdsbs - ok 12:40:20.0910 5992 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:40:20.0919 5992 amdxata - ok 12:40:20.0961 5992 [ D2BF422C2611632AFB9CE8F7B2A8C306 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 12:40:20.0984 5992 AmUStor ( UnsignedFile.Multi.Generic ) - warning 12:40:20.0984 5992 AmUStor - detected UnsignedFile.Multi.Generic (1) 12:40:21.0019 5992 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 12:40:21.0088 5992 AppID - ok 12:40:21.0128 5992 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:40:21.0174 5992 AppIDSvc - ok 12:40:21.0181 5992 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 12:40:21.0217 5992 Appinfo - ok 12:40:21.0239 5992 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 12:40:21.0287 5992 AppMgmt - ok 12:40:21.0299 5992 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 12:40:21.0309 5992 arc - ok 12:40:21.0317 5992 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 12:40:21.0328 5992 arcsas - ok 12:40:21.0487 5992 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 12:40:21.0536 5992 aspnet_state - ok 12:40:21.0580 5992 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 12:40:21.0683 5992 aswFsBlk - ok 12:40:21.0751 5992 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 12:40:21.0765 5992 aswMonFlt - ok 12:40:21.0800 5992 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 12:40:21.0810 5992 aswRdr - ok 12:40:21.0836 5992 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 12:40:21.0865 5992 aswSnx - ok 12:40:21.0896 5992 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys 12:40:21.0911 5992 aswSP - ok 12:40:21.0917 5992 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 12:40:21.0926 5992 aswTdi - ok 12:40:21.0939 5992 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:40:21.0989 5992 AsyncMac - ok 12:40:22.0030 5992 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 12:40:22.0038 5992 atapi - ok 12:40:22.0089 5992 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:40:22.0155 5992 AudioEndpointBuilder - ok 12:40:22.0164 5992 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 12:40:22.0191 5992 Audiosrv - ok 12:40:22.0293 5992 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe 12:40:22.0300 5992 avast! Antivirus - ok 12:40:22.0328 5992 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:40:22.0469 5992 AxInstSV - ok 12:40:22.0522 5992 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 12:40:22.0581 5992 b06bdrv - ok 12:40:22.0609 5992 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 12:40:22.0644 5992 b57nd60x - ok 12:40:22.0682 5992 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 12:40:22.0773 5992 BDESVC - ok 12:40:22.0781 5992 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 12:40:22.0804 5992 Beep - ok 12:40:22.0866 5992 [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService C:\Program Files\Common Files\BattlEye\BEService.exe 12:40:22.0888 5992 BEService ( UnsignedFile.Multi.Generic ) - warning 12:40:22.0888 5992 BEService - detected UnsignedFile.Multi.Generic (1) 12:40:22.0950 5992 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 12:40:23.0024 5992 BFE - ok 12:40:23.0078 5992 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll 12:40:23.0140 5992 BITS - ok 12:40:23.0169 5992 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:40:23.0194 5992 blbdrive - ok 12:40:23.0255 5992 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:40:23.0280 5992 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning 12:40:23.0280 5992 Bonjour Service - detected UnsignedFile.Multi.Generic (1) 12:40:23.0306 5992 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:40:23.0330 5992 bowser - ok 12:40:23.0361 5992 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 12:40:23.0417 5992 BrFiltLo - ok 12:40:23.0456 5992 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 12:40:23.0480 5992 BrFiltUp - ok 12:40:23.0516 5992 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 12:40:23.0555 5992 BridgeMP - ok 12:40:23.0608 5992 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll 12:40:23.0633 5992 Browser - ok 12:40:23.0669 5992 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:40:23.0731 5992 Brserid - ok 12:40:23.0761 5992 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:40:23.0787 5992 BrSerWdm - ok 12:40:23.0810 5992 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:40:23.0839 5992 BrUsbMdm - ok 12:40:23.0859 5992 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:40:23.0870 5992 BrUsbSer - ok 12:40:23.0885 5992 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 12:40:23.0913 5992 BTHMODEM - ok 12:40:23.0952 5992 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 12:40:23.0993 5992 bthserv - ok 12:40:24.0112 5992 catchme - ok 12:40:24.0127 5992 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:40:24.0162 5992 cdfs - ok 12:40:24.0194 5992 [ 656D1EC977E3C5316A62DBBE52CB9663 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 12:40:24.0286 5992 cdrom - ok 12:40:24.0300 5992 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 12:40:24.0339 5992 CertPropSvc - ok 12:40:24.0390 5992 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 12:40:24.0445 5992 circlass - ok 12:40:24.0480 5992 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 12:40:24.0493 5992 CLFS - ok 12:40:24.0596 5992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:40:24.0701 5992 clr_optimization_v2.0.50727_32 - ok 12:40:24.0748 5992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:40:24.0928 5992 clr_optimization_v4.0.30319_32 - ok 12:40:24.0957 5992 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 12:40:24.0979 5992 CmBatt - ok 12:40:24.0985 5992 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:40:24.0994 5992 cmdide - ok 12:40:25.0019 5992 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys 12:40:25.0085 5992 CNG - ok 12:40:25.0108 5992 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys 12:40:25.0117 5992 Compbatt - ok 12:40:25.0143 5992 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 12:40:25.0156 5992 CompositeBus - ok 12:40:25.0172 5992 COMSysApp - ok 12:40:25.0207 5992 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x32.sys 12:40:25.0214 5992 cpuz135 - ok 12:40:25.0228 5992 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 12:40:25.0237 5992 crcdisk - ok 12:40:25.0287 5992 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:40:25.0334 5992 CryptSvc - ok 12:40:25.0361 5992 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys 12:40:25.0515 5992 CSC - ok 12:40:25.0546 5992 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll 12:40:25.0617 5992 CscService - ok 12:40:25.0661 5992 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 12:40:25.0743 5992 DcomLaunch - ok 12:40:25.0769 5992 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 12:40:25.0809 5992 defragsvc - ok 12:40:25.0837 5992 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:40:25.0875 5992 DfsC - ok 12:40:25.0913 5992 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 12:40:25.0961 5992 Dhcp - ok 12:40:25.0976 5992 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 12:40:26.0015 5992 discache - ok 12:40:26.0048 5992 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 12:40:26.0057 5992 Disk - ok 12:40:26.0097 5992 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:40:26.0143 5992 Dnscache - ok 12:40:26.0167 5992 [ A8E0833D994D84936FA72EE1BEF4774F ] dot3svc C:\Windows\System32\dot3svc.dll 12:40:26.0211 5992 dot3svc - ok 12:40:26.0225 5992 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 12:40:26.0266 5992 DPS - ok 12:40:26.0300 5992 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:40:26.0329 5992 drmkaud - ok 12:40:26.0382 5992 [ 70A6158C26386636675584D9205313A1 ] DS1410D C:\Windows\system32\drivers\ds1410d.sys 12:40:26.0400 5992 Suspicious file (Forged): C:\Windows\system32\drivers\ds1410d.sys. Real md5: 70A6158C26386636675584D9205313A1, Fake md5: 90925A49F08443B17E62B41D13254EE7 12:40:26.0400 5992 DS1410D ( ForgedFile.Multi.Generic ) - warning 12:40:26.0400 5992 DS1410D - detected ForgedFile.Multi.Generic (1) 12:40:26.0465 5992 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:40:26.0495 5992 DXGKrnl - ok 12:40:26.0510 5992 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 12:40:26.0533 5992 E1G60 - ok 12:40:26.0554 5992 EagleNT - ok 12:40:26.0569 5992 EagleXNt - ok 12:40:26.0606 5992 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 12:40:26.0632 5992 EapHost - ok 12:40:26.0719 5992 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 12:40:26.0804 5992 ebdrv - ok 12:40:26.0834 5992 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe 12:40:26.0879 5992 EFS - ok 12:40:26.0900 5992 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 12:40:26.0917 5992 elxstor - ok 12:40:26.0968 5992 [ 7449750D231B0C4BD48C32399711D76B ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys 12:40:26.0975 5992 epfwwfp - ok 12:40:26.0987 5992 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:40:27.0014 5992 ErrDev - ok 12:40:27.0048 5992 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 12:40:27.0076 5992 EventSystem - ok 12:40:27.0091 5992 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 12:40:27.0117 5992 exfat - ok 12:40:27.0130 5992 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:40:27.0167 5992 fastfat - ok 12:40:27.0210 5992 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 12:40:27.0295 5992 Fax - ok 12:40:27.0305 5992 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:40:27.0328 5992 fdc - ok 12:40:27.0355 5992 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 12:40:27.0392 5992 fdPHost - ok 12:40:27.0440 5992 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 12:40:27.0482 5992 FDResPub - ok 12:40:27.0505 5992 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:40:27.0515 5992 FileInfo - ok 12:40:27.0528 5992 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:40:27.0562 5992 Filetrace - ok 12:40:27.0688 5992 [ C623057D3905323F760A8B3C8523C072 ] FileZilla Server G:\Program Files\FileZilla Server\FileZilla Server.exe 12:40:27.0704 5992 FileZilla Server ( UnsignedFile.Multi.Generic ) - warning 12:40:27.0704 5992 FileZilla Server - detected UnsignedFile.Multi.Generic (1) 12:40:27.0759 5992 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 12:40:27.0798 5992 FLEXnet Licensing Service - ok 12:40:27.0826 5992 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:40:27.0855 5992 flpydisk - ok 12:40:27.0882 5992 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:40:27.0894 5992 FltMgr - ok 12:40:27.0940 5992 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll 12:40:28.0002 5992 FontCache - ok 12:40:28.0077 5992 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 12:40:28.0085 5992 FontCache3.0.0.0 - ok 12:40:28.0098 5992 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:40:28.0107 5992 FsDepends - ok 12:40:28.0114 5992 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:40:28.0123 5992 Fs_Rec - ok 12:40:28.0174 5992 [ 8142D5D886829B9876CB93AF59475C09 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys 12:40:28.0181 5992 FTDIBUS - ok 12:40:28.0213 5992 [ 63D72A4CF9F163B59DB0CEED940A7D76 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys 12:40:28.0220 5992 FTSER2K - ok 12:40:28.0235 5992 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:40:28.0248 5992 fvevol - ok 12:40:28.0271 5992 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 12:40:28.0281 5992 gagp30kx - ok 12:40:28.0324 5992 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 12:40:28.0370 5992 gpsvc - ok 12:40:28.0489 5992 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9e9c75b191954 C:\Program Files\Google\Update\GoogleUpdate.exe 12:40:28.0497 5992 gupdate1c9e9c75b191954 - ok 12:40:28.0506 5992 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 12:40:28.0512 5992 gupdatem - ok 12:40:28.0548 5992 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 12:40:28.0575 5992 hamachi - ok 12:40:28.0687 5992 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc D:\Program Files\LogMeIn Hamachi\hamachi-2.exe 12:40:28.0739 5992 Hamachi2Svc - ok 12:40:28.0812 5992 [ D95554949082FD29A04D351B58396718 ] hardlock C:\Windows\system32\drivers\hardlock.sys 12:40:28.0927 5992 hardlock - ok 12:40:28.0965 5992 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\Windows\system32\drivers\Haspnt.sys 12:40:28.0970 5992 Haspnt ( UnsignedFile.Multi.Generic ) - warning 12:40:28.0970 5992 Haspnt - detected UnsignedFile.Multi.Generic (1) 12:40:28.0981 5992 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:40:29.0018 5992 hcw85cir - ok 12:40:29.0050 5992 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:40:29.0115 5992 HdAudAddService - ok 12:40:29.0141 5992 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 12:40:29.0166 5992 HDAudBus - ok 12:40:29.0189 5992 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 12:40:29.0215 5992 HidBatt - ok 12:40:29.0237 5992 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 12:40:29.0267 5992 HidBth - ok 12:40:29.0294 5992 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 12:40:29.0324 5992 HidIr - ok 12:40:29.0353 5992 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll 12:40:29.0391 5992 hidserv - ok 12:40:29.0453 5992 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:40:29.0520 5992 HidUsb - ok 12:40:29.0550 5992 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:40:29.0591 5992 hkmsvc - ok 12:40:29.0616 5992 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:40:29.0684 5992 HomeGroupListener - ok 12:40:29.0732 5992 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:40:29.0748 5992 HomeGroupProvider - ok 12:40:29.0807 5992 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:40:29.0817 5992 HpSAMD - ok 12:40:29.0848 5992 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:40:29.0899 5992 HTTP - ok 12:40:29.0917 5992 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:40:29.0925 5992 hwpolicy - ok 12:40:29.0947 5992 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 12:40:29.0974 5992 i8042prt - ok 12:40:30.0001 5992 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:40:30.0016 5992 iaStorV - ok 12:40:30.0097 5992 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 12:40:30.0105 5992 IDriverT ( UnsignedFile.Multi.Generic ) - warning 12:40:30.0105 5992 IDriverT - detected UnsignedFile.Multi.Generic (1) 12:40:30.0185 5992 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:40:30.0214 5992 idsvc - ok 12:40:30.0243 5992 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 12:40:30.0252 5992 iirsp - ok 12:40:30.0295 5992 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 12:40:30.0338 5992 IKEEXT - ok 12:40:30.0500 5992 [ 0DBEF9CD5A2CD71240DD5AFCEE56D073 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 12:40:30.0605 5992 IntcAzAudAddService - ok 12:40:30.0620 5992 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 12:40:30.0629 5992 intelide - ok 12:40:30.0640 5992 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:40:30.0664 5992 intelppm - ok 12:40:30.0693 5992 [ E2C2CE489356943C1922B8353DCDAD05 ] ioatdma C:\Windows\System32\Drivers\qd26032.sys 12:40:30.0700 5992 ioatdma - ok 12:40:30.0735 5992 [ C4317DA9066EF0678DB2B68492523B38 ] ioatdma1 C:\Windows\System32\Drivers\qd16032.sys 12:40:30.0742 5992 ioatdma1 - ok 12:40:30.0755 5992 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:40:30.0796 5992 IPBusEnum - ok 12:40:30.0814 5992 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:40:30.0838 5992 IpFilterDriver - ok 12:40:30.0885 5992 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:40:30.0941 5992 iphlpsvc - ok 12:40:30.0974 5992 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:40:31.0004 5992 IPMIDRV - ok 12:40:31.0023 5992 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:40:31.0062 5992 IPNAT - ok 12:40:31.0085 5992 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:40:31.0115 5992 IRENUM - ok 12:40:31.0132 5992 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:40:31.0141 5992 isapnp - ok 12:40:31.0171 5992 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:40:31.0183 5992 iScsiPrt - ok 12:40:31.0221 5992 [ 2247354A4D999C9CBB4D61B2A27576B9 ] iSSetup C:\Windows\system32\DRIVERS\iSSetup.sys 12:40:31.0298 5992 iSSetup - ok 12:40:31.0325 5992 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 12:40:31.0335 5992 kbdclass - ok 12:40:31.0352 5992 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 12:40:31.0378 5992 kbdhid - ok 12:40:31.0458 5992 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe 12:40:31.0471 5992 KeyIso - ok 12:40:31.0504 5992 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:40:31.0514 5992 KSecDD - ok 12:40:31.0545 5992 [ C1F278A8151CACEB89BADAF336E37740 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:40:31.0556 5992 KSecPkg - ok 12:40:31.0597 5992 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 12:40:31.0662 5992 KtmRm - ok 12:40:31.0691 5992 [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys 12:40:31.0717 5992 L1E - ok 12:40:31.0764 5992 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\Windows\System32\srvsvc.dll 12:40:31.0794 5992 LanmanServer - ok 12:40:31.0824 5992 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:40:31.0853 5992 LanmanWorkstation - ok 12:40:31.0864 5992 LBTServ - ok 12:40:31.0902 5992 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys 12:40:31.0909 5992 LGBusEnum - ok 12:40:31.0942 5992 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys 12:40:31.0949 5992 LGVirHid - ok 12:40:31.0985 5992 [ B68309F25C5787385DA842EB5B496958 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 12:40:31.0992 5992 LHidFilt - ok 12:40:32.0020 5992 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:40:32.0061 5992 lltdio - ok 12:40:32.0097 5992 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:40:32.0141 5992 lltdsvc - ok 12:40:32.0162 5992 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 12:40:32.0201 5992 lmhosts - ok 12:40:32.0305 5992 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe 12:40:32.0317 5992 LMIGuardianSvc - ok 12:40:32.0398 5992 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo D:\Program Files\LogMeIn\x86\RaInfo.sys 12:40:32.0440 5992 LMIInfo - ok 12:40:32.0472 5992 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint D:\Program Files\LogMeIn\x86\RaMaint.exe 12:40:32.0480 5992 LMIMaint - ok 12:40:32.0525 5992 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys 12:40:32.0532 5992 lmimirr - ok 12:40:32.0537 5992 LMIRfsClientNP - ok 12:40:32.0560 5992 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 12:40:32.0567 5992 LMIRfsDriver - ok 12:40:32.0579 5992 [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 12:40:32.0585 5992 LMouFilt - ok 12:40:32.0649 5992 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn D:\Program Files\LogMeIn\x86\LogMeIn.exe 12:40:32.0661 5992 LogMeIn - ok 12:40:32.0722 5992 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 12:40:32.0732 5992 LSI_FC - ok 12:40:32.0752 5992 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 12:40:32.0762 5992 LSI_SAS - ok 12:40:32.0772 5992 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 12:40:32.0782 5992 LSI_SAS2 - ok 12:40:32.0795 5992 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 12:40:32.0805 5992 LSI_SCSI - ok 12:40:32.0817 5992 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 12:40:32.0857 5992 luafv - ok 12:40:32.0887 5992 [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 12:40:32.0894 5992 LUsbFilt - ok 12:40:32.0925 5992 [ 71FB2C9D23E62D42F7A8AF56E5DD8414 ] mapledxp C:\Windows\System32\drivers\mapledxp.SYS 12:40:32.0945 5992 mapledxp ( UnsignedFile.Multi.Generic ) - warning 12:40:32.0946 5992 mapledxp - detected UnsignedFile.Multi.Generic (1) 12:40:33.0011 5992 [ C049EF30ACE3E2BEEBC41E37FE4BB2A1 ] maya70docserver G:\Program Files\Alias\Maya7.0\docs\wrapper.exe 12:40:33.0030 5992 maya70docserver ( UnsignedFile.Multi.Generic ) - warning 12:40:33.0030 5992 maya70docserver - detected UnsignedFile.Multi.Generic (1) 12:40:33.0061 5992 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys 12:40:33.0080 5992 mcdbus ( UnsignedFile.Multi.Generic ) - warning 12:40:33.0080 5992 mcdbus - detected UnsignedFile.Multi.Generic (1) 12:40:33.0095 5992 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 12:40:33.0104 5992 megasas - ok 12:40:33.0120 5992 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 12:40:33.0133 5992 MegaSR - ok 12:40:33.0251 5992 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2010_32 C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe 12:40:33.0274 5992 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - warning 12:40:33.0274 5992 mi-raysat_3dsmax2010_32 - detected UnsignedFile.Multi.Generic (1) 12:40:33.0350 5992 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 12:40:33.0366 5992 Microsoft Office Groove Audit Service - ok 12:40:33.0418 5992 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 12:40:33.0475 5992 MMCSS - ok 12:40:33.0492 5992 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 12:40:33.0517 5992 Modem - ok 12:40:33.0525 5992 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:40:33.0550 5992 monitor - ok 12:40:33.0572 5992 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:40:33.0582 5992 mouclass - ok 12:40:33.0610 5992 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:40:33.0634 5992 mouhid - ok 12:40:33.0652 5992 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:40:33.0662 5992 mountmgr - ok 12:40:33.0724 5992 [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 12:40:33.0734 5992 MozillaMaintenance - ok 12:40:33.0748 5992 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys 12:40:33.0759 5992 mpio - ok 12:40:33.0769 5992 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:40:33.0803 5992 mpsdrv - ok 12:40:33.0851 5992 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 12:40:33.0893 5992 MpsSvc - ok 12:40:33.0903 5992 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:40:33.0918 5992 MRxDAV - ok 12:40:33.0956 5992 [ 9E5DD4EF01AED723ABF5342EF23FF012 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:40:33.0985 5992 mrxsmb - ok 12:40:34.0001 5992 [ 6532ACBF612A8D340EF9E25E4FEF21EE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:40:34.0032 5992 mrxsmb10 - ok 12:40:34.0052 5992 [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:40:34.0076 5992 mrxsmb20 - ok 12:40:34.0090 5992 [ BB14A640E7F234F260D1AA19A60CF960 ] msahci C:\Windows\system32\drivers\msahci.sys 12:40:34.0122 5992 msahci - ok 12:40:34.0158 5992 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:40:34.0169 5992 msdsm - ok 12:40:34.0185 5992 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 12:40:34.0212 5992 MSDTC - ok 12:40:34.0234 5992 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:40:34.0257 5992 Msfs - ok 12:40:34.0267 5992 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:40:34.0302 5992 mshidkmdf - ok 12:40:34.0319 5992 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:40:34.0328 5992 msisadrv - ok 12:40:34.0371 5992 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:40:34.0456 5992 MSiSCSI - ok 12:40:34.0462 5992 msiserver - ok 12:40:34.0484 5992 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:40:34.0519 5992 MSKSSRV - ok 12:40:34.0565 5992 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:40:34.0605 5992 MSPCLOCK - ok 12:40:34.0620 5992 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:40:34.0661 5992 MSPQM - ok 12:40:34.0684 5992 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:40:34.0696 5992 MsRPC - ok 12:40:34.0733 5992 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 12:40:34.0742 5992 mssmbios - ok 12:40:34.0801 5992 MSSQL$SQLEXPRESS - ok 12:40:34.0882 5992 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 12:40:34.0910 5992 MSSQLServerADHelper100 - ok 12:40:34.0915 5992 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:40:34.0938 5992 MSTEE - ok 12:40:34.0952 5992 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 12:40:34.0975 5992 MTConfig - ok 12:40:35.0027 5992 [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 12:40:35.0084 5992 MTsensor - ok 12:40:35.0099 5992 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 12:40:35.0108 5992 Mup - ok 12:40:35.0150 5992 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 12:40:35.0204 5992 napagent - ok 12:40:35.0246 5992 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:40:35.0281 5992 NativeWifiP - ok 12:40:35.0311 5992 [ 779E9149D3662ED6BEB58A67E3C775F4 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:40:35.0341 5992 NDIS - ok 12:40:35.0369 5992 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:40:35.0467 5992 NdisCap - ok 12:40:35.0489 5992 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:40:35.0513 5992 NdisTapi - ok 12:40:35.0529 5992 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:40:35.0553 5992 Ndisuio - ok 12:40:35.0567 5992 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:40:35.0602 5992 NdisWan - ok 12:40:35.0626 5992 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:40:35.0650 5992 NDProxy - ok 12:40:35.0663 5992 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:40:35.0687 5992 NetBIOS - ok 12:40:35.0698 5992 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:40:35.0739 5992 NetBT - ok 12:40:35.0758 5992 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe 12:40:35.0771 5992 Netlogon - ok 12:40:35.0822 5992 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 12:40:35.0879 5992 Netman - ok 12:40:35.0938 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:40:35.0980 5992 NetMsmqActivator - ok 12:40:35.0995 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:40:36.0002 5992 NetPipeActivator - ok 12:40:36.0024 5992 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 12:40:36.0078 5992 netprofm - ok 12:40:36.0095 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:40:36.0103 5992 NetTcpActivator - ok 12:40:36.0108 5992 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:40:36.0117 5992 NetTcpPortSharing - ok 12:40:36.0137 5992 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 12:40:36.0147 5992 nfrd960 - ok 12:40:36.0164 5992 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 12:40:36.0194 5992 NlaSvc - ok 12:40:36.0268 5992 [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll 12:40:36.0275 5992 nosGetPlusHelper - ok 12:40:36.0293 5992 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:40:36.0326 5992 Npfs - ok 12:40:36.0352 5992 npggsvc - ok 12:40:36.0425 5992 [ BBC47A2E02BE7DEAA8ED514AAB4F1FAF ] NPPTNT2 C:\Windows\system32\npptNT2.sys 12:40:36.0457 5992 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning 12:40:36.0457 5992 NPPTNT2 - detected UnsignedFile.Multi.Generic (1) 12:40:36.0479 5992 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 12:40:36.0505 5992 nsi - ok 12:40:36.0510 5992 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:40:36.0548 5992 nsiproxy - ok 12:40:36.0597 5992 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:40:36.0640 5992 Ntfs - ok 12:40:36.0679 5992 nTuneService - ok 12:40:36.0691 5992 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 12:40:36.0715 5992 Null - ok 12:40:36.0921 5992 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:40:37.0200 5992 nvlddmkm - ok 12:40:37.0242 5992 [ 9CE1B0E5CFA8223CEC3BE1C7616E9F63 ] NVR0Dev C:\Windows\nvoclock.sys 12:40:37.0263 5992 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning 12:40:37.0263 5992 NVR0Dev - detected UnsignedFile.Multi.Generic (1) 12:40:37.0313 5992 [ A73F918EC995DDDBFB0D0CF1F546089A ] NVR0FLASHDev C:\Windows\nvflash.sys 12:40:37.0320 5992 NVR0FLASHDev - ok 12:40:37.0336 5992 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:40:37.0347 5992 nvraid - ok 12:40:37.0360 5992 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:40:37.0410 5992 nvstor - ok 12:40:37.0468 5992 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe 12:40:37.0496 5992 nvsvc - ok 12:40:37.0582 5992 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:40:37.0625 5992 nvUpdatusService - ok 12:40:37.0640 5992 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:40:37.0651 5992 nv_agp - ok 12:40:37.0663 5992 [ 908593EAC1FFE529FE760B0A378B3600 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys 12:40:37.0670 5992 O2MDRDR - ok 12:40:37.0683 5992 [ E5E4F48A17CDD4683936B06563BA1C51 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys 12:40:37.0690 5992 O2SDRDR - ok 12:40:37.0784 5992 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 12:40:37.0799 5992 odserv - ok 12:40:37.0816 5992 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:40:37.0851 5992 ohci1394 - ok 12:40:37.0892 5992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:40:37.0902 5992 ose - ok 12:40:37.0947 5992 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:40:38.0011 5992 p2pimsvc - ok 12:40:38.0045 5992 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 12:40:38.0084 5992 p2psvc - ok 12:40:38.0134 5992 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys 12:40:38.0158 5992 Parport - ok 12:40:38.0176 5992 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:40:38.0186 5992 partmgr - ok 12:40:38.0199 5992 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys 12:40:38.0227 5992 Parvdm - ok 12:40:38.0248 5992 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:40:38.0267 5992 PcaSvc - ok 12:40:38.0281 5992 [ 80A4748A0304715C29093311795AC448 ] pci C:\Windows\system32\drivers\pci.sys 12:40:38.0292 5992 pci - ok 12:40:38.0305 5992 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 12:40:38.0314 5992 pciide - ok 12:40:38.0330 5992 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 12:40:38.0342 5992 pcmcia - ok 12:40:38.0356 5992 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 12:40:38.0365 5992 pcw - ok 12:40:38.0449 5992 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:40:38.0502 5992 PEAUTH - ok 12:40:38.0539 5992 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 12:40:38.0619 5992 PeerDistSvc - ok 12:40:38.0667 5992 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 12:40:38.0732 5992 pla - ok 12:40:38.0766 5992 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:40:38.0818 5992 PlugPlay - ok 12:40:38.0869 5992 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe 12:40:38.0880 5992 PnkBstrA - ok 12:40:38.0893 5992 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:40:38.0924 5992 PNRPAutoReg - ok 12:40:38.0947 5992 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:40:38.0964 5992 PNRPsvc - ok 12:40:39.0001 5992 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:40:39.0046 5992 PolicyAgent - ok 12:40:39.0071 5992 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 12:40:39.0100 5992 Power - ok 12:40:39.0119 5992 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:40:39.0159 5992 PptpMiniport - ok 12:40:39.0182 5992 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 12:40:39.0195 5992 Processor - ok 12:40:39.0241 5992 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll 12:40:39.0270 5992 ProfSvc - ok 12:40:39.0283 5992 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe 12:40:39.0312 5992 ProtectedStorage - ok 12:40:39.0358 5992 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:40:39.0412 5992 Psched - ok 12:40:39.0473 5992 [ BCF8D075FAD718FEA8EF6E281331A56E ] PStrip C:\Windows\system32\drivers\pstrip.sys 12:40:39.0481 5992 PStrip - ok 12:40:39.0519 5992 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 12:40:39.0564 5992 ql2300 - ok 12:40:39.0581 5992 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 12:40:39.0591 5992 ql40xx - ok 12:40:39.0609 5992 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 12:40:39.0653 5992 QWAVE - ok 12:40:39.0671 5992 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:40:39.0685 5992 QWAVEdrv - ok 12:40:39.0700 5992 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:40:39.0736 5992 RasAcd - ok 12:40:39.0769 5992 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:40:39.0793 5992 RasAgileVpn - ok 12:40:39.0802 5992 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 12:40:39.0830 5992 RasAuto - ok 12:40:39.0848 5992 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:40:39.0892 5992 Rasl2tp - ok 12:40:39.0954 5992 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 12:40:40.0034 5992 RasMan - ok 12:40:40.0066 5992 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:40:40.0102 5992 RasPppoe - ok 12:40:40.0119 5992 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:40:40.0160 5992 RasSstp - ok 12:40:40.0181 5992 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:40:40.0228 5992 rdbss - ok 12:40:40.0282 5992 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 12:40:40.0295 5992 rdpbus - ok 12:40:40.0304 5992 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:40:40.0327 5992 RDPCDD - ok 12:40:40.0350 5992 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 12:40:40.0436 5992 RDPDR - ok 12:40:40.0474 5992 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:40:40.0498 5992 RDPENCDD - ok 12:40:40.0509 5992 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:40:40.0545 5992 RDPREFMP - ok 12:40:40.0560 5992 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:40:40.0599 5992 RDPWD - ok 12:40:40.0618 5992 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:40:40.0629 5992 rdyboost - ok 12:40:40.0665 5992 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 12:40:40.0708 5992 RemoteAccess - ok 12:40:40.0741 5992 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:40:40.0769 5992 RemoteRegistry - ok 12:40:40.0805 5992 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 12:40:40.0846 5992 rimmptsk - ok 12:40:40.0861 5992 [ AF213955C4D952C914620E8DB0CD0CF7 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys 12:40:40.0913 5992 rimspci - ok 12:40:40.0935 5992 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 12:40:40.0978 5992 rimsptsk - ok 12:40:40.0995 5992 [ 6978DECC2C38C5CE10A8B0F2B12F4451 ] risdpcie C:\Windows\system32\DRIVERS\risdpe86.sys 12:40:41.0037 5992 risdpcie - ok 12:40:41.0061 5992 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys 12:40:41.0081 5992 rismxdp - ok 12:40:41.0096 5992 [ 764C1F3453E779724BA647327DE7DDD4 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys 12:40:41.0115 5992 rixdpcie - ok 12:40:41.0133 5992 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:40:41.0169 5992 RpcEptMapper - ok 12:40:41.0205 5992 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 12:40:41.0220 5992 RpcLocator - ok 12:40:41.0236 5992 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\System32\rpcss.dll 12:40:41.0266 5992 RpcSs - ok 12:40:41.0305 5992 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys 12:40:41.0316 5992 RsFx0103 - ok 12:40:41.0351 5992 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:40:41.0376 5992 rspndr - ok 12:40:41.0440 5992 [ 83F7A29B659771E60CD71999EF57AA0C ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 12:40:41.0467 5992 RSUSBSTOR - ok 12:40:41.0509 5992 [ 25C91EE1BE0C0CFA79696A2D0B47AA43 ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys 12:40:41.0578 5992 RTL8187 - ok 12:40:41.0607 5992 [ 702A60ACC6C067CC3F688C801A1F76E1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 12:40:41.0674 5992 RTSTOR - ok 12:40:41.0730 5992 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 12:40:41.0783 5992 s3cap - ok 12:40:41.0792 5992 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe 12:40:41.0805 5992 SamSs - ok 12:40:41.0863 5992 [ 0E5A3D6B8362D7B44DBF56ACD2C090CE ] SbieDrv D:\Program Files\Sandboxie\SbieDrv.sys 12:40:41.0873 5992 SbieDrv - ok 12:40:41.0901 5992 [ DE28C8DE65E2E166D1983BDDCE87FBCE ] SbieSvc D:\Program Files\Sandboxie\SbieSvc.exe 12:40:41.0908 5992 SbieSvc - ok 12:40:41.0926 5992 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:40:41.0936 5992 sbp2port - ok 12:40:41.0972 5992 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:40:42.0001 5992 SCardSvr - ok 12:40:42.0016 5992 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:40:42.0055 5992 scfilter - ok 12:40:42.0088 5992 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll 12:40:42.0141 5992 Schedule - ok 12:40:42.0174 5992 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 12:40:42.0198 5992 SCPolicySvc - ok 12:40:42.0212 5992 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:40:42.0262 5992 SDRSVC - ok 12:40:42.0348 5992 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 12:40:42.0359 5992 SeaPort - ok 12:40:42.0399 5992 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 12:40:42.0461 5992 seclogon - ok 12:40:42.0490 5992 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll 12:40:42.0518 5992 SENS - ok 12:40:42.0531 5992 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:40:42.0578 5992 SensrSvc - ok 12:40:42.0638 5992 [ 8627C992B8A80504FC477B2E8FF8EC4F ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS 12:40:42.0644 5992 Sentinel ( UnsignedFile.Multi.Generic ) - warning 12:40:42.0644 5992 Sentinel - detected UnsignedFile.Multi.Generic (1) 12:40:42.0680 5992 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:40:42.0692 5992 Serenum - ok 12:40:42.0703 5992 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:40:42.0715 5992 Serial - ok 12:40:42.0741 5992 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 12:40:42.0771 5992 sermouse - ok 12:40:42.0805 5992 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 12:40:42.0848 5992 SessionEnv - ok 12:40:42.0853 5992 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:40:42.0899 5992 sffdisk - ok 12:40:42.0904 5992 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:40:42.0915 5992 sffp_mmc - ok 12:40:42.0920 5992 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:40:42.0932 5992 sffp_sd - ok 12:40:42.0947 5992 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 12:40:42.0972 5992 sfloppy - ok 12:40:43.0036 5992 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:40:43.0077 5992 SharedAccess - ok 12:40:43.0105 5992 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:40:43.0153 5992 ShellHWDetection - ok 12:40:43.0171 5992 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 12:40:43.0181 5992 sisagp - ok 12:40:43.0207 5992 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 12:40:43.0217 5992 SiSRaid2 - ok 12:40:43.0234 5992 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 12:40:43.0244 5992 SiSRaid4 - ok 12:40:43.0256 5992 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:40:43.0292 5992 Smb - ok 12:40:43.0348 5992 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:40:43.0382 5992 SNMPTRAP - ok 12:40:43.0470 5992 [ 87F799C486302ACEFF098E067D481D9C ] Sntnlusb C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 12:40:43.0475 5992 Sntnlusb ( UnsignedFile.Multi.Generic ) - warning 12:40:43.0475 5992 Sntnlusb - detected UnsignedFile.Multi.Generic (1) 12:40:43.0514 5992 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 12:40:43.0523 5992 spldr - ok 12:40:43.0568 5992 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe 12:40:43.0598 5992 Spooler - ok 12:40:43.0663 5992 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 12:40:43.0773 5992 sppsvc - ok 12:40:43.0795 5992 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:40:43.0834 5992 sppuinotify - ok 12:40:43.0872 5992 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys 12:40:43.0901 5992 sptd - ok 12:40:43.0933 5992 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 12:40:43.0981 5992 SQLAgent$SQLEXPRESS - ok 12:40:44.0037 5992 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 12:40:44.0048 5992 SQLBrowser - ok 12:40:44.0094 5992 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 12:40:44.0102 5992 SQLWriter - ok 12:40:44.0133 5992 [ 50A83CA406C808BD35AC9141A0C7618F ] srv C:\Windows\system32\DRIVERS\srv.sys 12:40:44.0173 5992 srv - ok 12:40:44.0190 5992 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:40:44.0234 5992 srv2 - ok 12:40:44.0255 5992 [ BD1433A32792FD0DC450479094FC435A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:40:44.0278 5992 srvnet - ok 12:40:44.0311 5992 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:40:44.0340 5992 SSDPSRV - ok 12:40:44.0348 5992 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:40:44.0393 5992 SstpSvc - ok 12:40:44.0423 5992 StarOpen - ok 12:40:44.0473 5992 Steam Client Service - ok 12:40:44.0519 5992 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 12:40:44.0532 5992 Stereo Service - ok 12:40:44.0548 5992 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 12:40:44.0557 5992 stexstor - ok 12:40:44.0601 5992 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 12:40:44.0643 5992 StiSvc - ok 12:40:44.0670 5992 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\drivers\vmstorfl.sys 12:40:44.0679 5992 storflt - ok 12:40:44.0692 5992 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\drivers\storvsc.sys 12:40:44.0702 5992 storvsc - ok 12:40:44.0712 5992 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 12:40:44.0721 5992 swenum - ok 12:40:44.0829 5992 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 12:40:44.0856 5992 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 12:40:44.0856 5992 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 12:40:44.0876 5992 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 12:40:44.0934 5992 swprv - ok 12:40:44.0984 5992 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 12:40:45.0043 5992 SysMain - ok 12:40:45.0083 5992 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:40:45.0126 5992 TabletInputService - ok 12:40:45.0166 5992 [ B7AEE68D2E867CBF69B649B18FCEDBBB ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys 12:40:45.0203 5992 tap0901t ( UnsignedFile.Multi.Generic ) - warning 12:40:45.0203 5992 tap0901t - detected UnsignedFile.Multi.Generic (1) 12:40:45.0223 5992 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 12:40:45.0277 5992 TapiSrv - ok 12:40:45.0300 5992 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 12:40:45.0338 5992 TBS - ok 12:40:45.0440 5992 [ A1EDFAE89BC8956C925B99950E3558AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:40:45.0484 5992 Tcpip - ok 12:40:45.0508 5992 [ A1EDFAE89BC8956C925B99950E3558AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:40:45.0533 5992 TCPIP6 - ok 12:40:45.0569 5992 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:40:45.0615 5992 tcpipreg - ok 12:40:45.0640 5992 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:40:45.0681 5992 TDPIPE - ok 12:40:45.0700 5992 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:40:45.0723 5992 TDTCP - ok 12:40:45.0749 5992 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:40:45.0788 5992 tdx - ok 12:40:45.0809 5992 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 12:40:45.0818 5992 TermDD - ok 12:40:45.0837 5992 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 12:40:45.0879 5992 TermService - ok 12:40:45.0913 5992 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 12:40:45.0943 5992 Themes - ok 12:40:45.0960 5992 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 12:40:45.0987 5992 THREADORDER - ok 12:40:46.0000 5992 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 12:40:46.0044 5992 TrkWks - ok 12:40:46.0095 5992 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:40:46.0109 5992 TrustedInstaller - ok 12:40:46.0123 5992 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:40:46.0147 5992 tssecsrv - ok 12:40:46.0158 5992 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:40:46.0183 5992 tunnel - ok 12:40:46.0271 5992 [ F8302E3E534AF5E3F2588A974BEA80DF ] TunngleService G:\Program Files\Tunngle\TnglCtrl.exe 12:40:46.0317 5992 TunngleService ( UnsignedFile.Multi.Generic ) - warning 12:40:46.0317 5992 TunngleService - detected UnsignedFile.Multi.Generic (1) 12:40:46.0336 5992 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 12:40:46.0346 5992 uagp35 - ok 12:40:46.0366 5992 [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:40:46.0477 5992 udfs - ok 12:40:46.0497 5992 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:40:46.0530 5992 UI0Detect - ok 12:40:46.0565 5992 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:40:46.0575 5992 uliagpkx - ok 12:40:46.0599 5992 [ 71BBF3E8078D585ABF27411A8986EB95 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 12:40:46.0628 5992 umbus - ok 12:40:46.0657 5992 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys 12:40:46.0678 5992 UmPass - ok 12:40:46.0700 5992 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll 12:40:46.0719 5992 UmRdpService - ok 12:40:46.0761 5992 UpdateCenterService - ok 12:40:46.0773 5992 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 12:40:46.0823 5992 upnphost - ok 12:40:46.0875 5992 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 12:40:46.0907 5992 usbaudio - ok 12:40:46.0924 5992 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:40:46.0970 5992 usbccgp - ok 12:40:46.0986 5992 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:40:47.0000 5992 usbcir - ok 12:40:47.0013 5992 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:40:47.0040 5992 usbehci - ok 12:40:47.0063 5992 [ 0DB84EDA895894BA222E27ACF597C806 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:40:47.0080 5992 usbhub - ok 12:40:47.0095 5992 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:40:47.0107 5992 usbohci - ok 12:40:47.0112 5992 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys 12:40:47.0141 5992 usbprint - ok 12:40:47.0160 5992 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:40:47.0181 5992 USBSTOR - ok 12:40:47.0198 5992 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 12:40:47.0210 5992 usbuhci - ok 12:40:47.0255 5992 [ 524D8D450622DB4A7875B111C299A76B ] utqymjgy C:\Windows\system32\Drivers\utqymjgy.sys 12:40:47.0281 5992 utqymjgy ( UnsignedFile.Multi.Generic ) - warning 12:40:47.0281 5992 utqymjgy - detected UnsignedFile.Multi.Generic (1) 12:40:47.0318 5992 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 12:40:47.0346 5992 UxSms - ok 12:40:47.0463 5992 [ 004415A34B5DC881EAEFB860C4B22C24 ] V0510Dev C:\Windows\system32\DRIVERS\V0510Vid.sys 12:40:47.0524 5992 V0510Dev - ok 12:40:47.0562 5992 [ 86326062A90494BDD79CE383511D7D69 ] V0510Vfx C:\Windows\system32\DRIVERS\V0510Vfx.sys 12:40:47.0582 5992 V0510Vfx - ok 12:40:47.0587 5992 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe 12:40:47.0600 5992 VaultSvc - ok 12:40:47.0621 5992 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:40:47.0631 5992 vdrvroot - ok 12:40:47.0649 5992 [ 03E73018549D1A2906E6356FE3BD31D4 ] vds C:\Windows\System32\vds.exe 12:40:47.0714 5992 vds - ok 12:40:47.0733 5992 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:40:47.0764 5992 vga - ok 12:40:47.0781 5992 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 12:40:47.0805 5992 VgaSave - ok 12:40:47.0827 5992 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:40:47.0839 5992 vhdmp - ok 12:40:47.0871 5992 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 12:40:47.0881 5992 viaagp - ok 12:40:47.0893 5992 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 12:40:47.0922 5992 ViaC7 - ok 12:40:47.0937 5992 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 12:40:47.0947 5992 viaide - ok 12:40:47.0984 5992 [ E2D93ECD5A0F3BFBA99D023074C73F6A ] vm3dmp C:\Windows\system32\DRIVERS\vm3dmp.sys 12:40:47.0992 5992 vm3dmp - ok 12:40:47.0998 5992 VMAUDIO - ok 12:40:48.0018 5992 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\drivers\vmbus.sys 12:40:48.0031 5992 vmbus - ok 12:40:48.0042 5992 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 12:40:48.0053 5992 VMBusHID - ok 12:40:48.0058 5992 vmci - ok 12:40:48.0091 5992 [ E41FEF9E3056FE88C71E411F705BE41E ] vmm C:\Windows\system32\Drivers\vmm.sys 12:40:48.0102 5992 vmm - ok 12:40:48.0124 5992 [ 17CD671136032E3A202B4A9C6C4C9DBA ] vmmouse C:\Windows\system32\DRIVERS\vmmouse.sys 12:40:48.0130 5992 vmmouse - ok 12:40:48.0150 5992 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:40:48.0160 5992 volmgr - ok 12:40:48.0173 5992 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:40:48.0187 5992 volmgrx - ok 12:40:48.0205 5992 [ 70F41D1EBDD9EE6ED2FD0FC05AA1FC13 ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:40:48.0218 5992 volsnap - ok 12:40:48.0271 5992 [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys 12:40:48.0346 5992 vpcbus - ok 12:40:48.0379 5992 [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys 12:40:48.0404 5992 vpcnfltr - ok 12:40:48.0439 5992 [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 12:40:48.0452 5992 vpcusb - ok 12:40:48.0462 5992 [ 5ED378D91E32134F3C0B3810860FFD71 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys 12:40:48.0477 5992 vpcvmm - ok 12:40:48.0499 5992 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 12:40:48.0510 5992 vsmraid - ok 12:40:48.0553 5992 [ F1BF254DC9EDA07E3A83BD111E39A350 ] VSS C:\Windows\system32\vssvc.exe 12:40:48.0632 5992 VSS - ok 12:40:48.0646 5992 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:40:48.0673 5992 vwifibus - ok 12:40:48.0710 5992 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 12:40:48.0767 5992 W32Time - ok 12:40:48.0788 5992 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 12:40:48.0800 5992 WacomPen - ok 12:40:48.0822 5992 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:40:48.0847 5992 WANARP - ok 12:40:48.0851 5992 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:40:48.0875 5992 Wanarpv6 - ok 12:40:48.0943 5992 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 12:40:48.0988 5992 WatAdminSvc - ok 12:40:49.0025 5992 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 12:40:49.0119 5992 wbengine - ok 12:40:49.0141 5992 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:40:49.0161 5992 WbioSrvc - ok 12:40:49.0179 5992 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:40:49.0227 5992 wcncsvc - ok 12:40:49.0249 5992 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:40:49.0297 5992 WcsPlugInService - ok 12:40:49.0301 5992 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 12:40:49.0311 5992 Wd - ok 12:40:49.0324 5992 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:40:49.0341 5992 Wdf01000 - ok 12:40:49.0352 5992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:40:49.0417 5992 WdiServiceHost - ok 12:40:49.0439 5992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:40:49.0457 5992 WdiSystemHost - ok 12:40:49.0478 5992 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll 12:40:49.0532 5992 WebClient - ok 12:40:49.0544 5992 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:40:49.0574 5992 Wecsvc - ok 12:40:49.0588 5992 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:40:49.0617 5992 wercplsupport - ok 12:40:49.0640 5992 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 12:40:49.0668 5992 WerSvc - ok 12:40:49.0678 5992 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:40:49.0701 5992 WfpLwf - ok 12:40:49.0706 5992 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:40:49.0716 5992 WIMMount - ok 12:40:49.0795 5992 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 12:40:49.0845 5992 WinDefend - ok 12:40:49.0899 5992 [ 9AE9E94531E5EF4BDDB8FEBCE3C244B7 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys 12:40:49.0945 5992 WinDriver6 - ok 12:40:49.0949 5992 WinHttpAutoProxySvc - ok 12:40:50.0018 5992 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:40:50.0044 5992 Winmgmt - ok 12:40:50.0094 5992 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 12:40:50.0184 5992 WinRM - ok 12:40:50.0228 5992 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 12:40:50.0281 5992 Wlansvc - ok 12:40:50.0300 5992 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:40:50.0327 5992 WmiAcpi - ok 12:40:50.0358 5992 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:40:50.0453 5992 wmiApSrv - ok 12:40:50.0487 5992 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:40:50.0529 5992 WPCSvc - ok 12:40:50.0544 5992 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:40:50.0602 5992 WPDBusEnum - ok 12:40:50.0609 5992 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:40:50.0633 5992 ws2ifsl - ok 12:40:50.0656 5992 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll 12:40:50.0690 5992 wscsvc - ok 12:40:50.0694 5992 WSearch - ok 12:40:50.0745 5992 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll 12:40:50.0809 5992 wuauserv - ok 12:40:50.0836 5992 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:40:50.0874 5992 WudfPf - ok 12:40:50.0890 5992 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:40:50.0935 5992 WUDFRd - ok 12:40:50.0961 5992 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:40:51.0002 5992 wudfsvc - ok 12:40:51.0025 5992 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 12:40:51.0069 5992 WwanSvc - ok 12:40:51.0099 5992 XDva380 - ok 12:40:51.0117 5992 ================ Scan global =============================== 12:40:51.0156 5992 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 12:40:51.0186 5992 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll 12:40:51.0203 5992 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll 12:40:51.0219 5992 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 12:40:51.0255 5992 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 12:40:51.0271 5992 [Global] - ok 12:40:51.0271 5992 ================ Scan MBR ================================== 12:40:51.0282 5992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 12:40:51.0622 5992 \Device\Harddisk1\DR1 - ok 12:40:51.0657 5992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 12:40:51.0751 5992 \Device\Harddisk0\DR0 - ok 12:40:51.0751 5992 ================ Scan VBR ================================== 12:40:51.0755 5992 [ 624ACAE55B5544EF43749DA25A00F133 ] \Device\Harddisk1\DR1\Partition1 12:40:51.0756 5992 \Device\Harddisk1\DR1\Partition1 - ok 12:40:51.0783 5992 [ D4106565A29F57682750CAD50BD2010F ] \Device\Harddisk1\DR1\Partition2 12:40:51.0784 5992 \Device\Harddisk1\DR1\Partition2 - ok 12:40:51.0815 5992 [ 64E31DC7767CA6010520FA952C46320C ] \Device\Harddisk0\DR0\Partition1 12:40:51.0817 5992 \Device\Harddisk0\DR0\Partition1 - ok 12:40:51.0818 5992 ============================================================ 12:40:51.0818 5992 Scan finished 12:40:51.0818 5992 ============================================================ 12:40:51.0831 3908 Detected object count: 20 12:40:51.0831 3908 Actual detected object count: 20 12:41:24.0905 3908 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 12:41:24.0905 3908 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 12:41:24.0907 3908 AmUStor ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0907 3908 AmUStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0909 3908 BEService ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0909 3908 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0911 3908 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0911 3908 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0913 3908 DS1410D ( ForgedFile.Multi.Generic ) - skipped by user 12:41:24.0913 3908 DS1410D ( ForgedFile.Multi.Generic ) - User select action: Skip 12:41:24.0914 3908 FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0914 3908 FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0915 3908 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0916 3908 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0917 3908 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0917 3908 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0919 3908 mapledxp ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0919 3908 mapledxp ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0920 3908 maya70docserver ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0920 3908 maya70docserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0921 3908 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0922 3908 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0924 3908 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0924 3908 mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0926 3908 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0926 3908 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0928 3908 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0928 3908 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0929 3908 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0929 3908 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0931 3908 Sntnlusb ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0931 3908 Sntnlusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0932 3908 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0932 3908 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0934 3908 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0934 3908 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0935 3908 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0935 3908 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:24.0937 3908 utqymjgy ( UnsignedFile.Multi.Generic ) - skipped by user 12:41:24.0937 3908 utqymjgy ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:41:27.0396 2932 Deinitialize success
Malwarebytes log:
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.10.10 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Administrator :: HEAVENH-B8RJ5SH [administrator] 4/10/2013 1:24:38 PM mbam-log-2013-04-10 (13-24-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM Scan options disabled: Heuristics/Shuriken | P2P Objects scanned: 284702 Time elapsed: 8 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\AirRivals_HackShield_[1.0.0.39].exe (Trojan.Qhosts) -> Quarantined and deleted successfully. C:\Windows\Installer\13128b.msi (Spyware.Agent) -> Quarantined and deleted successfully. (end)
adwCleaner log:
# AdwCleaner v2.200 - Logfile created 04/10/2013 at 14:00:48 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : Administrator - HEAVENH-B8RJ5SH # Boot Mode : Normal # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Deleted : C:\Program Files\Common Files\Software Update Utility Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\Vuze_Remote Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Viewpoint Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Vuze_Remote ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{845558FF-6824-469D-8600-574E58725EA8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\Software\Classes\Installer\Features\81337C0DA4B761D40A4CB3380F57AE88 Key Deleted : HKLM\Software\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\Software\Dealio Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40EEDDB0-D152-403E-ABB4-221FB2C63A6E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8967E956-BB68-46ED-B4F0-3C2DB4EF4BC7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8047150-2F5D-4675-84D8-EA0BC59FD399} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{845558FF-6824-469D-8600-574E58725EA8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\Software\Vuze_Remote ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v13.0 (en-US) File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\prefs.js C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qyb1rxtj.default\user.js ... Deleted ! [OK] File is clean. -\\ Opera v [Unable to get version] File : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [5806 octets] - [10/04/2013 14:00:48] ########## EOF - C:\AdwCleaner[S1].txt - [5866 octets] ##########
VEW System log:
Vino's Event Viewer v01c run on Windows 2008 in English Report run at 10/04/2013 3:59:13 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 10/04/2013 6:58:17 PM Type: Error Category: 0 Event: 7023 Source: Service Control Manager The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:58:17 PM Type: Error Category: 0 Event: 7001 Source: Service Control Manager The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:58:17 PM Type: Error Category: 0 Event: 7023 Source: Service Control Manager The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:58:17 PM Type: Error Category: 0 Event: 7001 Source: Service Control Manager The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:58:17 PM Type: Error Category: 0 Event: 102 Source: Microsoft-Windows-PNRPSvc The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801. Log: 'System' Date/Time: 10/04/2013 6:58:17 PM Type: Error Category: 0 Event: 102 Source: Microsoft-Windows-PNRPSvc The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801. Log: 'System' Date/Time: 10/04/2013 6:58:08 PM Type: Error Category: 0 Event: 7023 Source: Service Control Manager The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:58:08 PM Type: Error Category: 0 Event: 7001 Source: Service Control Manager The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:58:08 PM Type: Error Category: 0 Event: 102 Source: Microsoft-Windows-PNRPSvc The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801. Log: 'System' Date/Time: 10/04/2013 6:57:55 PM Type: Error Category: 0 Event: 10001 Source: Microsoft-Windows-DistributedCOM Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding Log: 'System' Date/Time: 10/04/2013 6:47:43 PM Type: Error Category: 0 Event: 7000 Source: Service Control Manager The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. Log: 'System' Date/Time: 10/04/2013 6:47:43 PM Type: Error Category: 0 Event: 7038 Source: Service Control Manager The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Log: 'System' Date/Time: 10/04/2013 6:45:42 PM Type: Error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: sptd Log: 'System' Date/Time: 10/04/2013 6:44:31 PM Type: Error Category: 0 Event: 3 Source: Haspnt The event description cannot be found. Log: 'System' Date/Time: 10/04/2013 6:44:28 PM Type: Error Category: 0 Event: 7000 Source: Service Control Manager The DS1410D service failed to start due to the following error: DS1410D is not a valid Win32 application. Log: 'System' Date/Time: 10/04/2013 6:44:27 PM Type: Error Category: 0 Event: 7000 Source: Service Control Manager The adfs service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 10/04/2013 6:43:32 PM Type: Error Category: 0 Event: 4 Source: sptd Driver detected an internal error in its data structures for . Log: 'System' Date/Time: 10/04/2013 6:42:48 PM Type: Error Category: 0 Event: 7023 Source: Service Control Manager The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:42:48 PM Type: Error Category: 0 Event: 7001 Source: Service Control Manager The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Log: 'System' Date/Time: 10/04/2013 6:42:48 PM Type: Error Category: 0 Event: 102 Source: Microsoft-Windows-PNRPSvc The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 10/04/2013 6:43:42 PM Type: Warning Category: 212 Event: 219 Source: Microsoft-Windows-Kernel-PnP The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001. Log: 'System' Date/Time: 10/04/2013 6:43:42 PM Type: Warning Category: 212 Event: 219 Source: Microsoft-Windows-Kernel-PnP The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000. Log: 'System' Date/Time: 10/04/2013 6:27:26 PM Type: Warning Category: 212 Event: 219 Source: Microsoft-Windows-Kernel-PnP The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001. Log: 'System' Date/Time: 10/04/2013 6:27:26 PM Type: Warning Category: 212 Event: 219 Source: Microsoft-Windows-Kernel-PnP The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.
VEW Application log:
Vino's Event Viewer v01c run on Windows 2008 in English Report run at 10/04/2013 4:02:14 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 10/04/2013 6:57:47 PM Type: Error Category: 0 Event: 4103 Source: Microsoft-Windows-Winlogon Windows license activation failed. Error 0x80070005. Log: 'Application' Date/Time: 10/04/2013 6:36:38 PM Type: Error Category: 0 Event: 4103 Source: Microsoft-Windows-Winlogon Windows license activation failed. Error 0x80070005. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 10/04/2013 6:57:47 PM Type: Warning Category: 0 Event: 4105 Source: Microsoft-Windows-Winlogon Windows is in Notification period. Log: 'Application' Date/Time: 10/04/2013 6:36:38 PM Type: Warning Category: 0 Event: 4105 Source: Microsoft-Windows-Winlogon Windows is in Notification period.
New OTL log:
OTL logfile created on: 2013/04/12 3:15:07 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd 3.25 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 45.34% Memory free 7.48 Gb Paging File | 4.93 Gb Available in Paging File | 65.89% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 22.94 Gb Free Space | 28.67% Space Free | Partition Type: NTFS Drive D: | 385.76 Gb Total Space | 15.67 Gb Free Space | 4.06% Space Free | Partition Type: NTFS Drive G: | 1863.01 Gb Total Space | 435.39 Gb Free Space | 23.37% Space Free | Partition Type: NTFS Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/03/29 16:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe PRC - [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe PRC - [2012/12/18 18:16:37 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012/12/14 16:42:22 | 000,316,360 | ---- | M] (Azureus Software, Inc) -- C:\Program Files\Vuze\Azureus.exe PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/24 09:48:45 | 000,801,792 | ---- | M] (Yuna Software) -- D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe PRC - [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2012/05/15 06:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/05/15 06:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe PRC - [2009/11/02 15:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/13 22:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files\MagicDisc\MagicDisc.exe PRC - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe PRC - [2007/12/06 22:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0510Mon.exe PRC - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe PRC - [2004/05/07 09:20:52 | 000,024,681 | ---- | M] () -- G:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/03/29 16:53:56 | 001,114,024 | ---- | M] () -- D:\Program Files\Steam\bin\chromehtml.dll MOD - [2013/03/26 21:16:40 | 020,341,672 | ---- | M] () -- D:\Program Files\Steam\bin\libcef.dll MOD - [2013/03/25 19:23:34 | 000,651,776 | ---- | M] () -- D:\Program Files\Steam\SDL2.dll MOD - [2012/12/18 18:16:37 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012/12/14 16:42:22 | 000,053,160 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll MOD - [2012/12/11 14:51:10 | 001,100,800 | ---- | M] () -- D:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012/12/11 14:51:10 | 000,192,000 | ---- | M] () -- D:\Program Files\Steam\bin\avformat-53.dll MOD - [2012/12/11 14:51:10 | 000,124,416 | ---- | M] () -- D:\Program Files\Steam\bin\avutil-51.dll MOD - [2012/07/02 23:24:14 | 000,047,880 | ---- | M] () -- G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe MOD - [2012/07/02 23:23:06 | 000,010,240 | ---- | M] () -- G:\Program Files\TortoiseHg\mercurial.osutil.pyd MOD - [2012/06/08 21:58:17 | 002,042,848 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012/04/10 23:31:56 | 000,074,240 | ---- | M] () -- G:\Program Files\TortoiseHg\_ctypes.pyd MOD - [2012/02/13 12:15:42 | 000,228,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32com.shell.shell.pyd MOD - [2012/02/13 12:14:40 | 000,330,240 | ---- | M] () -- G:\Program Files\TortoiseHg\pythoncom27.dll MOD - [2012/02/13 12:14:08 | 000,164,864 | ---- | M] () -- G:\Program Files\TortoiseHg\win32gui.pyd MOD - [2012/02/13 12:14:06 | 000,096,256 | ---- | M] () -- G:\Program Files\TortoiseHg\win32api.pyd MOD - [2012/02/13 12:14:00 | 000,107,520 | ---- | M] () -- G:\Program Files\TortoiseHg\win32security.pyd MOD - [2012/02/13 12:13:58 | 000,035,328 | ---- | M] () -- G:\Program Files\TortoiseHg\win32process.pyd MOD - [2012/02/13 12:13:56 | 000,023,040 | ---- | M] () -- G:\Program Files\TortoiseHg\win32pipe.pyd MOD - [2012/02/13 12:13:52 | 000,017,920 | ---- | M] () -- G:\Program Files\TortoiseHg\win32event.pyd MOD - [2012/02/13 12:13:50 | 000,110,080 | ---- | M] () -- G:\Program Files\TortoiseHg\win32file.pyd MOD - [2012/02/13 12:13:44 | 000,104,960 | ---- | M] () -- G:\Program Files\TortoiseHg\pywintypes27.dll MOD - [2011/12/25 16:54:57 | 000,028,160 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- D:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV - [2013/03/26 02:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/03/25 16:56:45 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013/02/05 17:05:56 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2012/12/10 18:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/11/08 22:09:41 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint) SRV - [2012/11/08 22:09:27 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/08 21:58:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2012/06/01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- G:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012/05/15 07:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/10/23 17:07:34 | 000,630,784 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- G:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server) SRV - [2011/04/20 20:10:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010/11/25 08:32:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/02 14:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/02/03 07:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32) SRV - [2008/08/18 08:58:08 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2008/08/01 11:11:10 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2004/07/16 22:26:44 | 000,126,976 | ---- | M] () [Auto | Running] -- G:\Program Files\Alias\Maya7.0\docs\wrapper.exe -- (maya70docserver) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\vmaudio.sys -- (VMAUDIO) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2012/11/08 22:09:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2012/10/30 20:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/30 20:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/30 20:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/30 20:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/10/30 20:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/10/15 13:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2012/05/15 07:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012/05/04 12:41:54 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2012/05/04 12:41:53 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2012/03/06 12:41:42 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) DRV - [2011/06/14 14:26:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010/11/06 14:21:39 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\utqymjgy.sys -- (utqymjgy) DRV - [2010/03/18 06:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2010/03/18 06:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010/03/18 06:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010/02/18 20:21:32 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2010/02/03 07:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010/01/25 17:20:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/01/17 18:43:00 | 000,196,064 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009/11/02 15:12:29 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009/11/02 15:12:29 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009/11/02 15:12:29 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009/11/02 15:12:29 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009/10/21 17:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse) DRV - [2009/10/21 17:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp) DRV - [2009/09/22 12:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) DRV - [2009/08/21 09:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor) DRV - [2009/08/04 07:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSSetup.sys -- (iSSetup) DRV - [2009/07/26 19:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2009/07/26 19:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 19:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2009/07/04 13:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009/07/02 03:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009/06/30 14:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009/06/25 11:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009/06/25 11:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009/03/19 07:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/08/18 09:00:00 | 000,029,952 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev) DRV - [2008/08/01 11:08:28 | 000,036,640 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev) DRV - [2008/06/27 01:10:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187) DRV - [2008/04/07 22:00:00 | 000,254,080 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vid.sys -- (V0510Dev) DRV - [2008/01/18 01:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd26032.sys -- (ioatdma) DRV - [2008/01/18 01:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qd16032.sys -- (ioatdma1) DRV - [2007/07/14 22:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip) DRV - [2007/03/05 07:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0510Vfx.sys -- (V0510Vfx) DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2006/10/18 02:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/04/05 11:44:42 | 000,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) [Kernel | System | Running] -- C:\Windows\System32\drivers\mapledxp.sys -- (mapledxp) DRV - [2001/06/21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel) DRV - [2001/06/21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb) DRV - [1998/07/10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/news IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{06DD5559-5502-41C4-A464-F72A860EE5A2}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{16CC4F96-01D5-4A58-9AF7-BAEB60E44E84}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{72433522-8F91-4F01-9072-80790C26725F}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 09:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/06/08 21:58:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/16 21:44:16 | 000,000,000 | ---D | M] [2010/11/24 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/02 22:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} O1 HOSTS File: ([2013/04/09 18:55:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PlusService] D:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] G:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe () O4 - HKLM..\Run: [V0510Mon.exe] C:\Windows\V0510Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{248AB61D-41EC-4A39-A95A-36A580EC82FA}: DhcpNameServer = 24.222.0.94 24.222.0.95 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC13486-832A-4E58-B78E-307737CF10E0}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll (Andreas Verhoeven) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/07/05 00:30:24 | 000,000,000 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: [b]FileZilla Server Interface[/b] - hkey= - key= - G:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) MsConfig - StartUpReg: [b]Pando Media Booster[/b] - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: [b]SandboxieControl[/b] - hkey= - key= - D:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 MsConfig - State: "bootini" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {206FE56F-802F-E477-7BE6-43EDD6665692} - Microsoft Windows Media Player 12.0 ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework ActiveX: {2B4897AB-F88A-B6FF-6A21-29F463CDB965} - DirectX ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {63E633DE-F62D-EDE0-82BA-77E6979ABFB8} - .NET Framework ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {82D7B414-5DA9-00AF-40A5-0A0B3BDEA283} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B2448CC6-7788-E36B-B8E7-8D3A7246DEB5} - Microsoft Windows Media Player 12.0 ActiveX: {C542E6FD-678C-243C-E30C-2FC49800426C} - Internet Explorer ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CAC9C37A-3DF6-765A-42B5-D377D78EEE15} - DirectX ActiveX: {CAFBC0BB-A929-4667-53B0-86C67415B79D} - Themes Setup ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {D3E7CF57-3115-AD58-2FD2-8A345A527DE4} - Microsoft Windows Media Player 12.0 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{0472f9bf-d68f-45e7-b372-621a4d5b1258} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig Drivers32: midi8 - C:\Windows\System32\mapledxp.dll (Jeff Hurchalla and Marble Sound) Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.at3 - C:\Windows\System32\atrac3.acm () Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm () Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL (Rainbow Technologies, Inc.) Drivers32: VIDC.ACDV - ACDV.dll File not found Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - D:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.i263 - C:\Windows\System32\I263_32.drv (Intel Corporation) Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( ) Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll () Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com) Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll () Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/10 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/10 13:23:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/04/09 18:55:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/04/09 18:55:17 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN [2013/04/09 15:53:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/09 15:53:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/09 15:53:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/09 15:53:24 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/04/09 15:53:24 | 000,000,000 | ---D | C] -- \ComboFix [2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/09 15:50:47 | 000,000,000 | ---D | C] -- \Qoobox [2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/30 14:08:52 | 000,000,000 | ---D | C] -- \_OTL [2013/03/28 18:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013/03/17 11:47:39 | 002,474,608 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe [2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll [2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Program Files\Common Files\adlmint.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/12 15:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/12 12:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/10 15:46:18 | 003,773,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/04/10 15:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/10 13:23:41 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/09 19:29:07 | 000,730,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/04/09 19:29:07 | 000,491,444 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2013/04/09 19:29:07 | 000,151,558 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2013/04/09 19:29:07 | 000,151,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/04/09 19:21:23 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/09 19:21:23 | 000,017,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/09 18:55:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/03/28 18:15:01 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/04/10 13:23:41 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/09 15:53:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/09 15:53:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/09 15:53:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/09 15:53:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/09 15:53:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/17 11:47:39 | 002,474,608 | ---- | C] () -- \Procmon.exe [2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- C:\procmon.chm [2013/03/17 11:47:39 | 000,063,582 | ---- | C] () -- \procmon.chm [2013/03/06 07:49:42 | 000,002,100 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel [2012/10/12 15:09:27 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI [2012/07/25 21:16:17 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll [2012/07/22 20:14:33 | 000,002,182 | ---- | C] () -- C:\Users\Administrator\.kdiff3rc [2012/07/21 12:18:04 | 000,000,162 | ---- | C] () -- C:\Users\Administrator\mercurial.ini [2012/06/25 19:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2012/05/27 17:14:39 | 000,002,932 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2012/05/27 17:14:36 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2012/05/27 17:14:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2012/05/27 17:14:36 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2012/05/27 17:14:36 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2012/05/27 17:14:36 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2012/05/27 17:14:36 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2012/05/27 17:14:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2012/05/27 17:14:36 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2012/05/27 17:14:36 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2012/05/27 17:14:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2012/05/27 17:14:35 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2012/05/27 17:14:35 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2012/05/27 17:14:35 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2012/05/27 17:14:35 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/05/08 22:51:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll [2012/05/02 23:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012/04/09 15:57:59 | 000,000,024 | ---- | C] () -- C:\Windows\entpack.ini [2012/03/08 23:54:27 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2011/07/30 15:26:18 | 000,324,096 | ---- | C] () -- C:\Windows\System32\SDL.dll [2011/07/21 10:30:35 | 000,000,190 | ---- | C] () -- C:\Windows\_delis43.ini [2011/06/14 14:26:23 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys [2011/06/14 14:26:12 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys [2011/06/02 19:26:39 | 000,714,526 | ---- | C] () -- C:\Windows\unins001.exe [2011/06/02 19:26:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2011/06/02 19:26:39 | 000,001,799 | ---- | C] () -- C:\Windows\unins001.dat [2011/05/20 00:07:56 | 000,274,706 | ---- | C] () -- \gohei.jpg [2011/05/18 21:51:29 | 000,602,112 | ---- | C] () -- \OTL.exe [2011/05/02 21:38:04 | 000,525,419 | ---- | C] () -- \remii.png [2011/05/02 16:26:22 | 003,289,689 | ---- | C] () -- \goheilol.png [2011/04/29 23:52:57 | 001,614,444 | ---- | C] () -- \flashlight.png [2011/04/28 20:20:15 | 000,739,966 | ---- | C] () -- \gohei.png [2011/04/23 19:07:52 | 007,618,784 | ---- | C] () -- \gohei.FBX [2011/04/08 21:36:15 | 001,057,198 | ---- | C] () -- \lawl2.png [2011/04/07 19:03:18 | 001,942,616 | ---- | C] () -- \lawl.png [2011/04/01 16:41:42 | 000,407,023 | ---- | C] () -- \Amnesia.png [2011/03/11 20:46:20 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\server.properties [2011/03/07 08:15:58 | 000,038,578 | ---- | C] () -- \Threshold1.png [2011/02/27 17:43:42 | 000,086,827 | ---- | C] () -- \Threshold.png [2011/01/16 22:21:30 | 000,264,748 | ---- | C] () -- \lot.png [2011/01/10 10:12:32 | 000,231,555 | ---- | C] () -- \ctca.png [2011/01/09 17:10:47 | 000,369,097 | ---- | C] () -- \ctcc.png [2011/01/09 17:09:15 | 000,316,054 | ---- | C] () -- \ctcmenu.png [2011/01/09 00:21:36 | 000,601,401 | ---- | C] () -- \CtC.png [2010/12/24 16:41:35 | 000,698,352 | ---- | C] () -- \FL Studio Error.png [2010/12/10 23:10:23 | 000,000,622 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat [2010/07/25 23:46:44 | 000,000,038 | ---- | C] () -- C:\Users\Administrator\wxLuaIDE.ini [2010/06/06 22:47:19 | 000,777,747 | ---- | C] () -- \LOL.jpg [2010/06/06 01:07:12 | 031,056,033 | ---- | C] () -- \unpacked_ehsvc_18.05.idb [2010/06/03 16:54:06 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\photorec.cfg [2010/06/01 14:59:38 | 000,004,243 | ---- | C] () -- \lala.3ds [2010/05/20 01:24:00 | 006,430,386 | ---- | C] () -- \AirRivals.atm [2010/05/18 23:41:11 | 000,149,142 | ---- | C] () -- C:\Users\Administrator\unstoppable.gif [2010/05/08 11:13:37 | 000,000,232 | ---- | C] () -- C:\Users\Administrator\SciTE.session [2010/05/08 01:27:39 | 000,072,268 | ---- | C] () -- \procexp.chm [2010/05/08 00:32:25 | 003,879,288 | ---- | C] () -- \procexp.exe [2010/05/07 23:10:17 | 000,046,017 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies1.pdf [2010/05/07 23:09:46 | 000,054,707 | ---- | C] () -- C:\Users\Administrator\airrivals_recipies.pdf [2010/05/07 23:08:40 | 000,000,111 | ---- | C] () -- C:\Users\Administrator\tracegf4d.cmd [2010/05/07 23:08:27 | 000,014,162 | ---- | C] () -- C:\Users\Administrator\mouseclicks.gif [2010/05/07 22:58:39 | 040,009,077 | ---- | C] () -- C:\Users\Administrator\e10howto.mov [2010/05/07 22:58:30 | 000,041,360 | ---- | C] () -- C:\Users\Administrator\Bosses.pdf [2010/05/07 22:58:08 | 000,012,782 | ---- | C] () -- C:\Users\Administrator\AR enchanting.pdf [2010/05/07 19:03:28 | 000,560,034 | ---- | C] () -- \meohgawd.jpg [2010/04/28 01:27:00 | 000,263,768 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3.sfk [2010/04/28 01:26:38 | 003,061,583 | ---- | C] () -- \THE LAZER COLLECTION 2.mp3 [2010/04/28 01:16:28 | 000,706,652 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.wav [2010/04/28 01:11:56 | 000,013,848 | ---- | C] () -- \Vlan.sfk [2010/04/28 01:08:51 | 001,764,044 | ---- | C] () -- \Vlan.wav [2010/04/28 01:07:12 | 000,008,128 | ---- | C] () -- \Vlanlol.mp3.sfk [2010/04/28 01:06:41 | 000,093,648 | ---- | C] () -- \Vlanlol.mp3 [2010/04/28 00:43:31 | 000,131,683 | ---- | C] () -- \Vlan.mp3 [2010/04/28 00:16:01 | 006,502,641 | ---- | C] () -- \East New Sound ~ U.N. Owen was her ~.mp3 [2010/04/19 23:31:57 | 000,029,696 | ---- | C] () -- \SpaceCowboy.exe [2010/04/12 20:31:13 | 003,360,841 | ---- | C] () -- \Akon ft. Eminem- Smack That Instrumental.mp3 [2010/04/08 01:54:04 | 000,413,439 | RHS- | C] () -- \TLZYV [2010/03/10 12:07:14 | 004,981,269 | ---- | C] () -- \Tsukasa - K Lobelia.mp3 [2010/03/04 15:51:11 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010/02/25 10:36:48 | 000,181,408 | ---- | C] () -- \grldr.bak [2010/02/24 19:59:04 | 000,171,136 | RHS- | C] () -- \w7ldr [2010/02/06 15:15:25 | 001,863,094 | ---- | C] () -- \vidtomp3.com-12654804966508.mp3 [2010/01/31 19:44:06 | 000,003,532 | ---- | C] () -- \drmHeader.bin [2010/01/25 23:28:12 | 002,356,278 | ---- | C] () -- \Dune_Desktop_Wallpaper_Emma_Alvarez.bmp [2010/01/25 23:28:12 | 001,006,660 | ---- | C] () -- \Jumping Onto White Base.mp3 [2010/01/25 23:28:12 | 000,001,096 | -H-- | C] () -- \IPH.PH [2010/01/25 23:28:00 | 000,000,000 | R--- | C] () -- \logwmemory.bin [2010/01/25 23:27:59 | 009,881,451 | ---- | C] () -- \Lostep - Burma.mp3 [2010/01/25 23:27:59 | 005,897,430 | ---- | C] () -- \musicc.mp3 [2010/01/25 23:27:58 | 006,926,535 | ---- | C] () -- \Oliver Smith - Nimbus.mp3 [2010/01/25 23:27:58 | 000,136,272 | ---- | C] () -- \N604217500_1213762_5186.jpg [2010/01/25 23:27:58 | 000,059,302 | ---- | C] () -- \northern-lights-back.jpg [2010/01/25 23:27:56 | 000,011,772 | ---- | C] () -- \rawrme.JPG [2010/01/25 23:27:52 | 014,979,377 | ---- | C] () -- \Yes_-_Awaken.mp3 [2010/01/25 23:27:52 | 008,259,216 | ---- | C] () -- \Wings_of_tomorow.exe [2010/01/25 23:27:52 | 002,518,622 | ---- | C] () -- \The Tale You Were In (Full Version).mp3 [2010/01/25 23:27:52 | 002,178,968 | ---- | C] () -- \vidtomp3.com-12641138434152.mp3 [2010/01/25 23:27:52 | 000,325,072 | ---- | C] () -- \Untitled5.jpg [2010/01/25 23:27:52 | 000,182,379 | ---- | C] () -- \Untitled.jpg [2010/01/25 23:27:52 | 000,105,343 | ---- | C] () -- \Transcript.jpg [2010/01/25 23:27:52 | 000,095,479 | ---- | C] () -- \SSD531352.jpg [2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata04.sqm [2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata03.sqm [2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata02.sqm [2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata01.sqm [2010/01/25 23:27:52 | 000,000,268 | -H-- | C] () -- \sqmdata00.sqm [2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt04.sqm [2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt03.sqm [2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt02.sqm [2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt01.sqm [2010/01/25 23:27:52 | 000,000,244 | -H-- | C] () -- \sqmnoopt00.sqm [2010/01/25 23:27:49 | 006,089,919 | ---- | C] () -- \Calm_Waters__Dire_Dire_Docks_remix_.mp3 [2010/01/25 23:27:49 | 004,943,319 | ---- | C] () -- \BT - Remember (Phrakture's Unofficial Remix).mp3 [2010/01/25 17:20:12 | 000,000,020 | RHS- | C] () -- \win7.ld [2010/01/25 15:21:33 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009/07/13 23:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009/07/13 23:04:04 | 000,000,010 | ---- | C] () -- \config.sys [2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2009/03/28 09:35:00 | 000,000,000 | RHS- | C] () -- \IO.SYS [2008/09/26 15:05:15 | 000,383,582 | RHS- | C] () -- \bootmgr.bak [2008/09/26 15:05:15 | 000,383,562 | RHS- | C] () -- \bootmgr [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 22:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Drive Information ==========[/color] Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD5000AAKS-55A7B0 ATA Device Partitions: 2 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: ST2000DL003-9VT166 ATA Device Partitions: 1 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 80.00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 386.00GB Starting Offset: 85900394496 Hidden sectors: 0 DeviceID: Disk #1, Partition #0 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 1,863.00GB Starting Offset: 1048576 Hidden sectors: 0 [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010/04/15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe [2012/07/11 17:45:04 | 002,474,608 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe [2010/04/19 16:56:14 | 000,029,696 | ---- | M] (Microsoft) -- C:\SpaceCowboy.exe [2002/01/02 15:51:58 | 008,259,216 | ---- | M] () -- C:\Wings_of_tomorow.exe [color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color] [color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2013/03/26 20:01:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010/04/15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe [2012/07/11 17:45:04 | 002,474,608 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Procmon.exe [2010/04/19 16:56:14 | 000,029,696 | ---- | M] (Microsoft) -- C:\SpaceCowboy.exe [2002/01/02 15:51:58 | 008,259,216 | ---- | M] () -- C:\Wings_of_tomorow.exe [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2013/03/30 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft [2010/01/25 17:04:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acccore [2010/06/22 11:41:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems [2012/03/27 12:55:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe [2011/03/16 00:21:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AMozilla [2012/04/06 10:47:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AnnkakeSpa [2010/01/25 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\App Launcher Gadget [2012/08/23 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ARA [2010/01/25 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity [2011/04/20 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk [2013/04/12 15:27:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus [2012/07/19 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited [2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Creative [2010/03/20 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CUBETYPE [2010/03/20 01:00:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\D.N.A. Softwares [2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro [2011/09/30 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dev-Cpp [2011/01/02 21:13:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX [2011/08/09 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DMDirc [2010/04/24 07:30:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss [2012/04/27 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dynamic Effects [2010/01/25 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET [2011/01/13 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESTsoft [2012/05/07 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla [2011/01/06 16:09:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FlashFXP [2010/01/31 10:19:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software [2010/03/19 17:56:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Fujitsu [2011/10/25 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gensokyo.org [2012/12/19 17:53:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0 [2012/10/18 16:06:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hamachi [2010/05/20 00:10:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Help [2010/05/11 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hex-Rays [2010/11/02 06:34:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Homoym [2012/05/24 21:26:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\hte [2012/12/25 00:34:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\I2P [2010/01/25 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities [2011/08/31 14:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IDMComp [2010/05/06 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield [2010/01/25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire [2011/07/01 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient [2010/01/25 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2011/09/01 14:50:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mael [2010/01/25 17:04:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2011/08/19 21:09:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MayaWebBrowser [2009/07/14 04:48:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2010/01/25 17:04:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic [2010/12/26 17:43:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MessengerDiscovery 2 [2012/06/05 21:24:20 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2010/05/08 10:36:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Corporation [2011/06/23 20:29:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft Games [2010/05/03 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MilkShape 3D 1.x.x [2010/12/24 02:51:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC [2011/01/06 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Move Networks [2011/01/07 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla [2012/01/24 20:28:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mumble [2010/03/20 01:07:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\net.mesopota.tohoShowtime.A5B365107A30E46004755A9A0862E792DF4441ED.1 [2012/05/06 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NVIDIA [2010/01/25 17:04:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera [2010/05/20 01:09:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PE Explorer [2009/07/31 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking [2010/01/25 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers [2010/04/17 14:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real [2011/01/07 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScummVM [2011/08/14 21:51:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ShanghaiAlice [2012/06/26 21:28:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\six-updater [2012/06/26 21:26:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\six-zsync [2013/04/10 20:03:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype [2010/01/25 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\skypePM [2011/01/04 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony [2010/01/25 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Creative Software [2010/04/06 13:45:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spiral Graphics [2010/07/22 03:15:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sun [2011/06/24 11:12:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab [2010/01/25 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2 [2010/04/07 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Texture Maker [2013/04/10 15:57:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TortoiseHg [2011/08/09 03:34:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trillian [2012/06/25 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tunngle [2010/03/23 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\U3 [2012/09/06 01:18:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity [2010/03/17 23:45:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo [2013/04/12 05:23:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc [2011/06/07 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Winamp [2010/01/28 15:16:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR [2010/12/08 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wuala [2013/04/10 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xfire [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\maxdrive\atapi.sys [2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f5054b97743c05b3\atapi.sys [2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/13 22:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_ddc35c9e9bda913a\atapi.sys [color=#A23BEC]< MD5 for: CSRSS.EXE >[/color] [2009/07/13 22:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe [2009/07/13 22:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009/11/02 15:19:00 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2009/09/23 09:34:51 | 002,579,456 | ---- | M] (Microsoft Corporation) MD5=0C81EA51AEB0E47BBC749257EAC179C4 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe [2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009/11/02 15:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/11/02 15:15:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 03:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\ERDNT\cache\mswsock.dll [2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll [2009/07/13 22:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll [color=#A23BEC]< MD5 for: NAPINSP.DLL >[/color] [2009/07/13 22:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll [2009/07/13 22:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll [color=#A23BEC]< MD5 for: NLAAPI.DLL >[/color] [2009/07/13 22:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll [2009/07/13 22:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll [color=#A23BEC]< MD5 for: PNRPNSP.DLL >[/color] [2009/07/13 22:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll [2009/07/13 22:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll [color=#A23BEC]< MD5 for: PRINTISOLATIONHOST.EXE >[/color] [2009/07/13 22:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe [2009/07/13 22:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe [2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: USER32.DLL >[/color] [2009/07/13 22:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=AE2B4D47934D3798C984D51B1694A490 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20496_none_cd8e8f8de7d4e9b5\user32.dll [2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=C7B21BEF09EC7249556BEE19F9D314CB -- C:\Windows\ERDNT\cache\user32.dll [2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=C7B21BEF09EC7249556BEE19F9D314CB -- C:\Windows\System32\user32.dll [2009/11/02 15:10:24 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=C7B21BEF09EC7249556BEE19F9D314CB -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16400_none_cd604238ce73b38f\user32.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe [2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 03:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 02:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/13 22:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009/11/02 15:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe [2009/11/02 15:22:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe [color=#A23BEC]< MD5 for: WINRNR.DLL >[/color] [2009/07/13 22:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll [2009/07/13 22:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll [color=#A23BEC]< MD5 for: WSHELPER.DLL >[/color] [2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll [2009/07/13 22:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll [color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 21:58:16 | 000,867,032 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 21:58:18 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/20 16:17:08 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/05/20 16:17:09 | 000,748,336 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %ProgramFiles%\WINDOWS NT\*.* /s >[/color] [2009/07/13 22:14:49 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe [2009/07/13 22:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll [2009/07/13 23:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui [2009/07/13 20:48:26 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\ja-JP\wordpad.exe.mui [2009/07/13 22:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll [2009/06/10 18:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt [2009/06/10 18:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt [2009/06/10 18:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt [2009/06/10 18:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt [2009/06/10 18:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt [2009/06/10 18:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt [2009/06/10 18:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt [2009/07/13 23:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui [2009/07/13 20:29:38 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\ja-JP\TableTextService.dll.mui [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/02/28 17:57:15 | 000,015,658 | ---- | M] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd [2011/02/28 17:57:15 | 000,015,658 | ---- | C] ()(C:\Windows\System32\??SASA.udd) -- C:\Windows\System32\東方SASA.udd [2010/10/30 19:36:33 | 000,221,216 | ---- | M] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk [2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(C:\?????.mp3.sfk) -- C:\東方幻奏箱.mp3.sfk [2010/10/30 19:36:07 | 000,221,216 | ---- | C] ()(\?????.mp3.sfk) -- \東方幻奏箱.mp3.sfk [2010/10/30 15:13:59 | 002,567,549 | ---- | M] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3 [2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(C:\?????.mp3) -- C:\東方幻奏箱.mp3 [2010/10/30 15:13:40 | 002,567,549 | ---- | C] ()(\?????.mp3) -- \東方幻奏箱.mp3 [2010/02/06 15:14:18 | 005,570,592 | ---- | M] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3 [2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(C:\EastNewSound ??????(x?y).mp3) -- C:\EastNewSound 悖徳数列組曲(x≒y).mp3 [2010/02/06 15:14:18 | 005,570,592 | ---- | C] ()(\EastNewSound ??????(x?y).mp3) -- \EastNewSound 悖徳数列組曲(x≒y).mp3 [2010/02/06 15:09:19 | 004,729,658 | ---- | M] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3 [2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(C:\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- C:\黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3 [2010/02/06 15:09:15 | 004,729,658 | ---- | C] ()(\?? (EastNewSound) - One Day s Memory [??????1969].mp3) -- \黒鳥 (EastNewSound) - One Day s Memory [ヴォヤージュ1969].mp3 < End of report >
Extras log:
OTL Extras logfile created on: 2013/04/12 3:15:07 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/MM/dd 3.25 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 45.34% Memory free 7.48 Gb Paging File | 4.93 Gb Available in Paging File | 65.89% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4096 16384 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 22.94 Gb Free Space | 28.67% Space Free | Partition Type: NTFS Drive D: | 385.76 Gb Total Space | 15.67 Gb Free Space | 4.06% Space Free | Partition Type: NTFS Drive G: | 1863.01 Gb Total Space | 435.39 Gb Free Space | 23.37% Space Free | Partition Type: NTFS Computer Name: HEAVENH-B8RJ5SH | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = ComFile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.) Directory [Bridge] -- G:\Program Files\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "D:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Force Uninstall] -- D:\Program Files\Perfect Uninstaller\PU.exe "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2C1488BA-B7C0-4656-9B6F-6421A8354CD9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | "{5F1E49F4-182F-482B-8507-372A87C0FEEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A664B6EB-2CB6-4989-8D86-185CFAF053AC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{113AECB0-59CA-44F4-AEF5-F93E62104E4B}C:\Program Files\Winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{6A8B055C-72DD-4004-A419-B527306AF05A}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "TCP Query User{6CB5F7FA-3DAD-4317-ADE6-A4F34838B836}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{B23CD6B7-4654-4214-B51A-D5F93549B63D}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | "TCP Query User{BCB47CFC-52A8-49A7-8FFF-48E0CDC221D7}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{023A0091-4ACD-4B7D-9414-397CAEEC25E3}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "UDP Query User{0743E1D5-EE13-46C4-9B56-3DEEF60C1D54}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | "UDP Query User{BDF87C6D-F400-499D-809D-5ABF05B51F99}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "UDP Query User{CF2FA962-7979-43FC-9C8E-14D0B7403AD2}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{D86A70DE-AAB3-4C44-B866-54C7154BEC1E}C:\Program Files\Winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05B1529B-C423-42AA-B981-4ECA247E9FC0}" = DayZ Commander "{06056D9E-849E-4274-A5DE-6589C019F486}" = USBProg "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C439E7E-DE2B-4AC0-8BEB-DAD70FAE2918}" = AvrTools "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4 "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{191C9AC7-B78C-4CF4-A6C4-54A27E0AD798}" = S4 League_EU "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3 "{1CB72E04-D2F0-4A4B-AF92-711BF8AADDA3}" = Unreal Script IDE (UDKDevKit) VS 2010 Isolated Shell "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2087381D-01B1-4111-9078-EF68A5AEB0AB}" = PHP 5.3.2 "{211BB680-1ADD-4762-AF5D-B76DEAB3397B}" = COSMIC CORTEX-M C Compiler 64K "{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{238CE6BA-42DA-473A-9A72-15CE23F4584A}" = Visual3D Game Engine "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins "{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2775C25A-DF39-44AA-8E59-E0447DC164C2}" = Call of Duty - World at War "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit "{32A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3EB010F9-BF17-42F1-BFCC-528F3586E42D}_is1" = 東方紅舞闘 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{400E4B6F-1BB3-464D-AE91-54D888B7DDC4}" = TortoiseHg 2.4.2 (x86) "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{423B39E8-0A8E-4522-BB0A-FCCF86479977}_is1" = VVVVVV (Window v1.0) "{42B34B8E-3CE3-4D5F-B52B-F9E8A9FBCB65}" = Perforce Visual Components "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4B7IL77L-LKS1-75B1-SKYRIM-18CD6E6334R1}_is1" = The Elder Scrolls V - Skyrim version 1.0 "{4C2DEE4E-D144-555D-66B6-546DF5280756}" = 東方咲待夢 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{58206080-3E1F-4418-8117-D190FC71BF58}" = RealStrat 1.0 "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6 "{61CC5CBA-F483-4489-BD66-12FAAC5D35AB}" = Unreal X-Editor "{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011 "{6555AFAC-CE27-4539-A377-95E63040C3C3}" = 雪山乱闘チルノクライマーズ "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{702EC1FF-A081-48AE-8363-8D78A0919F86}" = Autodesk DirectConnect 2010 R1 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6 "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1 "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8A864555-554E-4DE2-BB36-BC4810355525}" = Autodesk MatchMover 2011 32-bit "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8EFF2EC4-F6F0-4A9B-91A5-92E2EEE93F35}" = g–‚é“`à ”êF‚̀Œđ‹¿‹È "{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{975E691C-D9EF-4CFB-A9C7-AB44F4201B0C}_is1" = Warblade 1.33 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9820281B-A9AC-4B17-9CF5-97A4B35714CC}" = Genetica 3.5 "{99B41A19-7FD5-4B0C-A2AB-1A065669F8A3}" = Maya 7.0 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{A25947EB-D9C2-4D6E-8051-810C913211B5}_is1" = ApiViewer 2004 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A6CB6078-18CF-401D-8D3D-4EA0C971EE0B}_is1" = 東方鎖宝録 1.00 "{A74F33CB-8C7D-404F-93F5-A63317379BD2}" = Windows 7 Manager "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1" = ACE Online EP3-5 3.7.2.2 Full "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A933C7DE-E96A-4A27-BE68-57297196E274}" = MGTEK MiniIDE 1.19 "{AC075837-7071-4c07-B9A1-CF5586060FE1}" = Autodesk Maya 2011 English Documentation 32-bit "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6 "{BEF22C6C-C603-44D1-AE86-F300A40249A6}_is1" = ダイナマリサ3D Ver1.02アップデート "{BF1BDC10-4366-4221-0103-000001000000}" = COLLADAMax (1.3.0) "{BF1BDC10-4366-4231-0103-000001000000}" = COLLADAMaya (1.3.0) "{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0 "{C1717CAF-F589-4493-B9CC-7A49218233EF}" = Okino Plug-ins Installer "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1" = ISO to USB "{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2 "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4 "{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU "{D86BD140-E0A5-470D-BEE9-42C9D2CC1012}" = PolyTrans "{D8D06241-617C-42AB-B9C7-D9BA5A377D10}" = NVIDIA Texture Tools 2 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E4386119-2C33-4023-9836-783F43A90E3C}" = Autodesk Maya 2011 32-bit "{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E85397AD-D60E-4141-82E6-FAA312A09271}" = Digital Camera "{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = AVR Jungo USB "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{F037A396-7FA3-4FB4-ACB8-3C6FE57B02BD}" = Microsoft XNA Framework Redistributable 3.1 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5122FCA-FCE1-4E8B-9F09-B5500DE10666}" = 四聖龍神録Plus "{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.25) "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FDD6ED8B-DB77-43BC-B0B2-608A1F27AABC}}_is1" = UnCodeX "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup "3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) "3D Model Viewer 0.3.5.4" = 3D Model Viewer 0.3.5.4 "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "7-Zip" = 7-Zip 9.20 "8461-7759-5462-8226" = Vuze "88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) "AC3Filter_is1" = AC3Filter 1.63b "Addictive Drums" = Addictive Drums "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional "AIM_7" = AIM 7 "AirRivals_EN_is1" = AirRivals_EN 1.0.0.39 "AirRivals_is1" = AirRivals "Akamai" = Akamai NetSession Interface Service "ALUpdate_is1" = ALTools Update "Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08 "ArmA 2" = ArmA 2 Uninstall "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 1.2.6 "Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 "Autodesk FBX Plug-in 2013.1 - Maya 2013" = Autodesk FBX Plug-in 2013.1 - Maya 2013 "AutoHotkey" = AutoHotkey 1.0.91.05 "AutoItv3" = AutoIt v3.3.6.1 "avast" = avast! Free Antivirus "BandiMPEG1" = Bandisoft MPEG-1 Decoder "BattlEye for OA" = BattlEye for OA Uninstall "Belarc Advisor" = Belarc Advisor 8.1 "Blender" = Blender (remove only) "Bochs 2.4.5" = Bochs 2.4.5 (remove only) "BOMB MEIRIN_is1" = BOMB MEIRIN "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "Crazybump" = Crazybump (remove only) "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "Diablo" = Diablo "Diablo II" = Diablo II "Diablo III" = Diablo III "D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.2.0 "DMDirc" = DMDirc "DOOM Collector's Edition" = DOOM Collector's Edition "EasyBCD" = EasyBCD 2.1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EximiousSoft GIF Creator_is1" = EximiousSoft GIF Creator V5.70 "ExtractNow_is1" = ExtractNow "FDHAGBGDGFENGBHCGJHDGBHC" = SpaceMarisar "FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows "Fiend" = Fiend "File And MP3 Tag Renamer_is1" = File And MP3 Tag Renamer 2.2 "FileZilla Server" = FileZilla Server "FL Studio 9" = FL Studio 9 "Foxit Reader" = Foxit Reader "gensoC77" = 幻想風淫録~淫行は儚き人間の為に~ "GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers "GLVIEW3" = OpenGL Extensions Viewer 4.0 "GOM Player" = GOM Player "GomTVStreamer" = GOMTV Streamer "HaaliMkx" = Haali Media Splitter "Hardcore" = Hardcore "IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1_is1" = IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1 "IL Download Manager" = IL Download Manager "Inno Setup 5_is1" = Inno Setup version 5.4.2 "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit "InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "JFDuke3D" = JFDuke3D 20051009 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "LinkChecker_is1" = LinkChecker 7.9 "LogMeIn Hamachi" = LogMeIn Hamachi "MadTracker 2" = MadTracker 2 "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Maple Virtual Midi Cable_is1" = Hurchalla Maple VMidi Cable v3.56 "Maristice English" = NSIS Maristice English "MatlabR2011a" = MATLAB R2011a "Matroska Pack" = Matroska Pack "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010) "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Second Editon Redistributable "MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4 "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "MTI ModelSim PE Student Edition 10.1b Deinstall Key" = ModelSim PE Student Edition 10.1b "net.mesopota.tohoShowtime.A5B365107A30E46004755A9A0862E792DF4441ED.1" = 東方咲待夢 "Notepad++" = Notepad++ "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OEMInformation" = OEM Logo and Information "Orcad Family Release 9.2 Lite Edition" = Orcad Family Release 9.2 Lite Edition "Panda3D 1.6.2" = Panda3D 1.6.2 "PE Explorer_is1" = PE Explorer 1.99 "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8 "PoiZone" = PoiZone "Postal 2_is1" = Portal 2 "PowerStrip 3 (remove only)" = PowerStrip 3 (remove only) "Rainbow Sentinel Driver" = Sentinel System Driver "RiseOfNationsExpansion 1.0" = Rise of Nations "Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0 "Rocketfish Live! Cam Center" = Rocketfish Live! Cam Center "Rocketfish VF0510" = Rocketfish 2MP AF Webcam Driver (1.00.06.00) "Rocketfish Webcam User's Guide" = Rocketfish Webcam User's Guide "SadMan Software: Search_is1" = SadMan Software: Search V3.7 "Sandboxie" = Sandboxie 3.44 "Sanny Builder 3_is1" = Sanny Builder 3.04 "Sawer" = Sawer "Serious Samurize" = Serious Samurize "Soldat patch 1.4.2-1.5.0_is1" = Soldat 1.5.0 "Soldat_is1" = Soldat 1.5.0 "StarCraft II" = StarCraft II "Steam App 212800" = Super Crate Box "Steam App 730" = Counter-Strike: Global Offensive "Stranger's Requiem" = 紅魔城伝説II 妖幻の鎮魂歌 "SystemRequirementsLab" = System Requirements Lab "The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0" = The Elder Scrolls V Skyrim Update-=AviaRa=- v1.8.151.0 "The Project 2" = The Project 2 "Totalcmd" = Total Commander (Remove or Repair) "Toxic Biohazard" = Toxic Biohazard "Tunngle beta_is1" = Tunngle beta "UDK-bcf57679-2bd6-4d3c-a423-1b8b584fd9f5" = Unreal Development Kit: 2012-10 "Unlocker" = Unlocker 1.9.0 "Unreal X-Editor 2.1" = Unreal X-Editor "UT2004" = Unreal Tournament 2004 "Valve Hammer Editor" = Valve Hammer Editor "VentriloMIX" = VentriloMIX "Vindictus" = Vindictus "VLC media player" = VLC media player 2.0.2 "Winamp" = Winamp "WinAVR-20100110" = WinAVR 20100110 (remove only) "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Xfire" = Xfire (remove only) "Xvid_is1" = Xvid 1.2.2 final uninstall "Zombie Shooter 2_is1" = Zombie Shooter 2 v 1.0 "Zombie Shooter_is1" = Zombie Shooter v 1.0 "ェF、隍fウUセヤェァEVO" = ェF、隍fウUセヤェァEVO "お嬢様のドキドキ大作戦" = お嬢様のドキドキ大作戦 ~呪われた紅の館~ "さなえの超特急_is1" = さなえの超特急 "もっと!?不思議の幻想郷_is1" = もっと!?不思議の幻想郷 "るみゃんランド" = るみゃんランド "不思議の幻想郷_is1" = 不思議の幻想郷 ver 1.00 "宵闇伝説_is1" = 宵闇伝説 ver1.00 "東方スカイアリーナ・幻想郷空戦姫" = 東方スカイアリーナ・幻想郷空戦姫 "東方大運動会" = 東方大運動会 "東方幻想麻雀_is1" = 東方幻想麻雀 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "BLP FILES" = BLP FILES "Diablo" = Diablo "Hawken" = Hawken "Seal Hunter" = Seal Hunter "UnityWebPlayer" = Unity Web Player "WinDirStat" = WinDirStat 1.1.2 "Yume Nikki 0.10 English" = Yume Nikki 0.10 English [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013/04/10 2:57:47 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 2013/04/10 7:51:53 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11e4 Start Time: 01ce361e2b51bcdf Termination Time: 130 Application Path: C:\OTL.exe Report Id: 9ac8ce30-a239-11e2-97fd-0022156f41f6 Error - 2013/04/11 12:45:53 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2013/04/11 12:51:45 AM | Computer Name = HEAVENH-B8RJ5SH | Source = System Restore | ID = 8193 Description = Error - 2013/04/11 12:51:45 AM | Computer Name = HEAVENH-B8RJ5SH | Source = System Restore | ID = 8211 Description = Error - 2013/04/11 12:53:28 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "D:\Program Files\Autodesk\Composite 2011\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2013/04/11 12:53:39 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Vuze\Azureus64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2013/04/11 12:53:42 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 2013/04/11 12:56:24 AM | Computer Name = HEAVENH-B8RJ5SH | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax. Error - 2013/04/11 9:22:12 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Application Error | ID = 1000 Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7 Faulting module name: MSVCR71.dll, version: 7.10.3052.4, time stamp: 0x3e561eac Exception code: 0xc0000005 Fault offset: 0x00010440 Faulting process id: 0x147c Faulting application start time: 0x01ce371c17b70c52 Faulting application path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\system32\MSVCR71.dll Report Id: 665ab443-a30f-11e2-97fd-0022156f41f6 [ System Events ] Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102 Description = Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = PNRPSvc | ID = 102 Description = Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error - 2013/04/10 2:58:17 PM | Computer Name = HEAVENH-B8RJ5SH | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 2013/04/10 5:10:18 PM | Computer Name = HEAVENH-B8RJ5SH | Source = volsnap | ID = 393251 Description = The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. Error - 2013/04/10 5:32:50 PM | Computer Name = HEAVENH-B8RJ5SH | Source = DCOM | ID = 10001 Description = Error - 2013/04/11 12:51:45 AM | Computer Name = HEAVENH-B8RJ5SH | Source = volsnap | ID = 393257 Description = When preparing a new volume shadow copy for volume C:, the shadow copy storage on volume C: did not have sufficiently large contiguous blocks. Consider deleting unnecessary files on the shadow copy storage volume or use a different shadow copy storage volume. Error - 2013/04/11 5:32:55 PM | Computer Name = HEAVENH-B8RJ5SH | Source = DCOM | ID = 10001 Description = < End of report >
#14
Posted 12 April 2013 - 05:35 PM
OK. Making progress. I think Combofix got most of it. There are a couple of files that looks suspicious that TDSSKiller found. Let's submit each of the following to virustotal.com
C:\Windows\system32\drivers\ds1410d.sys
C:\Windows\system32\Drivers\utqymjgy.sys
If you don't get a 0 of 42 (or so - the last number sometimes changes) Please copy and paste the whole report.
C:\Windows\system32\drivers\ds1410d.sys
C:\Windows\system32\Drivers\utqymjgy.sys
If you don't get a 0 of 42 (or so - the last number sometimes changes) Please copy and paste the whole report.
#15
Posted 12 April 2013 - 06:01 PM
ds1410d.sys was clean, but utqymjgy.sys wasn't, here's the report:
Antivirus Result Update
Agnitum - 20130412
AhnLab-V3 - 20130412
AntiVir - 20130413
Antiy-AVL - 20130412
Avast - 20130413
AVG - 20130413
BitDefender - 20130413
ByteHero - 20130322
CAT-QuickHeal - 20130412
ClamAV Trojan.Agent-66914 20130413
Commtouch W32/Bagle.TGIN-4537 20130412
Comodo - 20130413
DrWeb - 20130413
Emsisoft - 20130413
eSafe Win32.Bagle.RC.worm 20130407
ESET-NOD32 - 20130412
F-Prot W32/Bagle.IJ 20130412
F-Secure - 20130413
Fortinet - 20130413
GData - 20130413
Ikarus - 20130412
Jiangmin - 20130412
K7AntiVirus Trojan 20130412
Kaspersky - 20130413
Kingsoft - 20130408
Malwarebytes - 20130413
McAfee - 20130413
McAfee-GW-Edition - 20130412
Microsoft - 20130413
MicroWorld-eScan - 20130413
NANO-Antivirus - 20130412
Norman - 20130412
nProtect - 20130412
Panda - 20130412
PCTools Trojan-Downloader.Bagle 20130412
Rising Trojan.Win32.Generic.1273D2DC 20130412
Sophos - 20130413
SUPERAntiSpyware Trojan.Agent/Gen 20130413
Symantec - 20130413
TheHacker Trojan/Rootkit.gen 20130412
TotalDefense - 20130412
TrendMicro - 20130413
TrendMicro-HouseCall - 20130413
VBA32 - 20130412
VIPRE - 20130413
ViRobot Trojan.Win32.Bagle.7168 20130412
Sorry for the formatting, I didn't see a download button for the report and tabs don't seem to work in the editor.
Edit: I bolded the positive hits.
Antivirus Result Update
Agnitum - 20130412
AhnLab-V3 - 20130412
AntiVir - 20130413
Antiy-AVL - 20130412
Avast - 20130413
AVG - 20130413
BitDefender - 20130413
ByteHero - 20130322
CAT-QuickHeal - 20130412
ClamAV Trojan.Agent-66914 20130413
Commtouch W32/Bagle.TGIN-4537 20130412
Comodo - 20130413
DrWeb - 20130413
Emsisoft - 20130413
eSafe Win32.Bagle.RC.worm 20130407
ESET-NOD32 - 20130412
F-Prot W32/Bagle.IJ 20130412
F-Secure - 20130413
Fortinet - 20130413
GData - 20130413
Ikarus - 20130412
Jiangmin - 20130412
K7AntiVirus Trojan 20130412
Kaspersky - 20130413
Kingsoft - 20130408
Malwarebytes - 20130413
McAfee - 20130413
McAfee-GW-Edition - 20130412
Microsoft - 20130413
MicroWorld-eScan - 20130413
NANO-Antivirus - 20130412
Norman - 20130412
nProtect - 20130412
Panda - 20130412
PCTools Trojan-Downloader.Bagle 20130412
Rising Trojan.Win32.Generic.1273D2DC 20130412
Sophos - 20130413
SUPERAntiSpyware Trojan.Agent/Gen 20130413
Symantec - 20130413
TheHacker Trojan/Rootkit.gen 20130412
TotalDefense - 20130412
TrendMicro - 20130413
TrendMicro-HouseCall - 20130413
VBA32 - 20130412
VIPRE - 20130413
ViRobot Trojan.Win32.Bagle.7168 20130412
Sorry for the formatting, I didn't see a download button for the report and tabs don't seem to work in the editor.
Edit: I bolded the positive hits.
Edited by biggy c, 12 April 2013 - 06:03 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users