Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

System is acting really weird.

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Thu Jun 07, 2012 7:37 am    Post subject: System is acting really weird. Reply with quote

Lenovo Thinkpad T61p
Some programs fail to load and execute.
Web pages are redirected.
Pop-ups are frequent.
Have to reboot frequently.
Use avast virus detector.
Main system purpose is photo processing.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by SeizeTheMemories at 22:10:39 on 2012-06-06
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1700 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
mStart Page = about:blank
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\seizet~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\seizethememories\appdata\local\facebook\messenger\2.1.4520.0\FacebookMessenger.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/hk/en/SmartDownloading/cab/npdueng.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{057E337F-28E6-4511-AD97-C87E7452F547} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1DC36248-0629-41F8-8715-680A7D2DA63F} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1DC36248-0629-41F8-8715-680A7D2DA63F}\24541434843594445402055524C49434 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1DC36248-0629-41F8-8715-680A7D2DA63F}\24561636863796465602255637F62747 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1DC36248-0629-41F8-8715-680A7D2DA63F}\4656661657C647 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\seizethememories\appdata\roaming\mozilla\firefox\profiles\okbd67ha.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\seizethememories\appdata\local\facebook\messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: c:\windows\system32\lenovo\update\npdueng.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: dom.max_script_run_time - 10
FF - user.js: dom.max_chrome_script_run_time - 20
.
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-3-20 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-9 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-9 314456]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [2011-10-13 277576]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-8-8 948736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-9 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-9 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-9 44768]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-6-3 102672]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-9-9 13336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-9-9 110752]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-7-20 4446752]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-9-9 368680]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2011-9-9 75816]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-9-9 33832]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-9-9 8192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-9-8 45736]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-10-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-27 23624]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 129976]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-1-30 27192]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-06 20:24:24 -------- d-----w- c:\users\seizethememories\appdata\local\{02F86E8C-F034-42E8-90C8-51C3C4B26F5F}
2012-06-06 20:23:16 -------- d-----w- c:\users\seizethememories\appdata\local\{E6A033DC-564A-438E-BC6F-EA4F2D61510D}
2012-06-02 18:16:10 -------- d-----w- c:\users\seizethememories\appdata\local\{C7408793-0A15-48FA-8FA3-07976793E270}
2012-06-02 18:15:58 -------- d-----w- c:\users\seizethememories\appdata\local\{5ADA54A4-CE20-4DFA-9EE1-AC2FF8C49378}
2012-06-01 08:12:08 -------- d-----w- c:\users\seizethememories\appdata\roaming\Auto FX Software
2012-06-01 03:06:00 -------- d-----w- c:\users\seizethememories\appdata\local\{A26D8B6F-35E8-45C6-A771-CCE288681434}
2012-06-01 03:05:49 -------- d-----w- c:\users\seizethememories\appdata\local\{3198D189-7E34-4D5B-8872-AACB4C3E969D}
2012-05-30 20:04:46 -------- d-----w- c:\users\seizethememories\appdata\local\{560CFFD7-3B45-4ADA-A36E-0A8176A1C309}
2012-05-30 20:04:34 -------- d-----w- c:\users\seizethememories\appdata\local\{40F4FD13-BD3F-449F-A205-A9EC5F5B399D}
2012-05-28 15:31:43 -------- d-----w- c:\users\seizethememories\appdata\local\{2C046B8D-6938-4644-B1E4-DC66001330EC}
2012-05-28 15:31:31 -------- d-----w- c:\users\seizethememories\appdata\local\{51FFFEB8-4A86-4E50-ACA6-9978DF3918AD}
2012-05-28 06:37:42 -------- d-----w- c:\users\seizethememories\appdata\local\{6343A432-E7F2-4065-9478-0AB735342AA7}
2012-05-28 06:37:31 -------- d-----w- c:\users\seizethememories\appdata\local\{C46F7F55-BB6E-49A7-BBB8-B268D7C1509E}
2012-05-27 00:57:04 -------- d-----w- c:\program files\Intel Desktop Board
2012-05-25 03:51:31 -------- d-----w- c:\users\seizethememories\appdata\local\{3E725D63-3680-481C-9BA3-B157BA9C89A7}
2012-05-25 03:51:20 -------- d-----w- c:\users\seizethememories\appdata\local\{230C60F5-4B4A-42F0-A1EC-9BDC7F5D7813}
2012-05-24 01:10:25 -------- d-----w- c:\users\seizethememories\appdata\local\{506B8F36-BDC3-4218-916F-54F21F1B9588}
2012-05-23 00:22:24 -------- d-----w- c:\users\seizethememories\appdata\local\{F6F13FE9-5ED4-49CB-BED6-A0FC7E2EAD9B}
2012-05-23 00:22:12 -------- d-----w- c:\users\seizethememories\appdata\local\{CCCDBC48-3776-476D-AF6B-D720C49BD299}
2012-05-22 19:29:36 -------- d-----w- c:\users\seizethememories\appdata\local\{FC17C034-798C-4290-B4E9-56B36F11E63F}
2012-05-22 19:24:57 -------- d-----w- c:\users\seizethememories\appdata\local\{C2FB0F06-73FE-4748-BAF1-CDC49B3A26C7}
2012-05-22 19:24:43 -------- d-----w- c:\users\seizethememories\appdata\local\{F8CA8466-EE99-47A3-B9CF-17BD971F1A4A}
2012-05-22 19:23:28 -------- d-----w- c:\users\seizethememories\appdata\local\{27BBB63B-93A7-4A79-B550-67605206D6DA}
2012-05-22 19:23:17 -------- d-----w- c:\users\seizethememories\appdata\local\{C155A875-C1E8-4B56-948E-997FBD8464D8}
2012-05-21 12:37:51 -------- d-----w- c:\programdata\explauncher
2012-05-21 12:37:50 -------- d-----w- c:\programdata\launcher
2012-05-20 21:12:55 -------- d-----w- c:\users\seizethememories\appdata\local\{60C13C44-89B4-40A0-B558-B33D6700D602}
2012-05-20 21:12:44 -------- d-----w- c:\users\seizethememories\appdata\local\{F66E04B2-350D-49DC-80A8-DD87B59D385B}
2012-05-20 03:53:19 -------- d-----w- c:\program files\Hugin
2012-05-19 17:59:22 -------- d-----w- c:\users\seizethememories\appdata\local\{9C11958B-CA86-422B-8617-A75FC5D4D9AE}
2012-05-19 17:59:02 -------- d-----w- c:\users\seizethememories\appdata\local\{43B07AB4-3E3A-4721-8B13-21CD5680264D}
2012-05-18 16:56:35 -------- d-----w- c:\users\seizethememories\appdata\local\{F1FE3035-A1E9-494E-A3FF-FBE89FCF8B31}
2012-05-18 16:56:23 -------- d-----w- c:\users\seizethememories\appdata\local\{AD2C3232-D5B2-4F4A-85F5-B635957126B3}
2012-05-15 10:38:56 -------- d-----w- c:\users\seizethememories\appdata\local\{675FE08C-9F07-4FBA-9DE8-8DFCED80DB0D}
2012-05-15 10:38:36 -------- d-----w- c:\users\seizethememories\appdata\local\{C5F91FC6-A50D-4AEF-865F-1E12ED111CDC}
2012-05-15 02:49:47 -------- d-----w- c:\users\seizethememories\appdata\local\{9289F08B-9120-435C-9E33-D9C8CCF8AE97}
2012-05-15 02:49:35 -------- d-----w- c:\users\seizethememories\appdata\local\{B389E016-299F-467F-A677-3DBA87EDAABD}
2012-05-15 02:46:51 -------- d-----w- c:\users\seizethememories\appdata\local\{2EF062A7-428E-4C1D-A922-5D7B36E8D2D4}
2012-05-15 02:46:40 -------- d-----w- c:\users\seizethememories\appdata\local\{746569D9-02C3-4E3F-8F2E-C7EE71E265AA}
2012-05-14 05:47:27 -------- d-----w- c:\users\seizethememories\appdata\local\{21FE0D61-5539-4D41-979D-273C61DBF64C}
2012-05-14 05:47:15 -------- d-----w- c:\users\seizethememories\appdata\local\{94DD8F9C-A3C4-4BDC-971F-C4290463A34D}
2012-05-13 17:48:14 -------- d-----w- c:\users\seizethememories\appdata\local\{433F4CE5-72D8-43E8-BD7E-910C38D61554}
2012-05-13 17:48:01 -------- d-----w- c:\users\seizethememories\appdata\local\{6A88D5C6-1BA9-4B25-AC4A-FEDD9ECB110A}
2012-05-13 00:25:31 -------- d-----r- c:\users\seizethememories\SkyDrive
2012-05-13 00:25:18 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-05-12 21:53:54 -------- d-----w- c:\users\seizethememories\appdata\local\{FD59226C-3768-45F4-8AB4-CFD96C3A0F80}
2012-05-12 21:53:42 -------- d-----w- c:\users\seizethememories\appdata\local\{37E97F5D-6A63-47B0-AC3D-8FFA5ECDD3A6}
2012-05-12 16:37:11 -------- d-----w- c:\users\seizethememories\appdata\local\{BF2E5C64-8A2D-4FB6-AD4C-DBA13530C7B3}
2012-05-12 16:36:57 -------- d-----w- c:\users\seizethememories\appdata\local\{1CF4593F-49D6-414D-A0BF-2F89E717CA1C}
2012-05-12 12:12:27 -------- d-----w- c:\users\seizethememories\appdata\local\{79E9A468-1078-40FD-ACFB-09623B0E9982}
2012-05-12 12:12:14 -------- d-----w- c:\users\seizethememories\appdata\local\{47BBD7FE-743B-4E60-87F6-D4D4C64EF876}
2012-05-11 22:54:27 -------- d-----w- c:\users\seizethememories\appdata\local\{53D5CDF0-ACBF-4E4E-ACC8-F55E3F97FFE9}
2012-05-11 22:54:16 -------- d-----w- c:\users\seizethememories\appdata\local\{CC18CA34-0D9B-4D35-9B05-0C633E33B92F}
2012-05-11 21:50:12 -------- d-----w- c:\users\seizethememories\appdata\local\{8018244A-BE36-4E86-AD9E-617BCB417954}
2012-05-11 21:50:01 -------- d-----w- c:\users\seizethememories\appdata\local\{2AFFC383-3C53-4E8D-83B6-3ED95658A2B1}
2012-05-11 16:39:10 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 16:39:06 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-11 16:39:05 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-11 16:39:04 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-11 16:39:04 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-11 16:38:48 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 16:38:47 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 16:38:46 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 16:38:45 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 16:38:44 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 16:38:44 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 16:38:43 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 16:38:43 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 16:38:43 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
.
==================== Find3M ====================
.
2012-05-27 01:09:23 65536 ----a-w- c:\windows\IFinst27.exe
2012-05-06 22:16:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 22:16:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 21:18:25 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-30 11:32:50 88 --sh--r- c:\programdata\64C0A37F4F.sys
2012-04-28 18:51:35 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-28 18:51:35 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
2003-01-31 09:43:19 6065152 ------w- c:\program files\Mystical.exe
2003-01-31 00:20:26 1396736 ------w- c:\program files\Mystical_PlugIn.8bf
.
============= FINISH: 22:11:58.52 ===============
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Fri Jun 08, 2012 12:07 am    Post subject: Reply with quote

Looking over your log, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Fri Jun 08, 2012 12:26 am    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi eldoncooper

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are a few minor issues in your log that need attention, however they would not be responsible for the kind of problems you're having, so we need to run a few more scans to see what else might be on your computer.

First

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents


  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Change parameters

    • Check Detect TDLFS file system
    • Click OK

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Fri Jun 08, 2012 7:34 pm    Post subject: Reply with quote

Thank you for your time, knowledge, and effort.

OTL logfile created on: 6/8/2012 9:59:18 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\SeizeTheMemories\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 29.62% Memory free
5.99 Gb Paging File | 2.54 Gb Available in Paging File | 42.34% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 112.84 Gb Free Space | 37.86% Space Free | Partition Type: NTFS
Drive D: | 160.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 732.42 Gb Total Space | 58.60 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive Y: | 732.42 Gb Total Space | 58.60 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 197.47 Gb Free Space | 42.41% Space Free | Partition Type: NTFS

Computer Name: SEIZETHEMEMOR | User Name: SeizeTheMemories | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 21:55:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SeizeTheMemories\Downloads\OTL(1).exe
PRC - [2012/06/07 03:02:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/17 14:45:32 | 000,200,704 | ---- | M] (Facebook) -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/12/04 22:02:34 | 002,016,640 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\lightroom.exe
PRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/03 19:36:20 | 000,302,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/08 08:39:14 | 000,948,736 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011/07/27 21:41:08 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/07/27 21:22:30 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/03 13:51:40 | 000,102,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2011/03/18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 02:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/22 04:05:22 | 000,110,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/18 05:58:28 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009/07/20 02:55:50 | 004,446,752 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/07 03:02:05 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 12:26:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1308b3b2c033226ddd613752a37e3272\IAStorCommon.ni.dll
MOD - [2012/05/12 12:26:00 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d59182e98ef565ae60ca79643f38c798\IAStorUtil.ni.dll
MOD - [2012/05/12 12:23:43 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/12 12:23:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 12:23:34 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/12 12:23:08 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/12 12:23:01 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/12 12:22:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012/05/12 12:22:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/12 12:22:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/12 12:22:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/12 12:22:36 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/12 12:22:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/11 14:47:16 | 000,449,024 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.dll
MOD - [2012/05/11 14:47:16 | 000,275,456 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.WinForms.dll
MOD - [2012/05/06 18:16:58 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/25 15:21:18 | 021,009,408 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\libcef.dll
MOD - [2011/12/04 21:30:48 | 000,159,744 | ---- | M] () -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\moxplugins\wpdmanager.mox
MOD - [2011/12/04 21:30:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\moxplugins\AppManagerLR.mox
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/06/25 01:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/25 01:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/29 01:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/28 02:24:30 | 000,117,904 | ---- | M] () -- c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll1 -- (WcsPlugInService)
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\regsvc.dllces\remoteaccess\parameters -- (RemoteRegistry)
SRV - File not found [Disabled | Stopped] -- C:\Windows\System32\mprdim.dllces\RemoteAccess\Parameters -- (RemoteAccess)
SRV - [2012/06/07 03:02:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/09 14:10:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 13:37:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/08 08:39:14 | 000,948,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/07/27 21:41:08 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/07/27 21:22:30 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/03 13:51:40 | 000,102,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/09/22 04:05:22 | 000,110,752 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/18 05:58:28 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/07/20 02:55:50 | 004,446,752 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PcdrNdisuio)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV)
DRV - [2011/12/29 14:23:23 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/13 14:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/10/13 14:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011/10/13 14:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011/09/09 12:00:56 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011/08/08 08:32:16 | 000,243,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011/08/08 08:32:16 | 000,243,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/10/07 07:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2010/08/18 13:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/26 03:15:50 | 000,221,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/15 16:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/15 15:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/07 21:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/05 20:21:46 | 009,833,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/02 13:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [1999/12/31 20:00:00 | 000,075,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwdpan.sys -- (BTWDPAN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 72 DA 6A 14 8D CC 01 [binary data]
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={44E7CD3B-2CEC-45CB-9CD1-1842BC620284}&mid=fbda8b7f780c42259ae87b5667fd7c30-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=us&ds=AVG&pr=pa&d=2011-12-07 03:38:06&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@lenovo.com/dueng,version=2.0: C:\Windows\system32\lenovo\update\npdueng.dll (Lenovo)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/09 13:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 03:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/01 03:26:43 | 000,000,000 | ---D | M]

[2011/09/09 11:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeizeTheMemories\AppData\Roaming\Mozilla\Extensions
[2012/06/05 21:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeizeTheMemories\AppData\Roaming\Mozilla\Firefox\Profiles\okbd67ha.default\extensions
[2012/05/19 14:17:33 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\SeizeTheMemories\AppData\Roaming\Mozilla\Firefox\Profiles\okbd67ha.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/05/06 18:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/09 13:15:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/07 03:02:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/19 17:14:25 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 22:59:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 22:59:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/01 10:39:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} http://consumersupport.lenovo.com/hk/en/SmartDownloading/cab/npdueng.cab (ElevatedCreater Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{057E337F-28E6-4511-AD97-C87E7452F547}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DC36248-0629-41F8-8715-680A7D2DA63F}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/11 06:54:12 | 000,047,082 | ---- | M] () - C:\AutoEyeuninstal.log -- [ NTFS ]
O32 - AutoRun File - [2012/04/26 07:04:15 | 000,000,000 | ---D | M] - C:\AutoFX DreamSuite Ultimate 1.36 32 bit (serial-FOSI) [ChingLiu] -- [ NTFS ]
O32 - AutoRun File - [2012/02/15 12:09:18 | 000,000,036 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\SeizeTheMemories\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PhotoJoy - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: vProt - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll\Services\rdsessmgr File not found
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WRkrn - Driver
SafeBootNet: WRSVC - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{8FCB5055-B154-47A5-8614-77ACA654B97D}
[2012/06/08 13:01:40 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C4EE3DAE-5B49-4D94-986F-B3C0002CC837}
[2012/06/08 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{13CAA70A-8E9E-4A01-963F-7ECDBB70C061}
[2012/06/08 00:48:06 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3844A07D-1AE0-4C60-A70B-4E631DF86C27}
[2012/06/06 16:24:24 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{02F86E8C-F034-42E8-90C8-51C3C4B26F5F}
[2012/06/06 16:23:16 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{E6A033DC-564A-438E-BC6F-EA4F2D61510D}
[2012/06/02 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\Desktop\Walgreens Photo Coupons
[2012/06/02 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C7408793-0A15-48FA-8FA3-07976793E270}
[2012/06/02 14:15:58 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{5ADA54A4-CE20-4DFA-9EE1-AC2FF8C49378}
[2012/06/01 04:12:08 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Auto FX Software
[2012/06/01 03:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/01 03:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/31 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{A26D8B6F-35E8-45C6-A771-CCE288681434}
[2012/05/31 23:05:49 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3198D189-7E34-4D5B-8872-AACB4C3E969D}
[2012/05/30 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{560CFFD7-3B45-4ADA-A36E-0A8176A1C309}
[2012/05/30 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{40F4FD13-BD3F-449F-A205-A9EC5F5B399D}
[2012/05/28 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2C046B8D-6938-4644-B1E4-DC66001330EC}
[2012/05/28 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{51FFFEB8-4A86-4E50-ACA6-9978DF3918AD}
[2012/05/28 02:43:56 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\Desktop\Pictures of Me Mama Kathi and Ethan 5-27-12
[2012/05/28 02:37:42 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{6343A432-E7F2-4065-9478-0AB735342AA7}
[2012/05/28 02:37:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C46F7F55-BB6E-49A7-BBB8-B268D7C1509E}
[2012/05/26 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Desktop Board
[2012/05/24 23:51:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3E725D63-3680-481C-9BA3-B157BA9C89A7}
[2012/05/24 23:51:20 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{230C60F5-4B4A-42F0-A1EC-9BDC7F5D7813}
[2012/05/23 21:10:25 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{506B8F36-BDC3-4218-916F-54F21F1B9588}
[2012/05/22 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F6F13FE9-5ED4-49CB-BED6-A0FC7E2EAD9B}
[2012/05/22 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{CCCDBC48-3776-476D-AF6B-D720C49BD299}
[2012/05/22 15:29:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{FC17C034-798C-4290-B4E9-56B36F11E63F}
[2012/05/22 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C2FB0F06-73FE-4748-BAF1-CDC49B3A26C7}
[2012/05/22 15:24:43 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F8CA8466-EE99-47A3-B9CF-17BD971F1A4A}
[2012/05/22 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{27BBB63B-93A7-4A79-B550-67605206D6DA}
[2012/05/22 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C155A875-C1E8-4B56-948E-997FBD8464D8}
[2012/05/22 14:17:26 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\Desktop\New folder
[2012/05/21 08:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012/05/21 08:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012/05/21 08:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012/05/20 17:12:55 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{60C13C44-89B4-40A0-B558-B33D6700D602}
[2012/05/20 17:12:44 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F66E04B2-350D-49DC-80A8-DD87B59D385B}
[2012/05/19 23:53:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin
[2012/05/19 23:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hugin
[2012/05/19 13:59:22 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{9C11958B-CA86-422B-8617-A75FC5D4D9AE}
[2012/05/19 13:59:02 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{43B07AB4-3E3A-4721-8B13-21CD5680264D}
[2012/05/18 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F1FE3035-A1E9-494E-A3FF-FBE89FCF8B31}
[2012/05/18 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{AD2C3232-D5B2-4F4A-85F5-B635957126B3}
[2012/05/18 08:40:28 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/05/17 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/15 06:38:56 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{675FE08C-9F07-4FBA-9DE8-8DFCED80DB0D}
[2012/05/15 06:38:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C5F91FC6-A50D-4AEF-865F-1E12ED111CDC}
[2012/05/14 22:49:47 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{9289F08B-9120-435C-9E33-D9C8CCF8AE97}
[2012/05/14 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{B389E016-299F-467F-A677-3DBA87EDAABD}
[2012/05/14 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2EF062A7-428E-4C1D-A922-5D7B36E8D2D4}
[2012/05/14 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{746569D9-02C3-4E3F-8F2E-C7EE71E265AA}
[2012/05/14 01:47:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{21FE0D61-5539-4D41-979D-273C61DBF64C}
[2012/05/14 01:47:15 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{94DD8F9C-A3C4-4BDC-971F-C4290463A34D}
[2012/05/13 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{433F4CE5-72D8-43E8-BD7E-910C38D61554}
[2012/05/13 13:48:01 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{6A88D5C6-1BA9-4B25-AC4A-FEDD9ECB110A}
[2012/05/12 20:25:31 | 000,000,000 | R--D | C] -- C:\Users\SeizeTheMemories\SkyDrive
[2012/05/12 20:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/05/12 17:53:54 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{FD59226C-3768-45F4-8AB4-CFD96C3A0F80}
[2012/05/12 17:53:42 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{37E97F5D-6A63-47B0-AC3D-8FFA5ECDD3A6}
[2012/05/12 12:37:11 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{BF2E5C64-8A2D-4FB6-AD4C-DBA13530C7B3}
[2012/05/12 12:36:57 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{1CF4593F-49D6-414D-A0BF-2F89E717CA1C}
[2012/05/12 08:12:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{79E9A468-1078-40FD-ACFB-09623B0E9982}
[2012/05/12 08:12:14 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{47BBD7FE-743B-4E60-87F6-D4D4C64EF876}
[2012/05/11 18:54:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{53D5CDF0-ACBF-4E4E-ACC8-F55E3F97FFE9}
[2012/05/11 18:54:16 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{CC18CA34-0D9B-4D35-9B05-0C633E33B92F}
[2012/05/11 17:50:12 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{8018244A-BE36-4E86-AD9E-617BCB417954}
[2012/05/11 17:50:01 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2AFFC383-3C53-4E8D-83B6-3ED95658A2B1}
[2012/05/11 12:38:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/11 12:38:47 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/11 12:38:46 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/11 12:38:44 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/11 12:38:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/11 12:38:43 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/11 12:38:43 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/11 12:38:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2012/06/08 20:44:03 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000UA.job
[2012/06/08 20:44:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000Core.job
[2012/06/08 15:52:57 | 000,139,084 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\three ladies recreated from O Brother How Art Thou.jpg
[2012/06/08 10:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/08 00:50:30 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 00:50:30 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 00:50:05 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/08 00:50:05 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/08 00:47:39 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/06/08 00:44:32 | 2414,579,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 03:26:32 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/01 02:04:09 | 000,606,305 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky11111111111.jpg
[2012/06/01 01:26:29 | 002,237,923 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\21-Smoke-Brush.zip
[2012/05/30 23:50:18 | 000,057,924 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\576320_3747492497617_1585458359_2883358_1341344057_n.jpg
[2012/05/30 23:49:24 | 000,011,918 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\My Little Boy Yesterday.jpg
[2012/05/30 19:17:02 | 002,696,714 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Colorful hair and water.psb
[2012/05/26 21:09:23 | 000,065,536 | ---- | M] () -- C:\Windows\IFinst27.exe
[2012/05/26 20:25:08 | 000,001,328 | ---- | M] () -- C:\Users\SeizeTheMemories\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/26 20:25:08 | 000,001,304 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/05/23 21:03:16 | 070,854,959 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Purple Clouds With C and C. 7759.psd
[2012/05/23 21:01:29 | 001,320,891 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Christian Dipping Caitlyn.JPG
[2012/05/23 20:41:31 | 000,206,642 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet2.pdf
[2012/05/22 20:51:11 | 000,175,307 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet1.pdf
[2012/05/19 23:53:36 | 000,001,085 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Hugin.lnk
[2012/05/18 22:35:20 | 000,104,229 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\cloud-1600-7.jpg
[2012/05/17 20:44:52 | 000,001,352 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/05/16 23:32:22 | 000,869,475 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky.jpg
[2012/05/15 06:30:32 | 012,219,705 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7868.psd
[2012/05/15 06:29:00 | 000,086,745 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\clouds-in-blue-sky3.jpg
[2012/05/15 06:28:42 | 075,995,755 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7002.psd
[2012/05/14 19:28:57 | 000,033,684 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\behind my ear dreamcatcher.jpg
[2012/05/13 18:52:49 | 000,033,699 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\523063_298296296906755_285837751485943_657287_1423243914_n.jpg
[2012/05/12 19:22:20 | 000,027,568 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\6014_1180300110806_1327282452_30504109_4342835_n.jpg
[2012/05/12 12:21:55 | 003,984,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/11 02:10:17 | 000,011,264 | -H-- | M] () -- C:\Users\SeizeTheMemories\Desktop\photothumb.db
[2012/05/10 14:49:08 | 000,292,072 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2012/06/08 15:52:53 | 000,139,084 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\three ladies recreated from O Brother How Art Thou.jpg
[2012/06/01 03:26:32 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/01 02:04:00 | 000,606,305 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky11111111111.jpg
[2012/06/01 01:46:13 | 002,237,923 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\21-Smoke-Brush.zip
[2012/05/30 23:50:17 | 000,057,924 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\576320_3747492497617_1585458359_2883358_1341344057_n.jpg
[2012/05/30 23:49:20 | 000,011,918 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\My Little Boy Yesterday.jpg
[2012/05/30 19:17:01 | 002,696,714 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Colorful hair and water.psb
[2012/05/26 20:25:08 | 000,001,304 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/05/23 21:03:15 | 070,854,959 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Purple Clouds With C and C. 7759.psd
[2012/05/23 21:01:28 | 001,320,891 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Christian Dipping Caitlyn.JPG
[2012/05/23 20:41:31 | 000,206,642 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet2.pdf
[2012/05/22 20:51:11 | 000,175,307 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet1.pdf
[2012/05/19 23:53:36 | 000,001,085 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Hugin.lnk
[2012/05/16 23:06:22 | 000,104,229 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\cloud-1600-7.jpg
[2012/05/15 14:19:33 | 000,869,475 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky.jpg
[2012/05/15 06:30:27 | 012,219,705 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7868.psd
[2012/05/15 06:28:37 | 075,995,755 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7002.psd
[2012/05/14 20:15:58 | 000,086,745 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\clouds-in-blue-sky3.jpg
[2012/05/14 19:28:54 | 000,033,684 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\behind my ear dreamcatcher.jpg
[2012/05/13 18:52:48 | 000,033,699 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\523063_298296296906755_285837751485943_657287_1423243914_n.jpg
[2012/05/12 20:25:31 | 000,002,214 | ---- | C] () -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/05/12 19:22:19 | 000,027,568 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\6014_1180300110806_1327282452_30504109_4342835_n.jpg
[2012/04/30 07:33:13 | 000,004,608 | ---- | C] () -- C:\Users\SeizeTheMemories\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/30 07:32:07 | 000,000,088 | RHS- | C] () -- C:\ProgramData\64C0A37F4F.sys
[2012/04/30 07:32:06 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/03/20 08:28:07 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/03/11 07:40:29 | 000,890,953 | ---- | C] () -- C:\Windows\Spr.ini
[2012/01/30 21:19:37 | 000,301,564 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/12/27 14:47:49 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/27 14:33:33 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/12/21 05:44:03 | 017,955,274 | ---- | C] () -- C:\Program Files\Oh So Posh Freebies.zip
[2011/12/13 21:51:20 | 000,292,072 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/09 13:38:23 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/09/09 02:58:03 | 001,731,104 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011/09/09 02:58:03 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011/09/09 02:58:03 | 001,514,016 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011/09/09 02:58:03 | 001,108,512 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011/09/09 02:58:03 | 000,473,632 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011/09/09 02:58:03 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011/09/09 02:58:03 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== LOP Check ==========

[2011/11/28 12:43:40 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Alien Skin
[2011/09/10 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Anthropics
[2012/06/01 04:12:08 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Auto FX Software
[2011/09/09 03:55:01 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\AVG10
[2011/09/11 03:59:32 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Canon
[2012/04/27 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/30 23:02:26 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\CheckPoint
[2011/12/22 20:19:59 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/10/15 00:48:14 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/29 09:33:24 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Digital Support
[2011/09/09 11:02:58 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\GlarySoft
[2011/10/30 13:03:58 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\HDRsoft
[2011/11/26 03:11:16 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Imagenomic
[2012/02/08 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\IObit
[2012/02/08 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Media Get LLC
[2011/11/26 23:17:42 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\NeatImage SL
[2011/12/15 15:33:50 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Nolo
[2011/09/09 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PCDr
[2011/12/20 05:55:11 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PDAppFlex
[2012/05/11 02:20:59 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PhotoScape
[2011/09/09 03:55:12 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PwrMgr
[2012/01/30 21:21:21 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\QuickScan
[2011/09/11 02:30:56 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/27 18:55:52 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\SumatraPDF
[2012/02/16 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\theimagingfactory
[2012/02/08 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Totally Rad Dirty Pictures
[2012/04/30 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Ulead Systems
[2011/09/09 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Update
[2011/12/06 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Windows Live Writer
[2012/06/08 20:44:02 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000Core.job
[2012/06/08 20:44:03 | 000,000,972 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000UA.job
[2012/06/08 00:47:39 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/31 19:32:50 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/03/11 06:54:12 | 000,047,082 | ---- | M] () -- C:\AutoEyeuninstal.log
[2012/02/08 22:02:58 | 000,013,098 | ---- | M] () -- C:\bdlog.txt
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/09/09 02:36:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/26 12:46:03 | 000,002,880 | ---- | M] () -- C:\dleacomx.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2006/07/28 10:32:44 | 000,007,005 | ---- | M] () -- C:\Eula.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/08 00:44:32 | 2414,579,712 | -HS- | M] () -- C:\hiberfil.sys
[
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Fri Jun 08, 2012 9:07 pm    Post subject: Reply with quote

You've posted the logs as one post, I did ask you not to do this, and as a result they've been cut short by the forum post size limiter.

Please post each log separately so that I can see them all.

You may need to post the OTL.txt log in sections if it won't fit in one post.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Sat Jun 09, 2012 9:59 am    Post subject: TDSS Reply with quote

23:31:37.0193 8856 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:31:37.0807 8856 ============================================================
23:31:37.0807 8856 Current date / time: 2012/06/08 23:31:37.0807
23:31:37.0807 8856 SystemInfo:
23:31:37.0807 8856
23:31:37.0807 8856 OS Version: 6.1.7600 ServicePack: 0.0
23:31:37.0807 8856 Product type: Workstation
23:31:37.0808 8856 ComputerName: SEIZETHEMEMOR
23:31:37.0808 8856 UserName: SeizeTheMemories
23:31:37.0808 8856 Windows directory: C:\Windows
23:31:37.0808 8856 System windows directory: C:\Windows
23:31:37.0808 8856 Processor architecture: Intel x86
23:31:37.0808 8856 Number of processors: 2
23:31:37.0808 8856 Page size: 0x1000
23:31:37.0808 8856 Boot type: Normal boot
23:31:37.0808 8856 ============================================================
23:31:38.0829 8856 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
23:31:38.0832 8856 ============================================================
23:31:38.0832 8856 \Device\Harddisk0\DR0:
23:31:38.0833 8856 MBR partitions:
23:31:38.0833 8856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
23:31:38.0833 8856 ============================================================
23:31:38.0865 8856 C: <-> \Device\Harddisk0\DR0\Partition0
23:31:38.0865 8856 ============================================================
23:31:38.0865 8856 Initialize success
23:31:38.0865 8856 ============================================================
23:32:24.0317 10052 ============================================================
23:32:24.0317 10052 Scan started
23:32:24.0317 10052 Mode: Manual; TDLFS;
23:32:24.0317 10052 ============================================================
23:32:24.0992 10052 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:32:24.0997 10052 1394ohci - ok
23:32:25.0069 10052 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:32:25.0078 10052 ACPI - ok
23:32:25.0110 10052 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:32:25.0112 10052 AcpiPmi - ok
23:32:25.0169 10052 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
23:32:25.0186 10052 ADIHdAudAddService - ok
23:32:25.0318 10052 AdobeActiveFileMonitor10.0 (c245e08ec469a52a622efdc9787a0dcc) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
23:32:25.0328 10052 AdobeActiveFileMonitor10.0 - ok
23:32:25.0388 10052 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:32:25.0406 10052 adp94xx - ok
23:32:25.0444 10052 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:32:25.0458 10052 adpahci - ok
23:32:25.0481 10052 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:32:25.0485 10052 adpu320 - ok
23:32:25.0519 10052 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE
23:32:25.0523 10052 AEADIFilters - ok
23:32:25.0554 10052 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:32:25.0557 10052 AeLookupSvc - ok
23:32:25.0621 10052 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
23:32:25.0635 10052 AFD - ok
23:32:25.0659 10052 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:32:25.0662 10052 agp440 - ok
23:32:25.0694 10052 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:32:25.0697 10052 aic78xx - ok
23:32:25.0735 10052 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:32:25.0738 10052 ALG - ok
23:32:25.0758 10052 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:32:25.0760 10052 aliide - ok
23:32:25.0776 10052 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:32:25.0779 10052 amdagp - ok
23:32:25.0795 10052 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:32:25.0797 10052 amdide - ok
23:32:25.0806 10052 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:32:25.0808 10052 AmdK8 - ok
23:32:25.0826 10052 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:32:25.0829 10052 AmdPPM - ok
23:32:25.0859 10052 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
23:32:25.0862 10052 amdsata - ok
23:32:25.0886 10052 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:32:25.0891 10052 amdsbs - ok
23:32:25.0909 10052 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
23:32:25.0911 10052 amdxata - ok
23:32:25.0969 10052 AMPPAL (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\AMPPAL.sys
23:32:25.0985 10052 AMPPAL - ok
23:32:25.0999 10052 AMPPALP (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\amppal.sys
23:32:26.0002 10052 AMPPALP - ok
23:32:26.0117 10052 AMPPALR3 (ef4022e9c59b20438c1304424d9441f4) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:32:26.0167 10052 AMPPALR3 - ok
23:32:26.0201 10052 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:32:26.0204 10052 AppID - ok
23:32:26.0245 10052 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:32:26.0248 10052 AppIDSvc - ok
23:32:26.0299 10052 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
23:32:26.0302 10052 Appinfo - ok
23:32:26.0374 10052 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:32:26.0377 10052 Apple Mobile Device - ok
23:32:26.0419 10052 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
23:32:26.0424 10052 AppMgmt - ok
23:32:26.0461 10052 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:32:26.0464 10052 arc - ok
23:32:26.0488 10052 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:32:26.0492 10052 arcsas - ok
23:32:26.0576 10052 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:32:26.0578 10052 aspnet_state - ok
23:32:26.0611 10052 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
23:32:26.0614 10052 aswFsBlk - ok
23:32:26.0642 10052 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
23:32:26.0645 10052 aswMonFlt - ok
23:32:26.0656 10052 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
23:32:26.0659 10052 aswRdr - ok
23:32:26.0700 10052 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
23:32:26.0717 10052 aswSnx - ok
23:32:26.0749 10052 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
23:32:26.0763 10052 aswSP - ok
23:32:26.0774 10052 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
23:32:26.0777 10052 aswTdi - ok
23:32:26.0793 10052 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:32:26.0795 10052 AsyncMac - ok
23:32:26.0832 10052 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:32:26.0834 10052 atapi - ok
23:32:26.0885 10052 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:32:26.0910 10052 AudioEndpointBuilder - ok
23:32:26.0917 10052 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:32:26.0921 10052 Audiosrv - ok
23:32:26.0985 10052 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:32:26.0986 10052 avast! Antivirus - ok
23:32:27.0022 10052 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
23:32:27.0026 10052 AxInstSV - ok
23:32:27.0077 10052 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:32:27.0095 10052 b06bdrv - ok
23:32:27.0137 10052 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:32:27.0151 10052 b57nd60x - ok
23:32:27.0176 10052 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:32:27.0180 10052 BDESVC - ok
23:32:27.0190 10052 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:32:27.0193 10052 Beep - ok
23:32:27.0264 10052 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
23:32:27.0288 10052 BFE - ok
23:32:27.0352 10052 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
23:32:27.0381 10052 BITS - ok
23:32:27.0394 10052 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:32:27.0396 10052 blbdrive - ok
23:32:27.0489 10052 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:32:27.0506 10052 Bonjour Service - ok
23:32:27.0543 10052 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
23:32:27.0546 10052 bowser - ok
23:32:27.0571 10052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:32:27.0573 10052 BrFiltLo - ok
23:32:27.0584 10052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:32:27.0586 10052 BrFiltUp - ok
23:32:27.0616 10052 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
23:32:27.0620 10052 Browser - ok
23:32:27.0652 10052 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:32:27.0667 10052 Brserid - ok
23:32:27.0687 10052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:32:27.0690 10052 BrSerWdm - ok
23:32:27.0706 10052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:32:27.0708 10052 BrUsbMdm - ok
23:32:27.0725 10052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:32:27.0727 10052 BrUsbSer - ok
23:32:27.0777 10052 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
23:32:27.0780 10052 BthEnum - ok
23:32:27.0801 10052 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:32:27.0804 10052 BTHMODEM - ok
23:32:27.0850 10052 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:32:27.0854 10052 BthPan - ok
23:32:27.0885 10052 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
23:32:27.0899 10052 BTHPORT - ok
23:32:27.0941 10052 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:32:27.0945 10052 bthserv - ok
23:32:28.0008 10052 BTHSSecurityMgr (8893814133afdd17431e2682ede2dce9) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:32:28.0012 10052 BTHSSecurityMgr - ok
23:32:28.0027 10052 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
23:32:28.0030 10052 BTHUSB - ok
23:32:28.0041 10052 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
23:32:28.0045 10052 btusbflt - ok
23:32:28.0105 10052 BTWAMPFL (8e8fab65326c4f35ffe2026cb3be396d) C:\Windows\system32\DRIVERS\btwampfl.sys
23:32:28.0118 10052 BTWAMPFL - ok
23:32:28.0140 10052 btwaudio (b25f9c5219d6f153066d1503110330e4) C:\Windows\system32\drivers\btwaudio.sys
23:32:28.0144 10052 btwaudio - ok
23:32:28.0160 10052 btwavdt (9d4a35cef4d539008ea4226e33a700de) C:\Windows\system32\DRIVERS\btwavdt.sys
23:32:28.0165 10052 btwavdt - ok
23:32:28.0177 10052 BTWDPAN (b5bb5531f92234db3602b60819de3158) C:\Windows\system32\DRIVERS\btwdpan.sys
23:32:28.0181 10052 BTWDPAN - ok
23:32:28.0193 10052 btwl2cap (80ee715e92364861262b75c84b2654ce) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:32:28.0196 10052 btwl2cap - ok
23:32:28.0214 10052 btwrchid (b1f85b4985a6419e3fcddcb251547130) C:\Windows\system32\DRIVERS\btwrchid.sys
23:32:28.0217 10052 btwrchid - ok
23:32:28.0248 10052 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:32:28.0252 10052 cdfs - ok
23:32:28.0281 10052 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:32:28.0285 10052 cdrom - ok
23:32:28.0317 10052 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:32:28.0321 10052 CertPropSvc - ok
23:32:28.0341 10052 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:32:28.0344 10052 circlass - ok
23:32:28.0374 10052 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:32:28.0390 10052 CLFS - ok
23:32:28.0458 10052 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:28.0461 10052 clr_optimization_v2.0.50727_32 - ok
23:32:28.0507 10052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:28.0512 10052 clr_optimization_v4.0.30319_32 - ok
23:32:28.0521 10052 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:32:28.0524 10052 CmBatt - ok
23:32:28.0537 10052 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:32:28.0540 10052 cmdide - ok
23:32:28.0583 10052 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
23:32:28.0594 10052 CNG - ok
23:32:28.0616 10052 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:32:28.0618 10052 Compbatt - ok
23:32:28.0636 10052 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:32:28.0639 10052 CompositeBus - ok
23:32:28.0649 10052 COMSysApp - ok
23:32:28.0670 10052 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:32:28.0672 10052 crcdisk - ok
23:32:28.0730 10052 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
23:32:28.0736 10052 CryptSvc - ok
23:32:28.0778 10052 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:32:28.0796 10052 CSC - ok
23:32:28.0828 10052 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
23:32:28.0843 10052 CscService - ok
23:32:28.0896 10052 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
23:32:28.0903 10052 DcomLaunch - ok
23:32:28.0936 10052 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:32:28.0952 10052 defragsvc - ok
23:32:29.0071 10052 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
23:32:29.0075 10052 DfsC - ok
23:32:29.0108 10052 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
23:32:29.0124 10052 Dhcp - ok
23:32:29.0143 10052 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:32:29.0145 10052 discache - ok
23:32:29.0173 10052 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:32:29.0176 10052 Disk - ok
23:32:29.0219 10052 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
23:32:29.0224 10052 Dnscache - ok
23:32:29.0249 10052 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
23:32:29.0264 10052 dot3svc - ok
23:32:29.0289 10052 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
23:32:29.0295 10052 DPS - ok
23:32:29.0327 10052 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:32:29.0329 10052 drmkaud - ok
23:32:29.0399 10052 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
23:32:29.0439 10052 DXGKrnl - ok
23:32:29.0484 10052 e1express (339cbffbbc29580dbc3b235f2fb74f74) C:\Windows\system32\DRIVERS\e1e6232.sys
23:32:29.0498 10052 e1express - ok
23:32:29.0518 10052 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:32:29.0523 10052 EapHost - ok
23:32:29.0704 10052 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:32:29.0785 10052 ebdrv - ok
23:32:29.0888 10052 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
23:32:29.0893 10052 EFS - ok
23:32:29.0967 10052 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
23:32:30.0006 10052 ehRecvr - ok
23:32:30.0030 10052 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:32:30.0034 10052 ehSched - ok
23:32:30.0090 10052 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:32:30.0107 10052 elxstor - ok
23:32:30.0124 10052 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:32:30.0127 10052 ErrDev - ok
23:32:30.0182 10052 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:32:30.0197 10052 EventSystem - ok
23:32:30.0306 10052 EvtEng (b6c691d8cae275ed9b2782e62626f36a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:32:30.0336 10052 EvtEng - ok
23:32:30.0358 10052 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:32:30.0363 10052 exfat - ok
23:32:30.0384 10052 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:32:30.0389 10052 fastfat - ok
23:32:30.0435 10052 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
23:32:30.0475 10052 Fax - ok
23:32:30.0501 10052 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:32:30.0503 10052 fdc - ok
23:32:30.0524 10052 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:32:30.0528 10052 fdPHost - ok
23:32:30.0540 10052 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:32:30.0545 10052 FDResPub - ok
23:32:30.0556 10052 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:32:30.0559 10052 FileInfo - ok
23:32:30.0572 10052 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:32:30.0575 10052 Filetrace - ok
23:32:30.0664 10052 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:32:30.0707 10052 FLEXnet Licensing Service - ok
23:32:30.0736 10052 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:32:30.0739 10052 flpydisk - ok
23:32:30.0774 10052 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:32:30.0783 10052 FltMgr - ok
23:32:30.0842 10052 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
23:32:30.0887 10052 FontCache - ok
23:32:30.0958 10052 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:32:30.0961 10052 FontCache3.0.0.0 - ok
23:32:30.0978 10052 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:32:30.0981 10052 FsDepends - ok
23:32:31.0011 10052 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
23:32:31.0014 10052 fssfltr - ok
23:32:31.0134 10052 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:32:31.0190 10052 fsssvc - ok
23:32:31.0328 10052 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
23:32:31.0332 10052 Fs_Rec - ok
23:32:31.0392 10052 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
23:32:31.0401 10052 fvevol - ok
23:32:31.0442 10052 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:32:31.0445 10052 gagp30kx - ok
23:32:31.0487 10052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:32:31.0490 10052 GEARAspiWDM - ok
23:32:31.0543 10052 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
23:32:31.0564 10052 gpsvc - ok
23:32:31.0582 10052 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:32:31.0584 10052 hcw85cir - ok
23:32:31.0631 10052 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:32:31.0645 10052 HdAudAddService - ok
23:32:31.0670 10052 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:32:31.0674 10052 HDAudBus - ok
23:32:31.0689 10052 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:32:31.0691 10052 HidBatt - ok
23:32:31.0711 10052 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:32:31.0715 10052 HidBth - ok
23:32:31.0732 10052 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:32:31.0735 10052 HidIr - ok
23:32:31.0754 10052 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:32:31.0758 10052 hidserv - ok
23:32:31.0790 10052 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:32:31.0793 10052 HidUsb - ok
23:32:31.0858 10052 hitmanpro35 (411bce825fca2b296ff89b833de11321) C:\Windows\system32\drivers\hitmanpro36.sys
23:32:31.0861 10052 hitmanpro35 - ok
23:32:31.0886 10052 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
23:32:31.0892 10052 hkmsvc - ok
23:32:31.0913 10052 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
23:32:31.0928 10052 HomeGroupListener - ok
23:32:31.0962 10052 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
23:32:31.0978 10052 HomeGroupProvider - ok
23:32:32.0011 10052 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:32:32.0015 10052 HpSAMD - ok
23:32:32.0038 10052 HSF_DPV - ok
23:32:32.0043 10052 HSXHWAZL - ok
23:32:32.0096 10052 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:32:32.0111 10052 HTTP - ok
23:32:32.0125 10052 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:32:32.0128 10052 hwpolicy - ok
23:32:32.0182 10052 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:32:32.0186 10052 i8042prt - ok
23:32:32.0230 10052 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
23:32:32.0233 10052 iaStor - ok
23:32:32.0300 10052 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:32:32.0302 10052 IAStorDataMgrSvc - ok
23:32:32.0357 10052 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
23:32:32.0371 10052 iaStorV - ok
23:32:32.0420 10052 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
23:32:32.0423 10052 IBMPMDRV - ok
23:32:32.0460 10052 IBMPMSVC (5565982522ee9d4e8921feb304d4226f) C:\Windows\system32\ibmpmsvc.exe
23:32:32.0465 10052 IBMPMSVC - ok
23:32:32.0562 10052 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:32:32.0599 10052 idsvc - ok
23:32:32.0644 10052 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:32:32.0647 10052 iirsp - ok
23:32:32.0703 10052 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
23:32:32.0728 10052 IKEEXT - ok
23:32:32.0752 10052 Intel(R) PROSet Monitoring Service (f2c6fb081b707863a0a21d639f325475) C:\Windows\system32\IProsetMonitor.exe
23:32:32.0757 10052 Intel(R) PROSet Monitoring Service - ok
23:32:32.0777 10052 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:32:32.0779 10052 intelide - ok
23:32:32.0824 10052 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:32:32.0826 10052 intelppm - ok
23:32:32.0840 10052 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:32:32.0845 10052 IPBusEnum - ok
23:32:32.0868 10052 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:32:32.0871 10052 IpFilterDriver - ok
23:32:32.0888 10052 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:32:32.0892 10052 IPMIDRV - ok
23:32:32.0912 10052 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:32:32.0916 10052 IPNAT - ok
23:32:33.0019 10052 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:32:33.0041 10052 iPod Service - ok
23:32:33.0047 10052 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:32:33.0049 10052 IRENUM - ok
23:32:33.0073 10052 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:32:33.0076 10052 isapnp - ok
23:32:33.0103 10052 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:32:33.0113 10052 iScsiPrt - ok
23:32:33.0136 10052 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:32:33.0139 10052 kbdclass - ok
23:32:33.0170 10052 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:32:33.0173 10052 kbdhid - ok
23:32:33.0205 10052 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:32:33.0208 10052 KeyIso - ok
23:32:33.0235 10052 KMService (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe
23:32:33.0242 10052 KMService - ok
23:32:33.0254 10052 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
23:32:33.0258 10052 KSecDD - ok
23:32:33.0278 10052 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
23:32:33.0282 10052 KSecPkg - ok
23:32:33.0324 10052 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:32:33.0343 10052 KtmRm - ok
23:32:33.0381 10052 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
23:32:33.0399 10052 LanmanServer - ok
23:32:33.0428 10052 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
23:32:33.0441 10052 LanmanWorkstation - ok
23:32:33.0473 10052 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:32:33.0476 10052 lltdio - ok
23:32:33.0500 10052 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:32:33.0515 10052 lltdsvc - ok
23:32:33.0533 10052 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:32:33.0538 10052 lmhosts - ok
23:32:33.0573 10052 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:32:33.0577 10052 LSI_FC - ok
23:32:33.0596 10052 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:32:33.0600 10052 LSI_SAS - ok
23:32:33.0619 10052 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:32:33.0622 10052 LSI_SAS2 - ok
23:32:33.0642 10052 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:32:33.0645 10052 LSI_SCSI - ok
23:32:33.0670 10052 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:32:33.0674 10052 luafv - ok
23:32:33.0699 10052 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
23:32:33.0706 10052 Mcx2Svc - ok
23:32:33.0723 10052 mdmxsdk - ok
23:32:33.0742 10052 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:32:33.0745 10052 megasas - ok
23:32:33.0772 10052 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:32:33.0788 10052 MegaSR - ok
23:32:33.0862 10052 Microsoft SharePoint Workspace Audit Service - ok
23:32:33.0891 10052 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:32:33.0896 10052 MMCSS - ok
23:32:33.0908 10052 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:32:33.0910 10052 Modem - ok
23:32:33.0938 10052 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:32:33.0941 10052 monitor - ok
23:32:33.0969 10052 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:32:33.0972 10052 mouclass - ok
23:32:34.0004 10052 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:32:34.0007 10052 mouhid - ok
23:32:34.0032 10052 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:32:34.0035 10052 mountmgr - ok
23:32:34.0090 10052 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:32:34.0094 10052 MozillaMaintenance - ok
23:32:34.0118 10052 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:32:34.0122 10052 mpio - ok
23:32:34.0140 10052 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:32:34.0143 10052 mpsdrv - ok
23:32:34.0211 10052 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
23:32:34.0256 10052 MpsSvc - ok
23:32:34.0295 10052 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:32:34.0305 10052 MRxDAV - ok
23:32:34.0362 10052 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:32:34.0366 10052 mrxsmb - ok
23:32:34.0392 10052 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:32:34.0406 10052 mrxsmb10 - ok
23:32:34.0488 10052 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:32:34.0491 10052 mrxsmb20 - ok
23:32:34.0504 10052 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:32:34.0506 10052 msahci - ok
23:32:34.0520 10052 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:32:34.0523 10052 msdsm - ok
23:32:34.0553 10052 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:32:34.0560 10052 MSDTC - ok
23:32:34.0608 10052 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:32:34.0611 10052 Msfs - ok
23:32:34.0618 10052 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:32:34.0621 10052 mshidkmdf - ok
23:32:34.0634 10052 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:32:34.0637 10052 msisadrv - ok
23:32:34.0670 10052 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:32:34.0676 10052 MSiSCSI - ok
23:32:34.0680 10052 msiserver - ok
23:32:34.0704 10052 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:32:34.0708 10052 MSKSSRV - ok
23:32:34.0736 10052 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:32:34.0739 10052 MSPCLOCK - ok
23:32:34.0752 10052 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:32:34.0755 10052 MSPQM - ok
23:32:34.0781 10052 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:32:34.0786 10052 MsRPC - ok
23:32:34.0801 10052 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:32:34.0804 10052 mssmbios - ok
23:32:34.0820 10052 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:32:34.0822 10052 MSTEE - ok
23:32:34.0838 10052 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:32:34.0841 10052 MTConfig - ok
23:32:34.0861 10052 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:32:34.0864 10052 Mup - ok
23:32:34.0904 10052 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
23:32:34.0926 10052 napagent - ok
23:32:34.0964 10052 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:32:34.0980 10052 NativeWifiP - ok
23:32:35.0095 10052 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:32:35.0108 10052 NDIS - ok
23:32:35.0147 10052 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:32:35.0150 10052 NdisCap - ok
23:32:35.0180 10052 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:32:35.0182 10052 NdisTapi - ok
23:32:35.0197 10052 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:32:35.0200 10052 Ndisuio - ok
23:32:35.0215 10052 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:32:35.0219 10052 NdisWan - ok
23:32:35.0227 10052 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:32:35.0229 10052 NDProxy - ok
23:32:35.0247 10052 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:32:35.0250 10052 NetBIOS - ok
23:32:35.0271 10052 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:32:35.0286 10052 NetBT - ok
23:32:35.0309 10052 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:32:35.0312 10052 Netlogon - ok
23:32:35.0358 10052 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:32:35.0374 10052 Netman - ok
23:32:35.0461 10052 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:32:35.0466 10052 NetMsmqActivator - ok
23:32:35.0471 10052 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:32:35.0473 10052 NetPipeActivator - ok
23:32:35.0524 10052 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:32:35.0544 10052 netprofm - ok
23:32:35.0548 10052 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:32:35.0550 10052 NetTcpActivator - ok
23:32:35.0555 10052 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:32:35.0557 10052 NetTcpPortSharing - ok
23:32:35.0798 10052 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
23:32:35.0905 10052 netw5v32 - ok
23:32:36.0361 10052 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
23:32:36.0483 10052 NETwLv32 - ok
23:32:36.0590 10052 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:32:36.0593 10052 nfrd960 - ok
23:32:36.0628 10052 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
23:32:36.0644 10052 NlaSvc - ok
23:32:36.0707 10052 nlsX86cc (538b8ee581ecf4bff4fcba030df70505) C:\Windows\system32\nlssrv32.exe
23:32:36.0713 10052 nlsX86cc - ok
23:32:36.0730 10052 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:32:36.0732 10052 Npfs - ok
23:32:36.0743 10052 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:32:36.0748 10052 nsi - ok
23:32:36.0756 10052 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:32:36.0759 10052 nsiproxy - ok
23:32:36.0862 10052 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
23:32:36.0892 10052 Ntfs - ok
23:32:36.0905 10052 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:32:36.0908 10052 Null - ok
23:32:37.0172 10052 NVIDIA Performance Driver Service (6cb78ee92a95a534e418c7153ef3b1f8) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
23:32:37.0245 10052 NVIDIA Performance Driver Service - ok
23:32:37.0848 10052 nvlddmkm (4a6688bf47940cdc1475772b235c6323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:32:38.0011 10052 nvlddmkm - ok
23:32:38.0111 10052 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
23:32:38.0114 10052 nvraid - ok
23:32:38.0131 10052 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
23:32:38.0135 10052 nvstor - ok
23:32:38.0176 10052 nvsvc (bdf0a1c578cf6b018910e418cdbf7bd9) C:\Windows\system32\nvvsvc.exe
23:32:38.0193 10052 nvsvc - ok
23:32:38.0226 10052 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:32:38.0229 10052 nv_agp - ok
23:32:38.0242 10052 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:32:38.0245 10052 ohci1394 - ok
23:32:38.0320 10052 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:32:38.0325 10052 ose - ok
23:32:38.0605 10052 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:32:38.0688 10052 osppsvc - ok
23:32:38.0784 10052 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:32:38.0802 10052 p2pimsvc - ok
23:32:38.0835 10052 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:32:38.0855 10052 p2psvc - ok
23:32:38.0887 10052 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:32:38.0890 10052 Parport - ok
23:32:38.0928 10052 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
23:32:38.0932 10052 partmgr - ok
23:32:38.0951 10052 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:32:38.0954 10052 Parvdm - ok
23:32:38.0980 10052 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:32:38.0996 10052 PcaSvc - ok
23:32:39.0013 10052 PcdrNdisuio - ok
23:32:39.0040 10052 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:32:39.0045 10052 pci - ok
23:32:39.0064 10052 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:32:39.0067 10052 pciide - ok
23:32:39.0089 10052 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:32:39.0096 10052 pcmcia - ok
23:32:39.0115 10052 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:32:39.0118 10052 pcw - ok
23:32:39.0193 10052 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:32:39.0204 10052 PEAUTH - ok
23:32:39.0296 10052 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
23:32:39.0327 10052 PeerDistSvc - ok
23:32:39.0425 10052 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
23:32:39.0467 10052 pla - ok
23:32:39.0592 10052 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
23:32:39.0612 10052 PlugPlay - ok
23:32:39.0627 10052 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:32:39.0633 10052 PNRPAutoReg - ok
23:32:39.0660 10052 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:32:39.0666 10052 PNRPsvc - ok
23:32:39.0704 10052 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
23:32:39.0721 10052 PolicyAgent - ok
23:32:39.0757 10052 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
23:32:39.0775 10052 Power - ok
23:32:39.0811 10052 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:32:39.0814 10052 PptpMiniport - ok
23:32:39.0835 10052 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:32:39.0838 10052 Processor - ok
23:32:39.0878 10052 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
23:32:39.0895 10052 ProfSvc - ok
23:32:39.0921 10052 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:32:39.0925 10052 ProtectedStorage - ok
23:32:39.0954 10052 psadd (06f82545e04ebf113b1c2c1c9f766d81) C:\Windows\system32\DRIVERS\psadd.sys
23:32:39.0958 10052 psadd - ok
23:32:39.0975 10052 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:32:39.0980 10052 Psched - ok
23:32:40.0064 10052 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:32:40.0074 10052 PSI_SVC_2 - ok
23:32:40.0117 10052 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
23:32:40.0120 10052 PxHelp20 - ok
23:32:40.0220 10052 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:32:40.0274 10052 ql2300 - ok
23:32:40.0429 10052 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:32:40.0433 10052 ql40xx - ok
23:32:40.0464 10052 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:32:40.0480 10052 QWAVE - ok
23:32:40.0495 10052 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:32:40.0498 10052 QWAVEdrv - ok
23:32:40.0522 10052 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:32:40.0525 10052 RasAcd - ok
23:32:40.0557 10052 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:32:40.0560 10052 RasAgileVpn - ok
23:32:40.0586 10052 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:32:40.0593 10052 RasAuto - ok
23:32:40.0606 10052 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:32:40.0610 10052 Rasl2tp - ok
23:32:40.0643 10052 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
23:32:40.0664 10052 RasMan - ok
23:32:40.0682 10052 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:32:40.0686 10052 RasPppoe - ok
23:32:40.0706 10052 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:32:40.0710 10052 RasSstp - ok
23:32:40.0733 10052 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:32:40.0749 10052 rdbss - ok
23:32:40.0755 10052 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:32:40.0757 10052 rdpbus - ok
23:32:40.0773 10052 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:32:40.0776 10052 RDPCDD - ok
23:32:40.0813 10052 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:32:40.0818 10052 RDPDR - ok
23:32:40.0836 10052 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:32:40.0839 10052 RDPENCDD - ok
23:32:40.0846 10052 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:32:40.0848 10052 RDPREFMP - ok
23:32:40.0894 10052 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
23:32:40.0905 10052 RDPWD - ok
23:32:40.0927 10052 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:32:40.0935 10052 rdyboost - ok
23:32:41.0029 10052 RegSrvc (6c47ac711f5fb55c5387a85d50ab4703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:32:41.0045 10052 RegSrvc - ok
23:32:41.0074 10052 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:32:41.0080 10052 RemoteAccess - ok
23:32:41.0105 10052 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:32:41.0117 10052 RemoteRegistry - ok
23:32:41.0170 10052 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
23:32:41.0173 10052 Revoflt - ok
23:32:41.0222 10052 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:32:41.0226 10052 RFCOMM - ok
23:32:41.0249 10052 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
23:32:41.0252 10052 rimmptsk - ok
23:32:41.0274 10052 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:32:41.0278 10052 rimsptsk - ok
23:32:41.0300 10052 rismxdp (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
23:32:41.0304 10052 rismxdp - ok
23:32:41.0334 10052 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:32:41.0340 10052 RpcEptMapper - ok
23:32:41.0349 10052 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:32:41.0355 10052 RpcLocator - ok
23:32:41.0397 10052 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
23:32:41.0404 10052 RpcSs - ok
23:32:41.0440 10052 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:32:41.0444 10052 rspndr - ok
23:32:41.0470 10052 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:32:41.0473 10052 s3cap - ok
23:32:41.0506 10052 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:32:41.0509 10052 SamSs - ok
23:32:41.0543 10052 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:32:41.0547 10052 sbp2port - ok
23:32:41.0577 10052 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:32:41.0594 10052 SCardSvr - ok
23:32:41.0608 10052 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:32:41.0612 10052 scfilter - ok
23:32:41.0685 10052 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
23:32:41.0717 10052 Schedule - ok
23:32:41.0742 10052 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:32:41.0744 10052 SCPolicySvc - ok
23:32:41.0773 10052 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys
23:32:41.0777 10052 sdbus - ok
23:32:41.0809 10052 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
23:32:41.0826 10052 SDRSVC - ok
23:32:41.0843 10052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:32:41.0846 10052 secdrv - ok
23:32:41.0872 10052 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:32:41.0879 10052 seclogon - ok
23:32:41.0906 10052 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
23:32:41.0913 10052 SENS - ok
23:32:41.0982 10052 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:32:41.0988 10052 SensrSvc - ok
23:32:42.0020 10052 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:32:42.0022 10052 Serenum - ok
23:32:42.0041 10052 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:32:42.0044 10052 Serial - ok
23:32:42.0067 10052 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:32:42.0071 10052 sermouse - ok
23:32:42.0105 10052 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
23:32:42.0117 10052 SessionEnv - ok
23:32:42.0142 10052 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:32:42.0145 10052 sffdisk - ok
23:32:42.0156 10052 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:32:42.0159 10052 sffp_mmc - ok
23:32:42.0179 10052 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
23:32:42.0182 10052 sffp_sd - ok
23:32:42.0199 10052 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:32:42.0203 10052 sfloppy - ok
23:32:42.0246 10052 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:32:42.0261 10052 SharedAccess - ok
23:32:42.0325 10052 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
23:32:42.0341 10052 ShellHWDetection - ok
23:32:42.0362 10052 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:32:42.0366 10052 sisagp - ok
23:32:42.0383 10052 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:32:42.0386 10052 SiSRaid2 - ok
23:32:42.0408 10052 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:32:42.0411 10052 SiSRaid4 - ok
23:32:42.0473 10052 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
23:32:42.0477 10052 SmartDefragDriver - ok
23:32:42.0500 10052 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:32:42.0503 10052 Smb - ok
23:32:42.0545 10052 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:32:42.0552 10052 SNMPTRAP - ok
23:32:42.0564 10052 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:32:42.0567 10052 spldr - ok
23:32:42.0626 10052 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
23:32:42.0642 10052 Spooler - ok
23:32:42.0818 10052 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
23:32:42.0892 10052 sppsvc - ok
23:32:42.0994 10052 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
23:32:43.0002 10052 sppuinotify - ok
23:32:43.0036 10052 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
23:32:43.0050 10052 srv - ok
23:32:43.0078 10052 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
23:32:43.0092 10052 srv2 - ok
23:32:43.0129 10052 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:32:43.0144 10052 SrvHsfHDA - ok
23:32:43.0207 10052 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:32:43.0238 10052 SrvHsfV92 - ok
23:32:43.0287 10052 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:32:43.0316 10052 SrvHsfWinac - ok
23:32:43.0340 10052 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
23:32:43.0344 10052 srvnet - ok
23:32:43.0372 10052 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:32:43.0390 10052 SSDPSRV - ok
23:32:43.0401 10052 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:32:43.0415 10052 SstpSvc - ok
23:32:43.0443 10052 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:32:43.0445 10052 stexstor - ok
23:32:43.0496 10052 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
23:32:43.0530 10052 StiSvc - ok
23:32:43.0556 10052 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:32:43.0559 10052 storflt - ok
23:32:43.0577 10052 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:32:43.0581 10052 storvsc - ok
23:32:43.0599 10052 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:32:43.0601 10052 swenum - ok
23:32:43.0722 10052 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:32:43.0753 10052 SwitchBoard - ok
23:32:43.0806 10052 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:32:43.0819 10052 swprv - ok
23:32:43.0915 10052 SynTP (4a1917415a08fcd77dd6d6ed649d5e9d) C:\Windows\system32\DRIVERS\SynTP.sys
23:32:43.0953 10052 SynTP - ok
23:32:44.0107 10052 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
23:32:44.0149 10052 SysMain - ok
23:32:44.0165 10052 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
23:32:44.0173 10052 TabletInputService - ok
23:32:44.0203 10052 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
23:32:44.0212 10052 TapiSrv - ok
23:32:44.0251 10052 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:32:44.0259 10052 TBS - ok
23:32:44.0381 10052 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
23:32:44.0420 10052 Tcpip - ok
23:32:44.0441 10052 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
23:32:44.0450 10052 TCPIP6 - ok
23:32:44.0488 10052 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:32:44.0491 10052 tcpipreg - ok
23:32:44.0512 10052 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:32:44.0516 10052 TDPIPE - ok
23:32:44.0552 10052 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
23:32:44.0555 10052 TDTCP - ok
23:32:44.0593 10052 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
23:32:44.0596 10052 tdx - ok
23:32:44.0614 10052 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:32:44.0617 10052 TermDD - ok
23:32:44.0662 10052 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
23:32:44.0692 10052 TermService - ok
23:32:44.0707 10052 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:32:44.0714 10052 Themes - ok
23:32:44.0839 10052 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:32:44.0842 10052 THREADORDER - ok
23:32:44.0866 10052 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
23:32:44.0869 10052 TPM - ok
23:32:44.0884 10052 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:32:44.0897 10052 TrkWks - ok
23:32:44.0940 10052 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
23:32:44.0956 10052 TrustedInstaller - ok
23:32:44.0970 10052 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:32:44.0973 10052 tssecsrv - ok
23:32:44.0998 10052 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:32:45.0001 10052 tunnel - ok
23:32:45.0036 10052 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
23:32:45.0040 10052 TVTI2C - ok
23:32:45.0073 10052 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:32:45.0076 10052 uagp35 - ok
23:32:45.0104 10052 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:32:45.0121 10052 udfs - ok
23:32:45.0150 10052 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:32:45.0157 10052 UI0Detect - ok
23:32:45.0187 10052 UimBus (0a1822d12cf103633893caf9cae4e69d) C:\Windows\system32\DRIVERS\UimBus.sys
23:32:45.0191 10052 UimBus - ok
23:32:45.0228 10052 Uim_IM (42f7398a76d279e0f63fc600920ab90c) C:\Windows\system32\Drivers\Uim_IM.sys
23:32:45.0246 10052 Uim_IM - ok
23:32:45.0276 10052 Uim_Vim (48ad04132fcac71e0eec3de5fb22d66e) C:\Windows\system32\Drivers\Uim_Vim.sys
23:32:45.0291 10052 Uim_Vim - ok
23:32:45.0324 10052 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:32:45.0328 10052 uliagpkx - ok
23:32:45.0355 10052 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:32:45.0358 10052 umbus - ok
23:32:45.0375 10052 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:32:45.0378 10052 UmPass - ok
23:32:45.0415 10052 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
23:32:45.0436 10052 UmRdpService - ok
23:32:45.0478 10052 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:32:45.0499 10052 upnphost - ok
23:32:45.0528 10052 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
23:32:45.0532 10052 USBAAPL - ok
23:32:45.0561 10052 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
23:32:45.0566 10052 usbaudio - ok
23:32:45.0608 10052 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
23:32:45.0613 10052 usbccgp - ok
23:32:45.0649 10052 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:32:45.0653 10052 usbcir - ok
23:32:45.0678 10052 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
23:32:45.0682 10052 usbehci - ok
23:32:45.0716 10052 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
23:32:45.0731 10052 usbhub - ok
23:32:45.0744 10052 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
23:32:45.0747 10052 usbohci - ok
23:32:45.0767 10052 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:32:45.0770 10052 usbprint - ok
23:32:45.0797 10052 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:32:45.0802 10052 USBSTOR - ok
23:32:45.0814 10052 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
23:32:45.0817 10052 usbuhci - ok
23:32:45.0848 10052 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
23:32:45.0852 10052 usbvideo - ok
23:32:45.0882 10052 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:32:45.0890 10052 UxSms - ok
23:32:45.0908 10052 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:32:45.0912 10052 VaultSvc - ok
23:32:45.0929 10052 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:32:45.0932 10052 vdrvroot - ok
23:32:45.0970 10052 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
23:32:46.0004 10052 vds - ok
23:32:46.0023 10052 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:32:46.0025 10052 vga - ok
23:32:46.0050 10052 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:32:46.0054 10052 VgaSave - ok
23:32:46.0080 10052 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:32:46.0090 10052 vhdmp - ok
23:32:46.0130 10052 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:32:46.0133 10052 viaagp - ok
23:32:46.0152 10052 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:32:46.0156 10052 ViaC7 - ok
23:32:46.0169 10052 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:32:46.0173 10052 viaide - ok
23:32:46.0214 10052 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:32:46.0224 10052 vmbus - ok
23:32:46.0237 10052 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:32:46.0240 10052 VMBusHID - ok
23:32:46.0250 10052 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:32:46.0253 10052 volmgr - ok
23:32:46.0367 10052 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:32:46.0490 10052 volmgrx - ok
23:32:46.0520 10052 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:32:46.0536 10052 volsnap - ok
23:32:46.0564 10052 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:32:46.0569 10052 vsmraid - ok
23:32:46.0761 10052 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
23:32:46.0786 10052 VSS - ok
23:32:46.0797 10052 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:32:46.0800 10052 vwifibus - ok
23:32:46.0832 10052 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:32:46.0852 10052 W32Time - ok
23:32:46.0880 10052 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:32:46.0883 10052 WacomPen - ok
23:32:46.0912 10052 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:32:46.0916 10052 WANARP - ok
23:32:46.0919 10052 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:32:46.0921 10052 Wanarpv6 - ok
23:32:47.0025 10052 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
23:32:47.0058 10052 wbengine - ok
23:32:47.0081 10052 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:32:47.0099 10052 WbioSrvc - ok
23:32:47.0158 10052 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
23:32:47.0179 10052 wcncsvc - ok
23:32:47.0196 10052 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:32:47.0203 10052 WcsPlugInService - ok
23:32:47.0246 10052 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:32:47.0249 10052 Wd - ok
23:32:47.0290 10052 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:32:47.0307 10052 Wdf01000 - ok
23:32:47.0324 10052 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:32:47.0337 10052 WdiServiceHost - ok
23:32:47.0341 10052 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:32:47.0347 10052 WdiSystemHost - ok
23:32:47.0385 10052 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
23:32:47.0403 10052 WebClient - ok
23:32:47.0426 10052 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:32:47.0445 10052 Wecsvc - ok
23:32:47.0464 10052 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:32:47.0471 10052 wercplsupport - ok
23:32:47.0498 10052 WerSvc (08e420d873e4fd85241e
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Sat Jun 09, 2012 10:03 am    Post subject: Reply with quote

OTL logfile created on: 6/8/2012 9:59:18 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\SeizeTheMemories\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 29.62% Memory free
5.99 Gb Paging File | 2.54 Gb Available in Paging File | 42.34% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 112.84 Gb Free Space | 37.86% Space Free | Partition Type: NTFS
Drive D: | 160.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 732.42 Gb Total Space | 58.60 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive Y: | 732.42 Gb Total Space | 58.60 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 197.47 Gb Free Space | 42.41% Space Free | Partition Type: NTFS

Computer Name: SEIZETHEMEMOR | User Name: SeizeTheMemories | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 21:55:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SeizeTheMemories\Downloads\OTL(1).exe
PRC - [2012/06/07 03:02:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/17 14:45:32 | 000,200,704 | ---- | M] (Facebook) -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/12/04 22:02:34 | 002,016,640 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\lightroom.exe
PRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/03 19:36:20 | 000,302,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/08 08:39:14 | 000,948,736 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011/07/27 21:41:08 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/07/27 21:22:30 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/03 13:51:40 | 000,102,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2011/03/18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 02:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/22 04:05:22 | 000,110,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/18 05:58:28 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009/07/20 02:55:50 | 004,446,752 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/07 03:02:05 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/12 12:26:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1308b3b2c033226ddd613752a37e3272\IAStorCommon.ni.dll
MOD - [2012/05/12 12:26:00 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d59182e98ef565ae60ca79643f38c798\IAStorUtil.ni.dll
MOD - [2012/05/12 12:23:43 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/12 12:23:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 12:23:34 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/12 12:23:08 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/12 12:23:01 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/12 12:22:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012/05/12 12:22:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/12 12:22:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/12 12:22:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/12 12:22:36 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/12 12:22:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/11 14:47:16 | 000,449,024 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.dll
MOD - [2012/05/11 14:47:16 | 000,275,456 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\CefSharp.WinForms.dll
MOD - [2012/05/06 18:16:58 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/25 15:21:18 | 021,009,408 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\libcef.dll
MOD - [2011/12/04 21:30:48 | 000,159,744 | ---- | M] () -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\moxplugins\wpdmanager.mox
MOD - [2011/12/04 21:30:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.6\moxplugins\AppManagerLR.mox
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/06/25 01:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/25 01:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/29 01:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/28 02:24:30 | 000,117,904 | ---- | M] () -- c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll1 -- (WcsPlugInService)
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\regsvc.dllces\remoteaccess\parameters -- (RemoteRegistry)
SRV - File not found [Disabled | Stopped] -- C:\Windows\System32\mprdim.dllces\RemoteAccess\Parameters -- (RemoteAccess)
SRV - [2012/06/07 03:02:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/09 14:10:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 13:37:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/08 08:39:14 | 000,948,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/07/27 21:41:08 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/07/27 21:22:30 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/03 13:51:40 | 000,102,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/09/22 04:05:22 | 000,110,752 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/18 05:58:28 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/07/20 02:55:50 | 004,446,752 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/07/15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PcdrNdisuio)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV)
DRV - [2011/12/29 14:23:23 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/13 14:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/10/13 14:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011/10/13 14:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011/09/09 12:00:56 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011/08/08 08:32:16 | 000,243,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011/08/08 08:32:16 | 000,243,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/10/07 07:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2010/08/18 13:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/26 03:15:50 | 000,221,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/15 16:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/15 15:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/07 21:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/05 20:21:46 | 009,833,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/02 13:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [1999/12/31 20:00:00 | 000,075,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwdpan.sys -- (BTWDPAN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 72 DA 6A 14 8D CC 01 [binary data]
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={44E7CD3B-2CEC-45CB-9CD1-1842BC620284}&mid=fbda8b7f780c42259ae87b5667fd7c30-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=us&ds=AVG&pr=pa&d=2011-12-07 03:38:06&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@lenovo.com/dueng,version=2.0: C:\Windows\system32\lenovo\update\npdueng.dll (Lenovo)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/09 13:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 03:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/01 03:26:43 | 000,000,000 | ---D | M]

[2011/09/09 11:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeizeTheMemories\AppData\Roaming\Mozilla\Extensions
[2012/06/05 21:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeizeTheMemories\AppData\Roaming\Mozilla\Firefox\Profiles\okbd67ha.default\extensions
[2012/05/19 14:17:33 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\SeizeTheMemories\AppData\Roaming\Mozilla\Firefox\Profiles\okbd67ha.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/05/06 18:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/09 13:15:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/07 03:02:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/19 17:14:25 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 22:59:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 22:59:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/01 10:39:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\SeizeTheMemories\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} http://consumersupport.lenovo.com/hk/en/SmartDownloading/cab/npdueng.cab (ElevatedCreater Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{057E337F-28E6-4511-AD97-C87E7452F547}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DC36248-0629-41F8-8715-680A7D2DA63F}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/11 06:54:12 | 000,047,082 | ---- | M] () - C:\AutoEyeuninstal.log -- [ NTFS ]
O32 - AutoRun File - [2012/04/26 07:04:15 | 000,000,000 | ---D | M] - C:\AutoFX DreamSuite Ultimate 1.36 32 bit (serial-FOSI) [ChingLiu] -- [ NTFS ]
O32 - AutoRun File - [2012/02/15 12:09:18 | 000,000,036 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\SeizeTheMemories\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PhotoJoy - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: vProt - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll\Services\rdsessmgr File not found
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WRkrn - Driver
SafeBootNet: WRSVC - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{8FCB5055-B154-47A5-8614-77ACA654B97D}
[2012/06/08 13:01:40 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C4EE3DAE-5B49-4D94-986F-B3C0002CC837}
[2012/06/08 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{13CAA70A-8E9E-4A01-963F-7ECDBB70C061}
[2012/06/08 00:48:06 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3844A07D-1AE0-4C60-A70B-4E631DF86C27}
[2012/06/06 16:24:24 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{02F86E8C-F034-42E8-90C8-51C3C4B26F5F}
[2012/06/06 16:23:16 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{E6A033DC-564A-438E-BC6F-EA4F2D61510D}
[2012/06/02 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\Desktop\Walgreens Photo Coupons
[2012/06/02 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C7408793-0A15-48FA-8FA3-07976793E270}
[2012/06/02 14:15:58 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{5ADA54A4-CE20-4DFA-9EE1-AC2FF8C49378}
[2012/06/01 04:12:08 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Auto FX Software
[2012/06/01 03:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/01 03:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/31 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{A26D8B6F-35E8-45C6-A771-CCE288681434}
[2012/05/31 23:05:49 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3198D189-7E34-4D5B-8872-AACB4C3E969D}
[2012/05/30 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{560CFFD7-3B45-4ADA-A36E-0A8176A1C309}
[2012/05/30 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{40F4FD13-BD3F-449F-A205-A9EC5F5B399D}
[2012/05/28 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2C046B8D-6938-4644-B1E4-DC66001330EC}
[2012/05/28 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{51FFFEB8-4A86-4E50-ACA6-9978DF3918AD}
[2012/05/28 02:43:56 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\Desktop\Pictures of Me Mama Kathi and Ethan 5-27-12
[2012/05/28 02:37:42 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{6343A432-E7F2-4065-9478-0AB735342AA7}
[2012/05/28 02:37:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C46F7F55-BB6E-49A7-BBB8-B268D7C1509E}
[2012/05/26 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Desktop Board
[2012/05/24 23:51:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3E725D63-3680-481C-9BA3-B157BA9C89A7}
[2012/05/24 23:51:20 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{230C60F5-4B4A-42F0-A1EC-9BDC7F5D7813}
[2012/05/23 21:10:25 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{506B8F36-BDC3-4218-916F-54F21F1B9588}
[2012/05/22 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F6F13FE9-5ED4-49CB-BED6-A0FC7E2EAD9B}
[2012/05/22 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{CCCDBC48-3776-476D-AF6B-D720C49BD299}
[2012/05/22 15:29:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{FC17C034-798C-4290-B4E9-56B36F11E63F}
[2012/05/22 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C2FB0F06-73FE-4748-BAF1-CDC49B3A26C7}
[2012/05/22 15:24:43 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F8CA8466-EE99-47A3-B9CF-17BD971F1A4A}
[2012/05/22 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{27BBB63B-93A7-4A79-B550-67605206D6DA}
[2012/05/22 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C155A875-C1E8-4B56-948E-997FBD8464D8}
[2012/05/22 14:17:26 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\Desktop\New folder
[2012/05/21 08:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012/05/21 08:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012/05/21 08:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012/05/20 17:12:55 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{60C13C44-89B4-40A0-B558-B33D6700D602}
[2012/05/20 17:12:44 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F66E04B2-350D-49DC-80A8-DD87B59D385B}
[2012/05/19 23:53:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin
[2012/05/19 23:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hugin
[2012/05/19 13:59:22 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{9C11958B-CA86-422B-8617-A75FC5D4D9AE}
[2012/05/19 13:59:02 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{43B07AB4-3E3A-4721-8B13-21CD5680264D}
[2012/05/18 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F1FE3035-A1E9-494E-A3FF-FBE89FCF8B31}
[2012/05/18 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{AD2C3232-D5B2-4F4A-85F5-B635957126B3}
[2012/05/18 08:40:28 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/05/17 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/15 06:38:56 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{675FE08C-9F07-4FBA-9DE8-8DFCED80DB0D}
[2012/05/15 06:38:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C5F91FC6-A50D-4AEF-865F-1E12ED111CDC}
[2012/05/14 22:49:47 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{9289F08B-9120-435C-9E33-D9C8CCF8AE97}
[2012/05/14 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{B389E016-299F-467F-A677-3DBA87EDAABD}
[2012/05/14 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2EF062A7-428E-4C1D-A922-5D7B36E8D2D4}
[2012/05/14 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{746569D9-02C3-4E3F-8F2E-C7EE71E265AA}
[2012/05/14 01:47:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{21FE0D61-5539-4D41-979D-273C61DBF64C}
[2012/05/14 01:47:15 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{94DD8F9C-A3C4-4BDC-971F-C4290463A34D}
[2012/05/13 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{433F4CE5-72D8-43E8-BD7E-910C38D61554}
[2012/05/13 13:48:01 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{6A88D5C6-1BA9-4B25-AC4A-FEDD9ECB110A}
[2012/05/12 20:25:31 | 000,000,000 | R--D | C] -- C:\Users\SeizeTheMemories\SkyDrive
[2012/05/12 20:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/05/12 17:53:54 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{FD59226C-3768-45F4-8AB4-CFD96C3A0F80}
[2012/05/12 17:53:42 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{37E97F5D-6A63-47B0-AC3D-8FFA5ECDD3A6}
[2012/05/12 12:37:11 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{BF2E5C64-8A2D-4FB6-AD4C-DBA13530C7B3}
[2012/05/12 12:36:57 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{1CF4593F-49D6-414D-A0BF-2F89E717CA1C}
[2012/05/12 08:12:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{79E9A468-1078-40FD-ACFB-09623B0E9982}
[2012/05/12 08:12:14 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{47BBD7FE-743B-4E60-87F6-D4D4C64EF876}
[2012/05/11 18:54:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{53D5CDF0-ACBF-4E4E-ACC8-F55E3F97FFE9}
[2012/05/11 18:54:16 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{CC18CA34-0D9B-4D35-9B05-0C633E33B92F}
[2012/05/11 17:50:12 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{8018244A-BE36-4E86-AD9E-617BCB417954}
[2012/05/11 17:50:01 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2AFFC383-3C53-4E8D-83B6-3ED95658A2B1}
[2012/05/11 12:38:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/11 12:38:47 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/11 12:38:46 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/11 12:38:44 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/11 12:38:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/11 12:38:43 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/11 12:38:43 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/11 12:38:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2012/06/08 20:44:03 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000UA.job
[2012/06/08 20:44:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000Core.job
[2012/06/08 15:52:57 | 000,139,084 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\three ladies recreated from O Brother How Art Thou.jpg
[2012/06/08 10:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/08 00:50:30 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 00:50:30 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 00:50:05 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/08 00:50:05 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/08 00:47:39 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/06/08 00:44:32 | 2414,579,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 03:26:32 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/01 02:04:09 | 000,606,305 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky11111111111.jpg
[2012/06/01 01:26:29 | 002,237,923 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\21-Smoke-Brush.zip
[2012/05/30 23:50:18 | 000,057,924 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\576320_3747492497617_1585458359_2883358_1341344057_n.jpg
[2012/05/30 23:49:24 | 000,011,918 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\My Little Boy Yesterday.jpg
[2012/05/30 19:17:02 | 002,696,714 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Colorful hair and water.psb
[2012/05/26 21:09:23 | 000,065,536 | ---- | M] () -- C:\Windows\IFinst27.exe
[2012/05/26 20:25:08 | 000,001,328 | ---- | M] () -- C:\Users\SeizeTheMemories\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/05/26 20:25:08 | 000,001,304 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/05/23 21:03:16 | 070,854,959 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Purple Clouds With C and C. 7759.psd
[2012/05/23 21:01:29 | 001,320,891 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Christian Dipping Caitlyn.JPG
[2012/05/23 20:41:31 | 000,206,642 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet2.pdf
[2012/05/22 20:51:11 | 000,175,307 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet1.pdf
[2012/05/19 23:53:36 | 000,001,085 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Hugin.lnk
[2012/05/18 22:35:20 | 000,104,229 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\cloud-1600-7.jpg
[2012/05/17 20:44:52 | 000,001,352 | ---- | M] () -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/05/16 23:32:22 | 000,869,475 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky.jpg
[2012/05/15 06:30:32 | 012,219,705 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7868.psd
[2012/05/15 06:29:00 | 000,086,745 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\clouds-in-blue-sky3.jpg
[2012/05/15 06:28:42 | 075,995,755 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7002.psd
[2012/05/14 19:28:57 | 000,033,684 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\behind my ear dreamcatcher.jpg
[2012/05/13 18:52:49 | 000,033,699 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\523063_298296296906755_285837751485943_657287_1423243914_n.jpg
[2012/05/12 19:22:20 | 000,027,568 | ---- | M] () -- C:\Users\SeizeTheMemories\Desktop\6014_1180300110806_1327282452_30504109_4342835_n.jpg
[2012/05/12 12:21:55 | 003,984,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/11 02:10:17 | 000,011,264 | -H-- | M] () -- C:\Users\SeizeTheMemories\Desktop\photothumb.db
[2012/05/10 14:49:08 | 000,292,072 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2012/06/08 15:52:53 | 000,139,084 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\three ladies recreated from O Brother How Art Thou.jpg
[2012/06/01 03:26:32 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/01 02:04:00 | 000,606,305 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky11111111111.jpg
[2012/06/01 01:46:13 | 002,237,923 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\21-Smoke-Brush.zip
[2012/05/30 23:50:17 | 000,057,924 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\576320_3747492497617_1585458359_2883358_1341344057_n.jpg
[2012/05/30 23:49:20 | 000,011,918 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\My Little Boy Yesterday.jpg
[2012/05/30 19:17:01 | 002,696,714 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Colorful hair and water.psb
[2012/05/26 20:25:08 | 000,001,304 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/05/23 21:03:15 | 070,854,959 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Purple Clouds With C and C. 7759.psd
[2012/05/23 21:01:28 | 001,320,891 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Christian Dipping Caitlyn.JPG
[2012/05/23 20:41:31 | 000,206,642 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet2.pdf
[2012/05/22 20:51:11 | 000,175,307 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\tipscheatsheet1.pdf
[2012/05/19 23:53:36 | 000,001,085 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Hugin.lnk
[2012/05/16 23:06:22 | 000,104,229 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\cloud-1600-7.jpg
[2012/05/15 14:19:33 | 000,869,475 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\Christian with blue sky.jpg
[2012/05/15 06:30:27 | 012,219,705 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7868.psd
[2012/05/15 06:28:37 | 075,995,755 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\IMG_7002.psd
[2012/05/14 20:15:58 | 000,086,745 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\clouds-in-blue-sky3.jpg
[2012/05/14 19:28:54 | 000,033,684 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\behind my ear dreamcatcher.jpg
[2012/05/13 18:52:48 | 000,033,699 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\523063_298296296906755_285837751485943_657287_1423243914_n.jpg
[2012/05/12 20:25:31 | 000,002,214 | ---- | C] () -- C:\Users\SeizeTheMemories\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/05/12 19:22:19 | 000,027,568 | ---- | C] () -- C:\Users\SeizeTheMemories\Desktop\6014_1180300110806_1327282452_30504109_4342835_n.jpg
[2012/04/30 07:33:13 | 000,004,608 | ---- | C] () -- C:\Users\SeizeTheMemories\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/30 07:32:07 | 000,000,088 | RHS- | C] () -- C:\ProgramData\64C0A37F4F.sys
[2012/04/30 07:32:06 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/03/20 08:28:07 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/03/11 07:40:29 | 000,890,953 | ---- | C] () -- C:\Windows\Spr.ini
[2012/01/30 21:19:37 | 000,301,564 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/12/27 14:47:49 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/27 14:33:33 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/12/21 05:44:03 | 017,955,274 | ---- | C] () -- C:\Program Files\Oh So Posh Freebies.zip
[2011/12/13 21:51:20 | 000,292,072 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/09 13:38:23 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/09/09 02:58:03 | 001,731,104 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011/09/09 02:58:03 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011/09/09 02:58:03 | 001,514,016 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011/09/09 02:58:03 | 001,108,512 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011/09/09 02:58:03 | 000,473,632 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011/09/09 02:58:03 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011/09/09 02:58:03 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== LOP Check ==========

[2011/11/28 12:43:40 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Alien Skin
[2011/09/10 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Anthropics
[2012/06/01 04:12:08 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Auto FX Software
[2011/09/09 03:55:01 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\AVG10
[2011/09/11 03:59:32 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Canon
[2012/04/27 19:33:29 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/30 23:02:26 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\CheckPoint
[2011/12/22 20:19:59 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/10/15 00:48:14 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/29 09:33:24 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Digital Support
[2011/09/09 11:02:58 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\GlarySoft
[2011/10/30 13:03:58 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\HDRsoft
[2011/11/26 03:11:16 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Imagenomic
[2012/02/08 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\IObit
[2012/02/08 23:18:52 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Media Get LLC
[2011/11/26 23:17:42 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\NeatImage SL
[2011/12/15 15:33:50 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Nolo
[2011/09/09 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PCDr
[2011/12/20 05:55:11 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PDAppFlex
[2012/05/11 02:20:59 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PhotoScape
[2011/09/09 03:55:12 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\PwrMgr
[2012/01/30 21:21:21 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\QuickScan
[2011/09/11 02:30:56 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/27 18:55:52 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\SumatraPDF
[2012/02/16 20:39:14 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\theimagingfactory
[2012/02/08 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Totally Rad Dirty Pictures
[2012/04/30 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Ulead Systems
[2011/09/09 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Update
[2011/12/06 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\SeizeTheMemories\AppData\Roaming\Windows Live Writer
[2012/06/08 20:44:02 | 000,000,950 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000Core.job
[2012/06/08 20:44:03 | 000,000,972 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000UA.job
[2012/06/08 00:47:39 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/03/31 19:32:50 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Sat Jun 09, 2012 10:06 am    Post subject: Reply with quote

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/03/11 06:54:12 | 000,047,082 | ---- | M] () -- C:\AutoEyeuninstal.log
[2012/02/08 22:02:58 | 000,013,098 | ---- | M] () -- C:\bdlog.txt
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/09/09 02:36:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/26 12:46:03 | 000,002,880 | ---- | M] () -- C:\dleacomx.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2006/07/28 10:32:44 | 000,007,005 | ---- | M] () -- C:\Eula.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/08 00:44:32 | 2414,579,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 10:55:45 | 000,000,171 | ---- | M] () -- C:\install.dat
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/08/09 12:48:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/07 16:39:20 | 000,150,392 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2011/08/09 12:48:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/08 00:45:01 | 3219,439,616 | -HS- | M] () -- C:\pagefile.sys
[2012/06/03 00:16:10 | 000,000,013 | ---- | M] () -- C:\PI_Error.log
[2011/12/07 07:51:16 | 000,375,239 | RHS- | M] () -- C:\PJXDT
[2011/08/02 17:08:11 | 000,014,368 | ---- | M] () -- C:\Portfolio of John Grable.pfl
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110909T064758635507\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110909T064758635507\pci\cc_010601\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110909T064758635507\pci\ven_8086&dev_2850\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111127T134131447371\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111127T134131447371\pci\ven_8086&dev_2850\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111222T002219568462\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111222T002219568462\pci\ven_8086&dev_2850\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111227T233036018083\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111227T233036018083\pci\ven_8086&dev_2850\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120211T210725006272\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120211T210725006272\pci\ven_8086&dev_2850\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\DRIVERS\WIN\IRSTC\Drivers\x64\iaStor.sys
[2010/11/06 02:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\DRIVERS\WIN\IRSTC\Drivers\x32\iaStor.sys
[2010/11/06 02:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111127T134131447371\pci\ven_8086&dev_2829&cc_0106\iaStor.sys
[2010/11/06 02:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111222T002219568462\pci\ven_8086&dev_2829&cc_0106\iaStor.sys
[2010/11/06 02:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111227T233036018083\pci\ven_8086&dev_2829&cc_0106\iaStor.sys
[2010/11/06 02:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Users\SeizeTheMemories\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120211T210725006272\pci\ven_8086&dev_2829&cc_0106\iaStor.sys
[2010/11/06 02:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys
[2010/11/06 02:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 01:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
[2010/11/20 08:30:06 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=AF2EEC9580C1D32FB7EAF105D9784061 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvraid.sys
[2011/03/11 01:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=B3E25EE28883877076E0E1FF877D02E0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvraid.sys
[2011/03/11 01:28:10 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=E3B840350A72CA6F39BD2BEF85A2BCFB -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvraid.sys
[2011/03/11 01:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\drivers\nvraid.sys
[2011/03/11 01:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvraid.sys
[2011/03/11 01:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=F1B0BED906F97E16F6D0C3629D2F21C6 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvraid.sys
[2011/03/11 01:52:25 | 000,117,120 | ---- | M] (NVIDIA Corporation) MD5=FCD5C3542A85EEBA7D0833B7E5086C10 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 01:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< %windir%\system32\tasks\*.* >
[2011/11/27 11:37:13 | 000,003,522 | ---- | M] () -- C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-SEIZETHEMEMOR-SeizeTheMemories
[2012/03/07 21:39:32 | 000,003,602 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000Core
[2012/03/07 21:39:33 | 000,003,970 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000UA
[2012/04/26 10:26:52 | 000,002,634 | ---- | M] () -- C:\Windows\system32\tasks\GlaryInitialize
[2011/12/22 14:30:07 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\SidebarExecute
[2011/09/09 11:04:35 | 000,003,172 | ---- | M] () -- C:\Windows\system32\tasks\SmartDefrag_Startup
[2012/03/11 06:46:12 | 000,003,014 | ---- | M] () -- C:\Windows\system32\tasks\{02A4BDC7-3868-448E-A80A-769250C1B17C}
[2012/03/11 07:11:21 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\{1A5BCBAF-A8B6-4FA4-B407-F1C59C636C8B}
[2011/12/27 23:11:23 | 000,003,202 | ---- | M] () -- C:\Windows\system32\tasks\{259FD33D-76F6-4F79-9E64-5BAB714A9201}
[2012/05/26 20:57:18 | 000,003,396 | ---- | M] () -- C:\Windows\system32\tasks\{26A4AE09-E161-4A3F-AE6D-FD99C9394B0A}
[2012/03/11 08:14:55 | 000,003,046 | ---- | M] () -- C:\Windows\system32\tasks\{27C6FC73-210B-41BA-8E84-164C7F5DA058}
[2012/01/30 21:44:21 | 000,003,278 | ---- | M] () -- C:\Windows\system32\tasks\{2C0F79CF-E2AA-4EAE-8393-4F4995FAAC70}
[2012/03/11 06:32:59 | 000,003,246 | ---- | M] () -- C:\Windows\system32\tasks\{31A4CF9B-E22F-44EB-90E6-DF1B1A6B311B}
[2012/03/11 07:56:52 | 000,003,260 | ---- | M] () -- C:\Windows\system32\tasks\{59AA26E9-0754-40A5-A5F8-C67923424FB0}
[2012/03/11 08:18:12 | 000,003,062 | ---- | M] () -- C:\Windows\system32\tasks\{70D79877-ABD2-48CA-8CE7-A29CA24033A9}
[2012/03/11 07:51:42 | 000,003,306 | ---- | M] () -- C:\Windows\system32\tasks\{7B89C13D-F702-4DBF-BE7D-DBD41B3994CF}
[2011/11/27 13:07:51 | 000,003,070 | ---- | M] () -- C:\Windows\system32\tasks\{9036F6B5-F6F3-4594-AA32-3C3BA5D1BC66}
[2011/12/27 23:53:56 | 000,003,288 | ---- | M] () -- C:\Windows\system32\tasks\{91A97667-3548-4EDF-864E-27E3B0FE6BC9}
[2012/03/11 08:01:31 | 000,003,242 | ---- | M] () -- C:\Windows\system32\tasks\{97319B94-8119-4984-93D4-E2E7E43A60A5}
[2011/09/09 12:26:27 | 000,003,272 | ---- | M] () -- C:\Windows\system32\tasks\{9847CE2F-B70B-4B3C-AAFF-3B1BAC4A73CE}
[2012/03/11 07:59:36 | 000,003,278 | ---- | M] () -- C:\Windows\system32\tasks\{9D2A0AA5-8664-45D2-92DB-CEC1DB33CC84}
[2012/03/11 08:14:42 | 000,003,046 | ---- | M] () -- C:\Windows\system32\tasks\{9D90D628-4D30-43FE-8EFF-97229AC6A9DE}
[2012/04/30 08:04:24 | 000,003,640 | ---- | M] () -- C:\Windows\system32\tasks\{A8A2341F-DF04-4B07-A068-ED008296A263}
[2012/03/11 06:41:49 | 000,003,416 | ---- | M] () -- C:\Windows\system32\tasks\{B81FFF62-A345-4B4C-8E01-E260442A5D25}
[2012/03/11 06:28:07 | 000,003,266 | ---- | M] () -- C:\Windows\system32\tasks\{C58E0B5A-1AF2-4466-9BB2-089C1A1B37DA}
[2011/12/27 23:17:43 | 000,003,208 | ---- | M] () -- C:\Windows\system32\tasks\{C752BC60-EACD-426B-96DD-98BC41247DB4}
[2012/05/26 21:14:47 | 000,003,000 | ---- | M] () -- C:\Windows\system32\tasks\{C8348514-1E6B-40F9-8889-771F84903B97}
[2011/09/09 12:50:28 | 000,003,128 | ---- | M] () -- C:\Windows\system32\tasks\{D83A7EFE-BC04-45EB-977F-3340DD2D0AA6}
[2012/05/26 21:16:42 | 000,003,000 | ---- | M] () -- C:\Windows\system32\tasks\{E07FA91B-B3B0-4E77-9EA7-504505170028}
[2011/09/09 01:56:02 | 000,003,100 | ---- | M] () -- C:\Windows\system32\tasks\{E43ADF82-A493-4C88-9784-0EA8B7616C78}
[2012/02/08 18:34:34 | 000,003,322 | ---- | M] () -- C:\Windows\system32\tasks\{E98D466C-4430-4777-872B-2CF6638306F3}
[2012/03/11 08:03:33 | 000,003,278 | ---- | M] () -- C:\Windows\system32\tasks\{EBE47535-C217-4B9B-A84A-93B82C22E05F}
[2012/03/11 06:18:40 | 000,003,552 | ---- | M] () -- C:\Windows\system32\tasks\{EBFE8869-3212-4AEF-9736-6E8D34FE95B0}
[2011/09/09 16:45:22 | 000,003,144 | ---- | M] () -- C:\Windows\system32\tasks\{F0D2BA18-C9DC-4C81-8389-C73A36101F4B}
[2012/03/11 09:06:19 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\{F1F12FAB-11A7-43FB-B8CA-D1B6C93BC326}

< %windir%\system32\tasks\*.* /64 >
[2011/11/27 11:37:13 | 000,003,522 | ---- | M] () -- C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-SEIZETHEMEMOR-SeizeTheMemories
[2012/03/07 21:39:32 | 000,003,602 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000Core
[2012/03/07 21:39:33 | 000,003,970 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-709897677-3684748101-1059447926-1000UA
[2012/04/26 10:26:52 | 000,002,634 | ---- | M] () -- C:\Windows\system32\tasks\GlaryInitialize
[2011/12/22 14:30:07 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\SidebarExecute
[2011/09/09 11:04:35 | 000,003,172 | ---- | M] () -- C:\Windows\system32\tasks\SmartDefrag_Startup
[2012/03/11 06:46:12 | 000,003,014 | ---- | M] () -- C:\Windows\system32\tasks\{02A4BDC7-3868-448E-A80A-769250C1B17C}
[2012/03/11 07:11:21 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\{1A5BCBAF-A8B6-4FA4-B407-F1C59C636C8B}
[2011/12/27 23:11:23 | 000,003,202 | ---- | M] () -- C:\Windows\system32\tasks\{259FD33D-76F6-4F79-9E64-5BAB714A9201}
[2012/05/26 20:57:18 | 000,003,396 | ---- | M] () -- C:\Windows\system32\tasks\{26A4AE09-E161-4A3F-AE6D-FD99C9394B0A}
[2012/03/11 08:14:55 | 000,003,046 | ---- | M] () -- C:\Windows\system32\tasks\{27C6FC73-210B-41BA-8E84-164C7F5DA058}
[2012/01/30 21:44:21 | 000,003,278 | ---- | M] () -- C:\Windows\system32\tasks\{2C0F79CF-E2AA-4EAE-8393-4F4995FAAC70}
[2012/03/11 06:32:59 | 000,003,246 | ---- | M] () -- C:\Windows\system32\tasks\{31A4CF9B-E22F-44EB-90E6-DF1B1A6B311B}
[2012/03/11 07:56:52 | 000,003,260 | ---- | M] () -- C:\Windows\system32\tasks\{59AA26E9-0754-40A5-A5F8-C67923424FB0}
[2012/03/11 08:18:12 | 000,003,062 | ---- | M] () -- C:\Windows\system32\tasks\{70D79877-ABD2-48CA-8CE7-A29CA24033A9}
[2012/03/11 07:51:42 | 000,003,306 | ---- | M] () -- C:\Windows\system32\tasks\{7B89C13D-F702-4DBF-BE7D-DBD41B3994CF}
[2011/11/27 13:07:51 | 000,003,070 | ---- | M] () -- C:\Windows\system32\tasks\{9036F6B5-F6F3-4594-AA32-3C3BA5D1BC66}
[2011/12/27 23:53:56 | 000,003,288 | ---- | M] () -- C:\Windows\system32\tasks\{91A97667-3548-4EDF-864E-27E3B0FE6BC9}
[2012/03/11 08:01:31 | 000,003,242 | ---- | M] () -- C:\Windows\system32\tasks\{97319B94-8119-4984-93D4-E2E7E43A60A5}
[2011/09/09 12:26:27 | 000,003,272 | ---- | M] () -- C:\Windows\system32\tasks\{9847CE2F-B70B-4B3C-AAFF-3B1BAC4A73CE}
[2012/03/11 07:59:36 | 000,003,278 | ---- | M] () -- C:\Windows\system32\tasks\{9D2A0AA5-8664-45D2-92DB-CEC1DB33CC84}
[2012/03/11 08:14:42 | 000,003,046 | ---- | M] () -- C:\Windows\system32\tasks\{9D90D628-4D30-43FE-8EFF-97229AC6A9DE}
[2012/04/30 08:04:24 | 000,003,640 | ---- | M] () -- C:\Windows\system32\tasks\{A8A2341F-DF04-4B07-A068-ED008296A263}
[2012/03/11 06:41:49 | 000,003,416 | ---- | M] () -- C:\Windows\system32\tasks\{B81FFF62-A345-4B4C-8E01-E260442A5D25}
[2012/03/11 06:28:07 | 000,003,266 | ---- | M] () -- C:\Windows\system32\tasks\{C58E0B5A-1AF2-4466-9BB2-089C1A1B37DA}
[2011/12/27 23:17:43 | 000,003,208 | ---- | M] () -- C:\Windows\system32\tasks\{C752BC60-EACD-426B-96DD-98BC41247DB4}
[2012/05/26 21:14:47 | 000,003,000 | ---- | M] () -- C:\Windows\system32\tasks\{C8348514-1E6B-40F9-8889-771F84903B97}
[2011/09/09 12:50:28 | 000,003,128 | ---- | M] () -- C:\Windows\system32\tasks\{D83A7EFE-BC04-45EB-977F-3340DD2D0AA6}
[2012/05/26 21:16:42 | 000,003,000 | ---- | M] () -- C:\Windows\system32\tasks\{E07FA91B-B3B0-4E77-9EA7-504505170028}
[2011/09/09 01:56:02 | 000,003,100 | ---- | M] () -- C:\Windows\system32\tasks\{E43ADF82-A493-4C88-9784-0EA8B7616C78}
[2012/02/08 18:34:34 | 000,003,322 | ---- | M] () -- C:\Windows\system32\tasks\{E98D466C-4430-4777-872B-2CF6638306F3}
[2012/03/11 08:03:33 | 000,003,278 | ---- | M] () -- C:\Windows\system32\tasks\{EBE47535-C217-4B9B-A84A-93B82C22E05F}
[2012/03/11 06:18:40 | 000,003,552 | ---- | M] () -- C:\Windows\system32\tasks\{EBFE8869-3212-4AEF-9736-6E8D34FE95B0}
[2011/09/09 16:45:22 | 000,003,144 | ---- | M] () -- C:\Windows\system32\tasks\{F0D2BA18-C9DC-4C81-8389-C73A36101F4B}
[2012/03/11 09:06:19 | 000,003,052 | ---- | M] () -- C:\Windows\system32\tasks\{F1F12FAB-11A7-43FB-B8CA-D1B6C93BC326}

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/17 03:20:17 | 000,056,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\partmgr.sys
[2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys

< %PROGRAMFILES%\*. >
[2012/03/11 12:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/03/09 08:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Dreamweaver
[2011/09/09 10:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/11/27 00:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\Alien Skin
[2011/10/22 09:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2012/02/08 23:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/11/27 09:43:22 | 000,000,000 | ---D | M] -- C:\Program Files\AuthenTec
[2012/04/26 07:08:47 | 000,000,000 | ---D | M] -- C:\Program Files\Auto FX Software
[2012/02/09 13:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/09/09 03:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/10/23 22:41:12 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2012/02/08 23:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/09/09 03:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/01/29 08:51:04 | 000,000,000 | ---D | M] -- C:\Program Files\CAM Development
[2012/03/09 06:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2012/03/07 15:02:31 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2012/01/31 13:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2011/12/27 23:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/03/11 06:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\ColorWasher
[2012/04/30 08:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/04/30 08:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2012/02/08 23:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2012/04/15 20:28:51 | 000,000,000 | ---D | M] -- C:\Program Files\Duplicate Cleaner
[2009/07/14 03:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/05/06 18:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2012/05/19 23:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\Hugin
[2012/02/08 23:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\HyperTyle
[2011/11/26 00:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\Imagenomic
[2012/03/11 07:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Imagenomic Portraiture
[2012/04/30 08:11:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/12/27 23:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/05/26 20:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Intel Desktop Board
[2012/04/12 03:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/09/09 11:04:04 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2012/03/31 15:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/03/31 15:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2012/04/30 07:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/10/19 19:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/02/27 15:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo
[2011/10/22 10:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/09/09 13:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2009/07/14 03:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2012/04/26 06:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/12 12:20:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/01/29 12:07:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/21 10:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/09/09 13:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2011/09/09 13:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/06/07 03:02:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/06/08 00:44:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/09/25 03:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/11/27 01:13:44 | 000,000,000 | R--D | M] -- C:\Program Files\Mystical
[2012/03/11 07:25:20 | 000,000,000 | ---D | M] -- C:\Program Files\Neat Image
[2011/11/26 23:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\Nik Software
[2011/09/09 02:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2012/02/08 23:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2012/02/13 08:47:14 | 000,000,000 | ---D | M] -- C:\Program Files\Paragon Software
[2012/02/08 23:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor
[2012/04/27 18:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\PDFReader
[2012/02/27 19:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\PhotomatixPro4
[2012/02/27 19:15:23 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2012/02/08 23:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\Portrait Professional Max 6
[2011/10/22 09:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite
[2011/11/27 02:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\PSD2FLA
[2012/01/11 07:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Quick PDF FileBulldog Toolbar
[2011/12/20 18:41:42 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken WillMaker Plus 2011
[2012/06/01 03:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012/01/11 20:25:32 | 000,000,000 | ---D | M] -- C:\Program Files\RADlab
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/02/08 23:18:57 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/10/28 11:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\SlimComputer
[2011/09/18 06:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\SlimDrivers
[2012/04/01 23:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Photo Editor Trial
[2012/02/08 23:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\SpeakToMe
[2011/10/22 10:09:23 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2011/11/27 01:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\SuperBladePro
[2011/09/09 01:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2012/02/21 10:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\SyncToy 2.1
[2012/01/29 09:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2011/09/09 11:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/05/18 08:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2012/01/30 21:51:06 | 000,000,000 | ---D | M] -- C:\Program Files\WEBROOT
[2011/09/16 10:51:52 | 000,000,000 | ---D | M] -- C:\Program Files\WinBubble
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/12 12:16:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/02/27 19:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/12/07 07:26:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Loader
[2012/02/08 23:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/02/08 23:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/09/24 20:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012/02/08 23:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/02/08 23:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-06 07:02:49

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >

========== Files - Unicode (All) ==========
[2012/02/08 22:03:54 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2012/02/08 22:03:00 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Sat Jun 09, 2012 10:07 am    Post subject: Reply with quote

OTL Extras logfile created on: 6/8/2012 9:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\SeizeTheMemories\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 29.62% Memory free
5.99 Gb Paging File | 2.54 Gb Available in Paging File | 42.34% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 112.84 Gb Free Space | 37.86% Space Free | Partition Type: NTFS
Drive D: | 160.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 732.42 Gb Total Space | 58.60 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive Y: | 732.42 Gb Total Space | 58.60 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 197.47 Gb Free Space | 42.41% Space Free | Partition Type: NTFS

Computer Name: SEIZETHEMEMOR | User Name: SeizeTheMemories | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104818B9-2617-4E70-9632-FE7579A42EA3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{135DF4D1-0D63-4632-A042-49BF8F2F9656}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B27E096-CF01-41DB-8115-384F6EBE03C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DF9037D-E6A2-4B0A-B718-5CA9ACA17446}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30E66D06-3A51-4210-AFA8-6EE05EF04EDF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{355B677A-EB35-450A-A84D-90C9B13A09AD}" = lport=139 | protocol=6 | dir=in | app=system |
"{38DB8DE7-33A9-429A-83CD-52043DA964E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C824A77-DA45-48D8-B501-454F99073F3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{469A1473-3294-4629-9BFD-8130D7D4D11C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F6318E2-5483-462C-BB3E-C98A6DAA7FD4}" = lport=445 | protocol=6 | dir=in | app=system |
"{752D10DC-BBEE-4A0A-ABA7-0FDE70A3B343}" = lport=138 | protocol=17 | dir=in | app=system |
"{768C1B5F-B6B5-4D52-A377-E2779201D520}" = rport=445 | protocol=6 | dir=out | app=system |
"{78E43972-1045-4BBC-8181-BB3A61E18C4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F56A916-2D21-4F1C-9EB4-62307E1C3661}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E94833E-7610-446F-AC05-36DEE5544D9A}" = rport=137 | protocol=17 | dir=out | app=system |
"{98AFA58C-8FBB-4D28-9E8F-FF5F417823F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1DE68E7-985B-468D-A91D-DAD9E3429988}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A266A348-FD9D-4469-A9F8-6E2CB98CA41B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A43F1189-0889-44B6-817A-9F45C9BF4A9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB922226-61DB-4D6A-9A97-B600BC7EEE44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0A07099-461B-4B7E-956D-5A6680123B00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8A9E867-910C-403A-868C-E5119B0F81B0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D3EAF86A-D24F-4F7A-86B8-D92D584D9FB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1F64727-592D-437E-A159-0BC9CE6CB5F1}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDB567C0-5F9B-4B2E-97A4-A7F26CFD6F87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF0FA581-A3D0-49B5-B68A-217CD8BACF60}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D83C2F7-1923-4B75-9DDD-711E8FD16DD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{120B2DA9-D6A5-4494-A77E-1D48339425F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{17D2A924-849A-43CA-9B2E-38DCE566A008}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{25D792FA-207E-4600-AF63-5A15E7E2C9A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{29E073BC-73BD-4668-A22A-C80A84273FFD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2B46F904-846C-441C-9D43-2D3B4968FEFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{347C1005-C227-4EE2-BBE2-82FC7B9D979D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34C71CBD-B165-4132-B047-75CE2D67AE42}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{39600D78-D54C-4BBF-ADF2-E90302C46B7F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44ECDA0C-AF66-41B6-BAA6-FFC279B2999A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5D199E6D-160F-4D76-88C0-C7C5AA949CA9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FC11306-816F-4E7A-8DBE-EE3D5BB4B93C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{62B34016-C05E-4E7B-8D29-CE15D98DD3F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{780CACCD-C04F-4235-B519-03C8E5BF7ADD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{7B9A22C7-3B92-4AD2-AD43-269D03F85399}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A383D18-F562-444B-ABF0-928D3AB8C4F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8EAD7E02-7987-445A-8049-94D4CAB34285}" = protocol=6 | dir=out | app=system |
"{91FD82E0-B1E3-4E4B-BB22-B72D5D7D0B98}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{995C70C2-F804-4868-A62A-F23C1311E5EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1E8A667-2A57-4B12-957C-C0DD01915CE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6036F8F-B5FA-4B70-A1B1-F549B475EF1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6FD8BFD-967D-4022-A709-5B974F24AF7B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C28CF7E1-7474-4BC5-AE14-82C703671D7B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CC98184A-53DA-48EE-B352-4B58A4162C94}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D3597E82-7419-4BD4-A628-AF43A9201CA4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{DE70FC35-A3C6-47FB-B2FB-2B50C8F5F389}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E487202A-1443-46CC-89E2-66858B7AC850}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E606C129-D86F-4FD1-A044-16FD34DB1317}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E9024144-9126-472F-A6C9-0F05AC5ED829}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9FECF19-40A5-4916-AE72-E6CB18484970}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6CB6F5-A3E1-4E6E-BAC9-C89BC6010CC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{EB3282AC-EA4A-4DA7-AB32-50C2CBC17B94}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F5ECC09C-8852-45E6-AA82-4C98B5503EF1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F63A172D-8050-4E13-AB8E-C7EF1BB40A3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F66480D1-A1C7-4425-91AB-FBEB1E47B5F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F90C6E9A-A1B6-4847-8B99-D90B99E3EABA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21927AF8-8738-455F-AB98-7FF8FBFC6282}" = Intel(R) Network Connections 15.8.76.0
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{67CDD5A0-C572-4D2C-A354-6492B51F4138}" = SlimDrivers
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90F4251E-088E-46B4-8FC2-7C9644A19811}" = AuthenTec Fingerprint Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DBCA76-97E2-11D5-B0DE-0050FC02154F}" = buZZ.Pro 2.0
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4FD51B2-AB88-11D5-B0DE-0050FC02154F}" = buZZ.Simplifier 1.0
"{B4FD51C4-AB88-11D5-B0DE-0050FC02154F}" = buZZ.PiX 1.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA0E1488-208B-48D7-93A4-2C3B168F1FF2}" = LuraWave.jp2 Photoshop Plug-In
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F29962BA-432D-483F-A008-F5552BE9647B}" = DreamSuite Ultimate
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"AlphaStrip 1.0_is1" = AlphaStrip 1.0
"AutoEye" = AutoEye
"avast" = avast! Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Canon MX340 series User Registration" = Canon MX340 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorWasher" = ColorWasher
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DPP" = Canon Utilities Digital Photo Professional 3.5
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Eye Candy 6" = Alien Skin Eye Candy 6
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"Hugin" = Hugin 2011.2.0
"HyperTyle 1.02" = HyperTyle 1.02
"Imagenomic Portraiture" = Imagenomic Portraiture 2.3
"ImagenomicPortraitureLightroomPlugin" = Imagenomic Portraiture 2.2.1 Lightroom Plug-in (build 2210)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)
"ImagenomicRealGrainPlugin" = Imagenomic RealGrain 1.1 Plug-in (build 1103)
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"InstallShield_{EA0E1488-208B-48D7-93A4-2C3B168F1FF2}" = LuraWave.jp2 Photoshop Plug-In
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Mystical" = Uninstall Mystical
"Neat Image_is1" = Neat Image v6.0 Pro+
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PAN Fire 3.1_is1" = PAN Fire 3.1
"Panopticum Digitalizer 1.1_is1" = Panopticum Digitalizer 1.1
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"PhotoScape" = PhotoScape
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PlaidMaker Plus v1.1" = PlaidMaker Plus v1.1
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 15.8.76.0
"Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011
"Revo Uninstaller" = Revo Uninstaller 1.94
"Smart Defrag 2_is1" = Smart Defrag 2
"SmartPhotoEditor1Trial_is1" = Smart Photo Editor Trial
"SpeakToMe" = SpeakToMe
"Speed Dial Utility" = Canon Speed Dial Utility
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"The JPEG Wizard for PhotoShop" = The JPEG Wizard for PhotoShop
"Totally Rad Dirty Pictures" = Totally Rad Dirty Pictures 1.5.1
"Viveza 2" = Viveza 2
"Vizros Plug-ins 4.1" = Vizros Plug-ins 4.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-709897677-3684748101-1059447926-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MediaGet" = MediaGet
"PDF Reader" = PDF Reader
"SkyDriveSetup.exe" = Microsoft SkyDrive
"WinBubble" = WinBubble

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2012 1:24:32 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

Error - 6/8/2012 1:24:33 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/8/2012 1:24:33 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2121

Error - 6/8/2012 1:24:33 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2121

Error - 6/8/2012 1:24:34 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/8/2012 1:24:34 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3135

Error - 6/8/2012 1:24:34 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3135

Error - 6/8/2012 1:24:35 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/8/2012 1:24:35 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4165

Error - 6/8/2012 1:24:35 AM | Computer Name = SeizeTheMemor | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4165

[ System Events ]
Error - 6/6/2012 4:22:25 PM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Base Filtering Engine
service which failed to start because of the following error: %%5

Error - 6/6/2012 4:22:27 PM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The IKE and AuthIP IPsec Keying Modules service depends on the Base
Filtering Engine service which failed to start because of the following error:
%%5

Error - 6/6/2012 4:22:28 PM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The IPsec Policy Agent service depends on the Base Filtering Engine
service which failed to start because of the following error: %%5

Error - 6/6/2012 4:22:29 PM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The Internet Connection Sharing (ICS) service depends on the Base
Filtering Engine service which failed to start because of the following error: %%5

Error - 6/8/2012 12:45:26 AM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7023
Description = The Base Filtering Engine service terminated with the following error:
%%5

Error - 6/8/2012 12:45:26 AM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Base Filtering Engine
service which failed to start because of the following error: %%5

Error - 6/8/2012 12:45:27 AM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The IKE and AuthIP IPsec Keying Modules service depends on the Base
Filtering Engine service which failed to start because of the following error:
%%5

Error - 6/8/2012 12:45:28 AM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The IPsec Policy Agent service depends on the Base Filtering Engine
service which failed to start because of the following error: %%5

Error - 6/8/2012 12:45:28 AM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7001
Description = The Internet Connection Sharing (ICS) service depends on the Base
Filtering Engine service which failed to start because of the following error: %%5

Error - 6/8/2012 12:49:14 AM | Computer Name = SeizeTheMemor | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Sat Jun 09, 2012 12:24 pm    Post subject: Reply with quote

The TDSSKiller log is incomplete, please post me the last 20 or 30 lines of the log please.

QUESTION..... In your first post you say you're using Avast as your Anti-Virus, but your logs show you have AVG installed, which is it that you're using?
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Sat Jun 09, 2012 1:03 pm    Post subject: Reply with quote

I uninstalled AVG months ago. I'm currently using Avast.
16:56:43.0021 4484 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:56:43.0533 4484 ============================================================
16:56:43.0533 4484 Current date / time: 2012/06/09 16:56:43.0533
16:56:43.0533 4484 SystemInfo:
16:56:43.0533 4484
16:56:43.0533 4484 OS Version: 6.1.7600 ServicePack: 0.0
16:56:43.0533 4484 Product type: Workstation
16:56:43.0533 4484 ComputerName: SEIZETHEMEMOR
16:56:43.0533 4484 UserName: SeizeTheMemories
16:56:43.0533 4484 Windows directory: C:\Windows
16:56:43.0533 4484 System windows directory: C:\Windows
16:56:43.0533 4484 Processor architecture: Intel x86
16:56:43.0533 4484 Number of processors: 2
16:56:43.0533 4484 Page size: 0x1000
16:56:43.0533 4484 Boot type: Normal boot
16:56:43.0533 4484 ============================================================
16:56:44.0100 4484 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:56:44.0103 4484 ============================================================
16:56:44.0103 4484 \Device\Harddisk0\DR0:
16:56:44.0104 4484 MBR partitions:
16:56:44.0104 4484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
16:56:44.0104 4484 ============================================================
16:56:44.0136 4484 C: <-> \Device\Harddisk0\DR0\Partition0
16:56:44.0136 4484 ============================================================
16:56:44.0136 4484 Initialize success
16:56:44.0136 4484 ============================================================
16:56:56.0564 2888 ============================================================
16:56:56.0564 2888 Scan started
16:56:56.0564 2888 Mode: Manual; TDLFS;
16:56:56.0564 2888 ============================================================
16:56:58.0074 2888 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:56:58.0079 2888 1394ohci - ok
16:56:58.0151 2888 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:56:58.0159 2888 ACPI - ok
16:56:58.0192 2888 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:56:58.0196 2888 AcpiPmi - ok
16:56:58.0251 2888 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
16:56:58.0269 2888 ADIHdAudAddService - ok
16:56:58.0409 2888 AdobeActiveFileMonitor10.0 (c245e08ec469a52a622efdc9787a0dcc) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
16:56:58.0419 2888 AdobeActiveFileMonitor10.0 - ok
16:56:58.0479 2888 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:56:58.0498 2888 adp94xx - ok
16:56:58.0544 2888 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:56:58.0558 2888 adpahci - ok
16:56:58.0580 2888 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:56:58.0585 2888 adpu320 - ok
16:56:58.0619 2888 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE
16:56:58.0623 2888 AEADIFilters - ok
16:56:58.0662 2888 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:56:58.0665 2888 AeLookupSvc - ok
16:56:58.0743 2888 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
16:56:58.0759 2888 AFD - ok
16:56:58.0791 2888 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:56:58.0795 2888 agp440 - ok
16:56:58.0810 2888 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:56:58.0813 2888 aic78xx - ok
16:56:58.0867 2888 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:56:58.0871 2888 ALG - ok
16:56:58.0899 2888 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:56:58.0902 2888 aliide - ok
16:56:58.0925 2888 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:56:58.0929 2888 amdagp - ok
16:56:58.0944 2888 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:56:58.0946 2888 amdide - ok
16:56:58.0956 2888 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:56:58.0959 2888 AmdK8 - ok
16:56:58.0982 2888 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:56:58.0989 2888 AmdPPM - ok
16:56:59.0024 2888 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:56:59.0028 2888 amdsata - ok
16:56:59.0049 2888 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:56:59.0055 2888 amdsbs - ok
16:56:59.0074 2888 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:56:59.0078 2888 amdxata - ok
16:56:59.0135 2888 AMPPAL (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\AMPPAL.sys
16:56:59.0151 2888 AMPPAL - ok
16:56:59.0165 2888 AMPPALP (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\amppal.sys
16:56:59.0168 2888 AMPPALP - ok
16:56:59.0318 2888 AMPPALR3 (ef4022e9c59b20438c1304424d9441f4) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:56:59.0349 2888 AMPPALR3 - ok
16:56:59.0383 2888 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:56:59.0386 2888 AppID - ok
16:56:59.0427 2888 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:56:59.0430 2888 AppIDSvc - ok
16:56:59.0481 2888 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
16:56:59.0484 2888 Appinfo - ok
16:56:59.0569 2888 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:56:59.0572 2888 Apple Mobile Device - ok
16:56:59.0617 2888 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:56:59.0621 2888 AppMgmt - ok
16:56:59.0667 2888 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:56:59.0670 2888 arc - ok
16:56:59.0694 2888 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:56:59.0698 2888 arcsas - ok
16:56:59.0796 2888 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:56:59.0799 2888 aspnet_state - ok
16:56:59.0834 2888 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
16:56:59.0841 2888 aswFsBlk - ok
16:56:59.0884 2888 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
16:56:59.0889 2888 aswMonFlt - ok
16:56:59.0919 2888 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
16:56:59.0925 2888 aswRdr - ok
16:56:59.0961 2888 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
16:56:59.0980 2888 aswSnx - ok
16:57:00.0011 2888 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
16:57:00.0027 2888 aswSP - ok
16:57:00.0038 2888 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
16:57:00.0042 2888 aswTdi - ok
16:57:00.0057 2888 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:00.0060 2888 AsyncMac - ok
16:57:00.0096 2888 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:57:00.0099 2888 atapi - ok
16:57:00.0150 2888 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:57:00.0166 2888 AudioEndpointBuilder - ok
16:57:00.0173 2888 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:57:00.0177 2888 Audiosrv - ok
16:57:00.0241 2888 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:57:00.0243 2888 avast! Antivirus - ok
16:57:00.0271 2888 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
16:57:00.0275 2888 AxInstSV - ok
16:57:00.0316 2888 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:57:00.0335 2888 b06bdrv - ok
16:57:00.0377 2888 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:57:00.0393 2888 b57nd60x - ok
16:57:00.0441 2888 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:57:00.0445 2888 BDESVC - ok
16:57:00.0455 2888 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:57:00.0458 2888 Beep - ok
16:57:00.0520 2888 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
16:57:00.0536 2888 BFE - ok
16:57:00.0593 2888 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
16:57:00.0629 2888 BITS - ok
16:57:00.0638 2888 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:57:00.0640 2888 blbdrive - ok
16:57:00.0712 2888 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:57:00.0729 2888 Bonjour Service - ok
16:57:00.0771 2888 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:57:00.0786 2888 bowser - ok
16:57:00.0811 2888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:57:00.0814 2888 BrFiltLo - ok
16:57:00.0831 2888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:57:00.0835 2888 BrFiltUp - ok
16:57:00.0856 2888 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
16:57:00.0860 2888 Browser - ok
16:57:00.0892 2888 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:57:00.0907 2888 Brserid - ok
16:57:00.0927 2888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:57:00.0931 2888 BrSerWdm - ok
16:57:00.0963 2888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:57:00.0966 2888 BrUsbMdm - ok
16:57:00.0981 2888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:57:00.0984 2888 BrUsbSer - ok
16:57:01.0050 2888 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
16:57:01.0053 2888 BthEnum - ok
16:57:01.0075 2888 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:57:01.0079 2888 BTHMODEM - ok
16:57:01.0115 2888 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
16:57:01.0120 2888 BthPan - ok
16:57:01.0169 2888 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
16:57:01.0185 2888 BTHPORT - ok
16:57:01.0223 2888 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:57:01.0227 2888 bthserv - ok
16:57:01.0300 2888 BTHSSecurityMgr (8893814133afdd17431e2682ede2dce9) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:57:01.0304 2888 BTHSSecurityMgr - ok
16:57:01.0317 2888 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
16:57:01.0320 2888 BTHUSB - ok
16:57:01.0339 2888 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
16:57:01.0346 2888 btusbflt - ok
16:57:01.0404 2888 BTWAMPFL (8e8fab65326c4f35ffe2026cb3be396d) C:\Windows\system32\DRIVERS\btwampfl.sys
16:57:01.0422 2888 BTWAMPFL - ok
16:57:01.0454 2888 btwaudio (b25f9c5219d6f153066d1503110330e4) C:\Windows\system32\drivers\btwaudio.sys
16:57:01.0458 2888 btwaudio - ok
16:57:01.0475 2888 btwavdt (9d4a35cef4d539008ea4226e33a700de) C:\Windows\system32\DRIVERS\btwavdt.sys
16:57:01.0480 2888 btwavdt - ok
16:57:01.0499 2888 BTWDPAN (b5bb5531f92234db3602b60819de3158) C:\Windows\system32\DRIVERS\btwdpan.sys
16:57:01.0503 2888 BTWDPAN - ok
16:57:01.0515 2888 btwl2cap (80ee715e92364861262b75c84b2654ce) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:57:01.0518 2888 btwl2cap - ok
16:57:01.0536 2888 btwrchid (b1f85b4985a6419e3fcddcb251547130) C:\Windows\system32\DRIVERS\btwrchid.sys
16:57:01.0539 2888 btwrchid - ok
16:57:01.0571 2888 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:57:01.0574 2888 cdfs - ok
16:57:01.0612 2888 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:57:01.0616 2888 cdrom - ok
16:57:01.0648 2888 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:57:01.0651 2888 CertPropSvc - ok
16:57:01.0672 2888 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:57:01.0675 2888 circlass - ok
16:57:01.0704 2888 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:57:01.0720 2888 CLFS - ok
16:57:01.0895 2888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:57:01.0899 2888 clr_optimization_v2.0.50727_32 - ok
16:57:01.0962 2888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:57:01.0990 2888 clr_optimization_v4.0.30319_32 - ok
16:57:02.0009 2888 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:02.0011 2888 CmBatt - ok
16:57:02.0033 2888 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:57:02.0036 2888 cmdide - ok
16:57:02.0079 2888 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
16:57:02.0097 2888 CNG - ok
16:57:02.0120 2888 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:57:02.0123 2888 Compbatt - ok
16:57:02.0135 2888 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:57:02.0138 2888 CompositeBus - ok
16:57:02.0145 2888 COMSysApp - ok
16:57:02.0165 2888 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:57:02.0168 2888 crcdisk - ok
16:57:02.0226 2888 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
16:57:02.0231 2888 CryptSvc - ok
16:57:02.0276 2888 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:57:02.0293 2888 CSC - ok
16:57:02.0327 2888 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
16:57:02.0350 2888 CscService - ok
16:57:02.0392 2888 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:57:02.0411 2888 DcomLaunch - ok
16:57:02.0439 2888 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:57:02.0456 2888 defragsvc - ok
16:57:02.0523 2888 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
16:57:02.0527 2888 DfsC - ok
16:57:02.0563 2888 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
16:57:02.0578 2888 Dhcp - ok
16:57:02.0597 2888 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:57:02.0600 2888 discache - ok
16:57:02.0628 2888 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:57:02.0632 2888 Disk - ok
16:57:02.0686 2888 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
16:57:02.0690 2888 Dnscache - ok
16:57:02.0737 2888 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
16:57:02.0753 2888 dot3svc - ok
16:57:02.0776 2888 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
16:57:02.0782 2888 DPS - ok
16:57:02.0814 2888 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:57:02.0817 2888 drmkaud - ok
16:57:02.0894 2888 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:57:02.0926 2888 DXGKrnl - ok
16:57:02.0971 2888 e1express (339cbffbbc29580dbc3b235f2fb74f74) C:\Windows\system32\DRIVERS\e1e6232.sys
16:57:02.0985 2888 e1express - ok
16:57:03.0005 2888 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:57:03.0010 2888 EapHost - ok
16:57:03.0193 2888 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:57:03.0291 2888 ebdrv - ok
16:57:03.0408 2888 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
16:57:03.0413 2888 EFS - ok
16:57:03.0488 2888 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
16:57:03.0518 2888 ehRecvr - ok
16:57:03.0551 2888 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:57:03.0555 2888 ehSched - ok
16:57:03.0619 2888 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:57:03.0660 2888 elxstor - ok
16:57:03.0677 2888 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:57:03.0680 2888 ErrDev - ok
16:57:03.0736 2888 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:57:03.0750 2888 EventSystem - ok
16:57:03.0865 2888 EvtEng (b6c691d8cae275ed9b2782e62626f36a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:57:03.0907 2888 EvtEng - ok
16:57:03.0936 2888 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:57:03.0949 2888 exfat - ok
16:57:03.0978 2888 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:57:03.0983 2888 fastfat - ok
16:57:04.0030 2888 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
16:57:04.0053 2888 Fax - ok
16:57:04.0071 2888 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:57:04.0073 2888 fdc - ok
16:57:04.0094 2888 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:57:04.0098 2888 fdPHost - ok
16:57:04.0110 2888 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:57:04.0115 2888 FDResPub - ok
16:57:04.0126 2888 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:57:04.0129 2888 FileInfo - ok
16:57:04.0142 2888 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:57:04.0146 2888 Filetrace - ok
16:57:04.0250 2888 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:57:04.0285 2888 FLEXnet Licensing Service - ok
16:57:04.0306 2888 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:04.0310 2888 flpydisk - ok
16:57:04.0344 2888 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:57:04.0359 2888 FltMgr - ok
16:57:04.0419 2888 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
16:57:04.0449 2888 FontCache - ok
16:57:04.0522 2888 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:57:04.0525 2888 FontCache3.0.0.0 - ok
16:57:04.0540 2888 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:57:04.0543 2888 FsDepends - ok
16:57:04.0573 2888 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
16:57:04.0576 2888 fssfltr - ok
16:57:04.0711 2888 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:57:04.0762 2888 fsssvc - ok
16:57:04.0898 2888 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
16:57:04.0901 2888 Fs_Rec - ok
16:57:04.0963 2888 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:57:04.0978 2888 fvevol - ok
16:57:05.0020 2888 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:57:05.0023 2888 gagp30kx - ok
16:57:05.0057 2888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:57:05.0060 2888 GEARAspiWDM - ok
16:57:05.0113 2888 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
16:57:05.0159 2888 gpsvc - ok
16:57:05.0176 2888 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:57:05.0179 2888 hcw85cir - ok
16:57:05.0233 2888 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
16:57:05.0248 2888 HdAudAddService - ok
16:57:05.0295 2888 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:57:05.0308 2888 HDAudBus - ok
16:57:05.0333 2888 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:57:05.0336 2888 HidBatt - ok
16:57:05.0355 2888 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:57:05.0359 2888 HidBth - ok
16:57:05.0377 2888 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:57:05.0380 2888 HidIr - ok
16:57:05.0398 2888 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
16:57:05.0403 2888 hidserv - ok
16:57:05.0434 2888 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:57:05.0438 2888 HidUsb - ok
16:57:05.0502 2888 hitmanpro35 (411bce825fca2b296ff89b833de11321) C:\Windows\system32\drivers\hitmanpro36.sys
16:57:05.0506 2888 hitmanpro35 - ok
16:57:05.0531 2888 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
16:57:05.0537 2888 hkmsvc - ok
16:57:05.0573 2888 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
16:57:05.0593 2888 HomeGroupListener - ok
16:57:05.0631 2888 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
16:57:05.0649 2888 HomeGroupProvider - ok
16:57:05.0680 2888 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:57:05.0684 2888 HpSAMD - ok
16:57:05.0707 2888 HSF_DPV - ok
16:57:05.0712 2888 HSXHWAZL - ok
16:57:05.0782 2888 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:57:05.0813 2888 HTTP - ok
16:57:05.0827 2888 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:57:05.0830 2888 hwpolicy - ok
16:57:05.0884 2888 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:57:05.0888 2888 i8042prt - ok
16:57:05.0930 2888 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
16:57:05.0933 2888 iaStor - ok
16:57:06.0002 2888 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:57:06.0005 2888 IAStorDataMgrSvc - ok
16:57:06.0059 2888 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
16:57:06.0073 2888 iaStorV - ok
16:57:06.0130 2888 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:57:06.0134 2888 IBMPMDRV - ok
16:57:06.0178 2888 IBMPMSVC (5565982522ee9d4e8921feb304d4226f) C:\Windows\system32\ibmpmsvc.exe
16:57:06.0183 2888 IBMPMSVC - ok
16:57:06.0281 2888 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:57:06.0333 2888 idsvc - ok
16:57:06.0378 2888 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:57:06.0381 2888 iirsp - ok
16:57:06.0445 2888 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
16:57:06.0480 2888 IKEEXT - ok
16:57:06.0510 2888 Intel(R) PROSet Monitoring Service (f2c6fb081b707863a0a21d639f325475) C:\Windows\system32\IProsetMonitor.exe
16:57:06.0516 2888 Intel(R) PROSet Monitoring Service - ok
16:57:06.0527 2888 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:57:06.0530 2888 intelide - ok
16:57:06.0574 2888 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:57:06.0578 2888 intelppm - ok
16:57:06.0591 2888 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:57:06.0596 2888 IPBusEnum - ok
16:57:06.0619 2888 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:06.0622 2888 IpFilterDriver - ok
16:57:06.0639 2888 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:57:06.0642 2888 IPMIDRV - ok
16:57:06.0663 2888 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:57:06.0667 2888 IPNAT - ok
16:57:06.0770 2888 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:57:06.0800 2888 iPod Service - ok
16:57:06.0807 2888 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:57:06.0809 2888 IRENUM - ok
16:57:06.0831 2888 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:57:06.0835 2888 isapnp - ok
16:57:06.0862 2888 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:57:06.0871 2888 iScsiPrt - ok
16:57:06.0895 2888 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:57:06.0899 2888 kbdclass - ok
16:57:06.0929 2888 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:57:06.0932 2888 kbdhid - ok
16:57:06.0964 2888 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:57:06.0967 2888 KeyIso - ok
16:57:06.0985 2888 KMService (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe
16:57:06.0993 2888 KMService - ok
16:57:07.0012 2888 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
16:57:07.0025 2888 KSecDD - ok
16:57:07.0046 2888 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
16:57:07.0051 2888 KSecPkg - ok
16:57:07.0091 2888 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:57:07.0110 2888 KtmRm - ok
16:57:07.0156 2888 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
16:57:07.0174 2888 LanmanServer - ok
16:57:07.0195 2888 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
16:57:07.0208 2888 LanmanWorkstation - ok
16:57:07.0240 2888 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:57:07.0244 2888 lltdio - ok
16:57:07.0304 2888 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:57:07.0318 2888 lltdsvc - ok
16:57:07.0333 2888 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:57:07.0338 2888 lmhosts - ok
16:57:07.0373 2888 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:57:07.0377 2888 LSI_FC - ok
16:57:07.0413 2888 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:57:07.0417 2888 LSI_SAS - ok
16:57:07.0436 2888 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:57:07.0439 2888 LSI_SAS2 - ok
16:57:07.0475 2888 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:57:07.0479 2888 LSI_SCSI - ok
16:57:07.0512 2888 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:57:07.0516 2888 luafv - ok
16:57:07.0541 2888 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
16:57:07.0547 2888 Mcx2Svc - ok
16:57:07.0564 2888 mdmxsdk - ok
16:57:07.0591 2888 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:57:07.0594 2888 megasas - ok
16:57:07.0621 2888 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:57:07.0637 2888 MegaSR - ok
16:57:07.0739 2888 Microsoft SharePoint Workspace Audit Service - ok
16:57:07.0773 2888 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:57:07.0779 2888 MMCSS - ok
16:57:07.0798 2888 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:57:07.0802 2888 Modem - ok
16:57:07.0829 2888 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:57:07.0832 2888 monitor - ok
16:57:07.0861 2888 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:57:07.0864 2888 mouclass - ok
16:57:07.0895 2888 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:57:07.0899 2888 mouhid - ok
16:57:07.0940 2888 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:57:07.0944 2888 mountmgr - ok
16:57:08.0006 2888 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:57:08.0010 2888 MozillaMaintenance - ok
16:57:08.0033 2888 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:57:08.0038 2888 mpio - ok
16:57:08.0064 2888 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:57:08.0068 2888 mpsdrv - ok
16:57:08.0143 2888 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
16:57:08.0180 2888 MpsSvc - ok
16:57:08.0201 2888 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:57:08.0205 2888 MRxDAV - ok
16:57:08.0270 2888 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:08.0274 2888 mrxsmb - ok
16:57:08.0299 2888 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:08.0315 2888 mrxsmb10 - ok
16:57:08.0332 2888 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:08.0336 2888 mrxsmb20 - ok
16:57:08.0362 2888 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:57:08.0365 2888 msahci - ok
16:57:08.0388 2888 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:57:08.0393 2888 msdsm - ok
16:57:08.0427 2888 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:57:08.0435 2888 MSDTC - ok
16:57:08.0457 2888 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:57:08.0461 2888 Msfs - ok
16:57:08.0484 2888 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:57:08.0486 2888 mshidkmdf - ok
16:57:08.0500 2888 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:57:08.0503 2888 msisadrv - ok
16:57:08.0544 2888 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:57:08.0550 2888 MSiSCSI - ok
16:57:08.0554 2888 msiserver - ok
16:57:08.0587 2888 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:57:08.0590 2888 MSKSSRV - ok
16:57:08.0627 2888 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:08.0630 2888 MSPCLOCK - ok
16:57:08.0643 2888 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:57:08.0646 2888 MSPQM - ok
16:57:08.0671 2888 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:57:08.0682 2888 MsRPC - ok
16:57:08.0699 2888 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:57:08.0703 2888 mssmbios - ok
16:57:08.0719 2888 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:57:08.0722 2888 MSTEE - ok
16:57:08.0737 2888 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:57:08.0742 2888 MTConfig - ok
16:57:08.0767 2888 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:57:08.0780 2888 Mup - ok
16:57:08.0817 2888 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
16:57:08.0838 2888 napagent - ok
16:57:08.0876 2888 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:57:08.0891 2888 NativeWifiP - ok
16:57:08.0997 2888 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:57:09.0020 2888 NDIS - ok
16:57:09.0047 2888 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:57:09.0050 2888 NdisCap - ok
16:57:09.0079 2888 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:09.0083 2888 NdisTapi - ok
16:57:09.0096 2888 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:09.0099 2888 Ndisuio - ok
16:57:09.0113 2888 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:09.0117 2888 NdisWan - ok
16:57:09.0129 2888 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:57:09.0132 2888 NDProxy - ok
16:57:09.0142 2888 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:57:09.0145 2888 NetBIOS - ok
16:57:09.0177 2888 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:57:09.0182 2888 NetBT - ok
16:57:09.0241 2888 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:57:09.0244 2888 Netlogon - ok
16:57:09.0341 2888 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:57:09.0361 2888 Netman - ok
16:57:09.0434 2888 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:57:09.0439 2888 NetMsmqActivator - ok
16:57:09.0443 2888 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:57:09.0446 2888 NetPipeActivator - ok
16:57:09.0512 2888 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:57:09.0523 2888 netprofm - ok
16:57:09.0540 2888 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:57:09.0542 2888 NetTcpActivator - ok
16:57:09.0550 2888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:57:09.0552 2888 NetTcpPortSharing - ok
16:57:09.0777 2888 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
16:57:09.0887 2888 netw5v32 - ok
16:57:10.0265 2888 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
16:57:10.0450 2888 NETwLv32 - ok
16:57:10.0522 2888 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:57:10.0525 2888 nfrd960 - ok
16:57:10.0558 2888 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
16:57:10.0576 2888 NlaSvc - ok
16:57:10.0632 2888 nlsX86cc (538b8ee581ecf4bff4fcba030df70505) C:\Windows\system32\nlssrv32.exe
16:57:10.0639 2888 nlsX86cc - ok
16:57:10.0653 2888 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:57:10.0657 2888 Npfs - ok
16:57:10.0667 2888 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:57:10.0673 2888 nsi - ok
16:57:10.0688 2888 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:57:10.0692 2888 nsiproxy - ok
16:57:10.0794 2888 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:57:10.0826 2888 Ntfs - ok
16:57:10.0846 2888 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:57:10.0849 2888 Null - ok
16:57:11.0125 2888 NVIDIA Performance Driver Service (6cb78ee92a95a534e418c7153ef3b1f8) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
16:57:11.0219 2888 NVIDIA Performance Driver Service - ok
16:57:12.0107 2888 nvlddmkm (4a6688bf47940cdc1475772b235c6323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:57:12.0324 2888 nvlddmkm - ok
16:57:12.0440 2888 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:57:12.0444 2888 nvraid - ok
16:57:12.0485 2888 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:57:12.0490 2888 nvstor - ok
16:57:12.0547 2888 nvsvc (bdf0a1c578cf6b018910e418cdbf7bd9) C:\Windows\system32\nvvsvc.exe
16:57:12.0565 2888 nvsvc - ok
16:57:12.0604 2888 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:57:12.0609 2888 nv_agp - ok
16:57:12.0628 2888 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:57:12.0632 2888 ohci1394 - ok
16:57:12.0689 2888 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:57:12.0694 2888 ose - ok
16:57:12.0968 2888 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:57:13.0082 2888 osppsvc - ok
16:57:13.0197 2888 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:57:13.0212 2888 p2pimsvc - ok
16:57:13.0245 2888 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:57:13.0264 2888 p2psvc - ok
16:57:13.0321 2888 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:57:13.0541 2888 Parport - ok
16:57:13.0586 2888 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
16:57:13.0590 2888 partmgr - ok
16:57:13.0609 2888 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:57:13.0612 2888 Parvdm - ok
16:57:13.0637 2888 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:57:13.0654 2888 PcaSvc - ok
16:57:13.0671 2888 PcdrNdisuio - ok
16:57:13.0697 2888 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:57:13.0702 2888 pci - ok
16:57:13.0722 2888 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:57:13.0729 2888 pciide - ok
16:57:13.0751 2888 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:57:13.0762 2888 pcmcia - ok
16:57:13.0781 2888 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:57:13.0784 2888 pcw - ok
16:57:13.0873 2888 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:57:13.0885 2888 PEAUTH - ok
16:57:14.0021 2888 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:57:14.0100 2888 PeerDistSvc - ok
16:57:14.0256 2888 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
16:57:14.0298 2888 pla - ok
16:57:14.0421 2888 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
16:57:14.0441 2888 PlugPlay - ok
16:57:14.0458 2888 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:57:14.0465 2888 PNRPAutoReg - ok
16:57:14.0492 2888 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:57:14.0497 2888 PNRPsvc - ok
16:57:14.0543 2888 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
16:57:14.0560 2888 PolicyAgent - ok
16:57:14.0596 2888 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
16:57:14.0614 2888 Power - ok
16:57:14.0650 2888 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:57:14.0654 2888 PptpMiniport - ok
16:57:14.0674 2888 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:57:14.0678 2888 Processor - ok
16:57:14.0717 2888 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
16:57:14.0734 2888 ProfSvc - ok
16:57:14.0760 2888 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:57:14.0764 2888 ProtectedStorage - ok
16:57:14.0793 2888 psadd (06f82545e04ebf113b1c2c1c9f766d81) C:\Windows\system32\DRIVERS\psadd.sys
16:57:14.0797 2888 psadd - ok
16:57:14.0814 2888 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:57:14.0819 2888 Psched - ok
16:57:14.0904 2888 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:57:14.0913 2888 PSI_SVC_2 - ok
16:57:14.0948 2888 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
16:57:14.0952 2888 PxHelp20 - ok
16:57:15.0044 2888 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:57:15.0105 2888 ql2300 - ok
16:57:15.0223 2888 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:57:15.0237 2888 ql40xx - ok
16:57:15.0331 2888 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:57:15.0368 2888 QWAVE - ok
16:57:15.0549 2888 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:57:15.0553 2888 QWAVEdrv - ok
16:57:15.0567 2888 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:57:15.0570 2888 RasAcd - ok
16:57:15.0611 2888 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:57:15.0614 2888 RasAgileVpn - ok
16:57:15.0631 2888 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:57:15.0638 2888 RasAuto - ok
16:57:15.0652 2888 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:15.0655 2888 Rasl2tp - ok
16:57:15.0688 2888 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
16:57:15.0703 2888 RasMan - ok
16:57:15.0720 2888 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:15.0723 2888 RasPppoe - ok
16:57:15.0743 2888 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:57:15.0747 2888 RasSstp - ok
16:57:15.0770 2888 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:57:15.0787 2888 rdbss - ok
16:57:15.0795 2888 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:57:15.0797 2888 rdpbus - ok
16:57:15.0811 2888 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:15.0814 2888 RDPCDD - ok
16:57:15.0851 2888 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:57:15.0856 2888 RDPDR - ok
16:57:15.0874 2888 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:57:15.0877 2888 RDPENCDD - ok
16:57:15.0884 2888 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:57:15.0886 2888 RDPREFMP - ok
16:57:15.0933 2888 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
16:57:15.0943 2888 RDPWD - ok
16:57:15.0965 2888 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:57:15.0970 2888 rdyboost - ok
16:57:16.0059 2888 RegSrvc (6c47ac711f5fb55c5387a85d50ab4703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:57:16.0074 2888 RegSrvc - ok
16:57:16.0103 2888 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:57:16.0109 2888 RemoteAccess - ok
16:57:16.0135 2888 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:57:16.0148 2888 RemoteRegistry - ok
16:57:16.0200 2888 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
16:57:16.0204 2888 Revoflt - ok
16:57:16.0243 2888 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
16:57:16.0248 2888 RFCOMM - ok
16:57:16.0271 2888 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:57:16.0275 2888 rimmptsk - ok
16:57:16.0303 2888 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:57:16.0307 2888 rimsptsk - ok
16:57:16.0327 2888 rismxdp (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:57:16.0330 2888 rismxdp - ok
16:57:16.0355 2888 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:57:16.0362 2888 RpcEptMapper - ok
16:57:16.0371 2888 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:57:16.0376 2888 RpcLocator - ok
16:57:16.0410 2888 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:57:16.0417 2888 RpcSs - ok
16:57:16.0437 2888 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:57:16.0441 2888 rspndr - ok
16:57:16.0467 2888 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:57:16.0470 2888 s3cap - ok
16:57:16.0502 2888 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:57:16.0506 2888 SamSs - ok
16:57:16.0540 2888 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:57:16.0544 2888 sbp2port - ok
16:57:16.0574 2888 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:57:16.0591 2888 SCardSvr - ok
16:57:16.0605 2888 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:57:16.0609 2888 scfilter - ok
16:57:16.0683 2888 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
16:57:16.0706 2888 Schedule - ok
16:57:16.0730 2888 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:57:16.0732 2888 SCPolicySvc - ok
16:57:16.0762 2888 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys
16:57:16.0766 2888 sdbus - ok
16:57:16.0780 2888 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
16:57:16.0792 2888 SDRSVC - ok
16:57:16.0807 2888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:57:16.0810 2888 secdrv - ok
16:57:16.0827 2888 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:57:16.0833 2888 seclogon - ok
16:57:16.0861 2888 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
16:57:16.0868 2888 SENS - ok
16:57:16.0888 2888 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:57:16.0895 2888 SensrSvc - ok
16:57:16.0917 2888 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:57:16.0921 2888 Serenum - ok
16:57:16.0939 2888 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:57:16.0943 2888 Serial - ok
16:57:16.0965 2888 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:57:16.0969 2888 sermouse - ok
16:57:16.0994 2888 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
16:57:17.0007 2888 SessionEnv - ok
16:57:17.0031 2888 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:57:17.0035 2888 sffdisk - ok
16:57:17.0046 2888 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:57:17.0049 2888 sffp_mmc - ok
16:57:17.0069 2888 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
16:57:17.0072 2888 sffp_sd - ok
16:57:17.0089 2888 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:57:17.0093 2888 sfloppy - ok
16:57:17.0136 2888 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:57:17.0151 2888 SharedAccess - ok
16:57:17.0185 2888 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
16:57:17.0204 2888 ShellHWDetection - ok
16:57:17.0227 2888 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:57:17.0230 2888 sisagp - ok
16:57:17.0263 2888 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:57:17.0267 2888 SiSRaid2 - ok
16:57:17.0313 2888 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:57:17.0324 2888 SiSRaid4 - ok
16:57:17.0395 2888 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
16:57:17.0400 2888 SmartDefragDriver - ok
16:57:17.0424 2888 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:57:17.0428 2888 Smb - ok
16:57:17.0460 2888 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:57:17.0467 2888 SNMPTRAP - ok
16:57:17.0479 2888 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:57:17.0482 2888 spldr - ok
16:57:17.0543 2888 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
16:57:17.0562 2888 Spooler - ok
16:57:17.0733 2888 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
16:57:17.0806 2888 sppsvc - ok
16:57:19.0196 2888 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
16:57:19.0204 2888 sppuinotify - ok
16:57:19.0330 2888 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
16:57:19.0367 2888 srv - ok
16:57:19.0585 2888 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
16:57:19.0598 2888 srv2 - ok
16:57:19.0644 2888 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:57:19.0659 2888 SrvHsfHDA - ok
16:57:19.0722 2888 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:57:19.0770 2888 SrvHsfV92 - ok
16:57:19.0827 2888 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:57:19.0874 2888 SrvHsfWinac - ok
16:57:19.0920 2888 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
16:57:19.0925 2888 srvnet - ok
16:57:19.0944 2888 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:57:19.0963 2888 SSDPSRV - ok
16:57:19.0977 2888 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:57:19.0985 2888 SstpSvc - ok
16:57:20.0023 2888 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:57:20.0027 2888 stexstor - ok
16:57:20.0082 2888 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
16:57:20.0111 2888 StiSvc - ok
16:57:20.0144 2888 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:57:20.0148 2888 storflt - ok
16:57:20.0177 2888 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:57:20.0180 2888 storvsc - ok
16:57:20.0204 2888 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:57:20.0208 2888 swenum - ok
16:57:20.0339 2888 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:57:20.0367 2888 SwitchBoard - ok
16:57:20.0404 2888 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:57:20.0426 2888 swprv - ok
16:57:20.0517 2888 SynTP (4a1917415a08fcd77dd6d6ed649d5e9d) C:\Windows\system32\DRIVERS\SynTP.sys
16:57:20.0559 2888 SynTP - ok
16:57:20.0741 2888 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
16:57:20.0772 2888 SysMain - ok
16:57:20.0788 2888 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
16:57:20.0795 2888 TabletInputService - ok
16:57:20.0823 2888 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
16:57:20.0832 2888 TapiSrv - ok
16:57:20.0849 2888 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:57:20.0857 2888 TBS - ok
16:57:20.0972 2888 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
16:57:21.0001 2888 Tcpip - ok
16:57:21.0048 2888 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
16:57:21.0056 2888 TCPIP6 - ok
16:57:21.0085 2888 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:57:21.0089 2888 tcpipreg - ok
16:57:21.0101 2888 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:57:21.0105 2888 TDPIPE - ok
16:57:21.0133 2888 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
16:57:21.0136 2888 TDTCP - ok
16:57:21.0173 2888 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:57:21.0177 2888 tdx - ok
16:57:21.0195 2888 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:57:21.0199 2888 TermDD - ok
16:57:21.0243 2888 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
16:57:21.0265 2888 TermService - ok
16:57:21.0299 2888 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:57:21.0312 2888 Themes - ok
16:57:21.0361 2888 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:57:21.0365 2888 THREADORDER - ok
16:57:21.0430 2888 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
16:57:21.0443 2888 TPM - ok
16:57:21.0465 2888 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:57:21.0478 2888 TrkWks - ok
16:57:21.0522 2888 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
16:57:21.0538 2888 TrustedInstaller - ok
16:57:21.0552 2888 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:21.0555 2888 tssecsrv - ok
16:57:21.0587 2888 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:57:21.0592 2888 tunnel - ok
16:57:21.0626 2888 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
16:57:21.0630 2888 TVTI2C - ok
16:57:21.0655 2888 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:57:21.0658 2888 uagp35 - ok
16:57:21.0687 2888 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:57:21.0702 2888 udfs - ok
16:57:21.0731 2888 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:57:21.0739 2888 UI0Detect - ok
16:57:21.0777 2888 UimBus (0a1822d12cf103633893caf9cae4e69d) C:\Windows\system32\DRIVERS\UimBus.sys
16:57:21.0781 2888 UimBus - ok
16:57:21.0819 2888 Uim_IM (42f7398a76d279e0f63fc600920ab90c) C:\Windows\system32\Drivers\Uim_IM.sys
16:57:21.0836 2888 Uim_IM - ok
16:57:21.0866 2888 Uim_Vim (48ad04132fcac71e0eec3de5fb22d66e) C:\Windows\system32\Drivers\Uim_Vim.sys
16:57:21.0881 2888 Uim_Vim - ok
16:57:21.0914 2888 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:57:21.0918 2888 uliagpkx - ok
16:57:21.0936 2888 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:57:21.0940 2888 umbus - ok
16:57:21.0957 2888 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:57:21.0961 2888 UmPass - ok
16:57:21.0997 2888 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
16:57:22.0017 2888 UmRdpService - ok
16:57:22.0060 2888 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:57:22.0080 2888 upnphost - ok
16:57:22.0123 2888 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:57:22.0124 2888 USBAAPL - ok
16:57:22.0168 2888 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
16:57:22.0173 2888 usbaudio - ok
16:57:22.0215 2888 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:22.0219 2888 usbccgp - ok
16:57:22.0247 2888 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:57:22.0252 2888 usbcir - ok
16:57:22.0293 2888 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
16:57:22.0296 2888 usbehci - ok
16:57:22.0330 2888 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
16:57:22.0345 2888 usbhub - ok
16:57:22.0367 2888 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
16:57:22.0370 2888 usbohci - ok
16:57:22.0389 2888 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:57:22.0393 2888 usbprint - ok
16:57:22.0436 2888 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:22.0441 2888 USBSTOR - ok
16:57:22.0453 2888 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:22.0457 2888 usbuhci - ok
16:57:22.0495 2888 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
16:57:22.0506 2888 usbvideo - ok
16:57:22.0538 2888 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:57:22.0546 2888 UxSms - ok
16:57:22.0564 2888 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:57:22.0567 2888 VaultSvc - ok
16:57:22.0584 2888 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:57:22.0588 2888 vdrvroot - ok
16:57:22.0625 2888 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
16:57:22.0684 2888 vds - ok
16:57:22.0711 2888 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:22.0714 2888 vga - ok
16:57:22.0739 2888 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:57:22.0743 2888 VgaSave - ok
16:57:22.0769 2888 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:57:22.0779 2888 vhdmp - ok
16:57:22.0819 2888 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:57:22.0823 2888 viaagp - ok
16:57:22.0842 2888 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:57:22.0846 2888 ViaC7 - ok
16:57:22.0858 2888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:57:22.0861 2888 viaide - ok
16:57:22.0911 2888 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:57:22.0927 2888 vmbus - ok
16:57:22.0942 2888 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:57:22.0946 2888 VMBusHID - ok
16:57:22.0956 2888 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:57:22.0959 2888 volmgr - ok
16:57:22.0994 2888 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:57:23.0008 2888 volmgrx - ok
16:57:23.0036 2888 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:57:23.0052 2888 volsnap - ok
16:57:23.0079 2888 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:57:23.0085 2888 vsmraid - ok
16:57:23.0172 2888 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
16:57:23.0228 2888 VSS - ok
16:57:23.0247 2888 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:57:23.0250 2888 vwifibus - ok
16:57:23.0332 2888 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:57:23.0565 2888 W32Time - ok
16:57:23.0593 2888 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:57:23.0597 2888 WacomPen - ok
16:57:23.0626 2888 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:23.0629 2888 WANARP - ok
16:57:23.0632 2888 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:23.0634 2888 Wanarpv6 - ok
16:57:23.0712 2888 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
16:57:23.0746 2888 wbengine - ok
16:57:23.0770 2888 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:57:23.0788 2888 WbioSrvc - ok
16:57:23.0838 2888 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
16:57:23.0859 2888 wcncsvc - ok
16:57:23.0876 2888 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:57:23.0884 2888 WcsPlugInService - ok
16:57:23.0926 2888 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:57:23.0929 2888 Wd - ok
16:57:23.0970 2888 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:57:23.0996 2888 Wdf01000 - ok
16:57:24.0012 2888 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:24.0020 2888 WdiServiceHost - ok
16:57:24.0023 2888 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:57:24.0029 2888 WdiSystemHost - ok
16:57:24.0066 2888 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
16:57:24.0083 2888 WebClient - ok
16:57:24.0107 2888 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:57:24.0125 2888 Wecsvc - ok
16:57:24.0144 2888 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:57:24.0152 2888 wercplsupport - ok
16:57:24.0178 2888 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:57:24.0191 2888 WerSvc - ok
16:57:24.0204 2888 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:57:24.0207 2888 WfpLwf - ok
16:57:24.0224 2888 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:57:24.0227 2888 WIMMount - ok
16:57:24.0243 2888 winachsf - ok
16:57:24.0254 2888 WinHttpAutoProxySvc - ok
16:57:24.0312 2888 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:57:24.0317 2888 Winmgmt - ok
16:57:24.0391 2888 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
16:57:24.0434 2888 WinRM - ok
16:57:24.0489 2888 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Sun Jun 10, 2012 12:32 am    Post subject: Reply with quote

Please read what I actually write, and not what you think I've asked for.

I specifically asked you to post me the last 20 or 30 lines of your log, not for you to post me the log again.

Your TDSSKiller log is a long one and is being cut off by the forum post size limiter, so posting the whole log again just gets me the same log as you posted before.

The information I need to see is contained in the last 20 or 30 lines of the log, so that's all I need to see.

Thanks for letting me know that you no longer use AVG, there's a whole bundle of AVG remnants remaining on your machine, and we'll need to remove them as well, once I've seen the portion of TDSSKiller log that I need to see.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Sun Jun 10, 2012 4:16 am    Post subject: Reply with quote

16:57:24.0493 2888 WinUsb - ok
16:57:24.0547 2888 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:57:24.0577 2888 Wlansvc - ok
16:57:24.0657 2888 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:57:24.0660 2888 wlcrasvc - ok
16:57:24.0809 2888 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:57:24.0851 2888 wlidsvc - ok
16:57:24.0938 2888 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:57:24.0941 2888 WmiAcpi - ok
16:57:24.0989 2888 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:57:24.0994 2888 wmiApSrv - ok
16:57:25.0103 2888 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:57:25.0147 2888 WMPNetworkSvc - ok
16:57:25.0171 2888 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:57:25.0179 2888 WPCSvc - ok
16:57:25.0198 2888 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
16:57:25.0211 2888 WPDBusEnum - ok
16:57:25.0237 2888 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:57:25.0241 2888 ws2ifsl - ok
16:57:25.0309 2888 WSCSVC (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
16:57:25.0354 2888 WSCSVC - ok
16:57:25.0359 2888 WSearch - ok
16:57:25.0537 2888 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
16:57:25.0592 2888 wuauserv - ok
16:57:26.0835 2888 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:57:26.0839 2888 WudfPf - ok
16:57:26.0873 2888 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:26.0878 2888 WUDFRd - ok
16:57:26.0898 2888 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
16:57:26.0907 2888 wudfsvc - ok
16:57:26.0929 2888 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:57:26.0947 2888 WwanSvc - ok
16:57:26.0998 2888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:57:27.0595 2888 \Device\Harddisk0\DR0 - ok
16:57:27.0598 2888 Boot (0x1200) (26b8825cf0e33a8dd65e56783c8553c1) \Device\Harddisk0\DR0\Partition0
16:57:27.0600 2888 \Device\Harddisk0\DR0\Partition0 - ok
16:57:27.0600 2888 ============================================================
16:57:27.0600 2888 Scan finished
16:57:27.0600 2888 ============================================================
16:57:27.0610 8664 Detected object count: 0
16:57:27.0610 8664 Actual detected object count: 0
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Sun Jun 10, 2012 5:21 am    Post subject: Reply with quote

Thanks.

After all that I didn't see what I expected to see, so let's take care of the issues in your OTL logs, and see where that gets us.

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Smart Defrag 2


IOBit are a company with a well established record of stealing other people's copyrighted work and using it in their own creations, I would not recommend anyone to use their products.

Reboot your computer when finished.

Next

Download and run this AVG removal tool .... http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

Reboot your computer when finished.

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:OTL
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
DRV - [2011/12/29 14:23:23 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-709897677-3684748101-1059447926-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={44E7CD3B-2CEC-45CB-9CD1-1842BC620284}&mid=fbda8b7f780c42259ae87b5667fd7c30-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=us&ds=AVG&pr=pa&d=2011-12-07 03:38:06&v=9.0.0.18&sap=dsp&q={searchTerms}
[2012/01/19 17:14:25 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
[2012/06/08 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{8FCB5055-B154-47A5-8614-77ACA654B97D}
[2012/06/08 13:01:40 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C4EE3DAE-5B49-4D94-986F-B3C0002CC837}
[2012/06/08 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{13CAA70A-8E9E-4A01-963F-7ECDBB70C061}
[2012/06/08 00:48:06 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3844A07D-1AE0-4C60-A70B-4E631DF86C27}
[2012/06/06 16:24:24 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{02F86E8C-F034-42E8-90C8-51C3C4B26F5F}
[2012/06/06 16:23:16 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{E6A033DC-564A-438E-BC6F-EA4F2D61510D}
[2012/06/02 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C7408793-0A15-48FA-8FA3-07976793E270}
[2012/06/02 14:15:58 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{5ADA54A4-CE20-4DFA-9EE1-AC2FF8C49378}
[2012/05/31 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{A26D8B6F-35E8-45C6-A771-CCE288681434}
[2012/05/31 23:05:49 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3198D189-7E34-4D5B-8872-AACB4C3E969D}
[2012/05/30 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{560CFFD7-3B45-4ADA-A36E-0A8176A1C309}
[2012/05/30 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{40F4FD13-BD3F-449F-A205-A9EC5F5B399D}
[2012/05/28 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2C046B8D-6938-4644-B1E4-DC66001330EC}
[2012/05/28 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{51FFFEB8-4A86-4E50-ACA6-9978DF3918AD}
[2012/05/28 02:37:42 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{6343A432-E7F2-4065-9478-0AB735342AA7}
[2012/05/28 02:37:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C46F7F55-BB6E-49A7-BBB8-B268D7C1509E}
[2012/05/24 23:51:31 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{3E725D63-3680-481C-9BA3-B157BA9C89A7}
[2012/05/24 23:51:20 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{230C60F5-4B4A-42F0-A1EC-9BDC7F5D7813}
[2012/05/23 21:10:25 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{506B8F36-BDC3-4218-916F-54F21F1B9588}
[2012/05/22 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F6F13FE9-5ED4-49CB-BED6-A0FC7E2EAD9B}
[2012/05/22 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{CCCDBC48-3776-476D-AF6B-D720C49BD299}
[2012/05/22 15:29:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{FC17C034-798C-4290-B4E9-56B36F11E63F}
[2012/05/22 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C2FB0F06-73FE-4748-BAF1-CDC49B3A26C7}
[2012/05/22 15:24:43 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F8CA8466-EE99-47A3-B9CF-17BD971F1A4A}
[2012/05/22 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{27BBB63B-93A7-4A79-B550-67605206D6DA}
[2012/05/22 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C155A875-C1E8-4B56-948E-997FBD8464D8}
[2012/05/20 17:12:55 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{60C13C44-89B4-40A0-B558-B33D6700D602}
[2012/05/20 17:12:44 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F66E04B2-350D-49DC-80A8-DD87B59D385B}
[2012/05/19 13:59:22 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{9C11958B-CA86-422B-8617-A75FC5D4D9AE}
[2012/05/19 13:59:02 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{43B07AB4-3E3A-4721-8B13-21CD5680264D}
[2012/05/18 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{F1FE3035-A1E9-494E-A3FF-FBE89FCF8B31}
[2012/05/18 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{AD2C3232-D5B2-4F4A-85F5-B635957126B3}
[2012/05/15 06:38:56 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{675FE08C-9F07-4FBA-9DE8-8DFCED80DB0D}
[2012/05/15 06:38:36 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{C5F91FC6-A50D-4AEF-865F-1E12ED111CDC}
[2012/05/14 22:49:47 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{9289F08B-9120-435C-9E33-D9C8CCF8AE97}
[2012/05/14 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{B389E016-299F-467F-A677-3DBA87EDAABD}
[2012/05/14 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2EF062A7-428E-4C1D-A922-5D7B36E8D2D4}
[2012/05/14 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{746569D9-02C3-4E3F-8F2E-C7EE71E265AA}
[2012/05/14 01:47:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{21FE0D61-5539-4D41-979D-273C61DBF64C}
[2012/05/14 01:47:15 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{94DD8F9C-A3C4-4BDC-971F-C4290463A34D}
[2012/05/13 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{433F4CE5-72D8-43E8-BD7E-910C38D61554}
[2012/05/13 13:48:01 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{6A88D5C6-1BA9-4B25-AC4A-FEDD9ECB110A}
[2012/05/12 17:53:54 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{FD59226C-3768-45F4-8AB4-CFD96C3A0F80}
[2012/05/12 17:53:42 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{37E97F5D-6A63-47B0-AC3D-8FFA5ECDD3A6}
[2012/05/12 12:37:11 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{BF2E5C64-8A2D-4FB6-AD4C-DBA13530C7B3}
[2012/05/12 12:36:57 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{1CF4593F-49D6-414D-A0BF-2F89E717CA1C}
[2012/05/12 08:12:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{79E9A468-1078-40FD-ACFB-09623B0E9982}
[2012/05/12 08:12:14 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{47BBD7FE-743B-4E60-87F6-D4D4C64EF876}
[2012/05/11 18:54:27 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{53D5CDF0-ACBF-4E4E-ACC8-F55E3F97FFE9}
[2012/05/11 18:54:16 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{CC18CA34-0D9B-4D35-9B05-0C633E33B92F}
[2012/05/11 17:50:12 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{8018244A-BE36-4E86-AD9E-617BCB417954}
[2012/05/11 17:50:01 | 000,000,000 | ---D | C] -- C:\Users\SeizeTheMemories\AppData\Local\{2AFFC383-3C53-4E8D-83B6-3ED95658A2B1}

:Files
C:\Windows\System32\drivers\SmartDefragDriver.sys
C:\Users\SeizeTheMemories\AppData\Roaming\AVG10
C:\Users\SeizeTheMemories\AppData\Roaming\IObit
C:\Program Files\AVG
C:\Program Files\IObit
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17D2A924-849A-43CA-9B2E-38DCE566A008}"=-
"{29E073BC-73BD-4668-A22A-C80A84273FFD}"=-
"{5FC11306-816F-4E7A-8DBE-EE3D5BB4B93C}"=-
"{780CACCD-C04F-4235-B519-03C8E5BF7ADD}"=-
"{A6FD8BFD-967D-4022-A709-5B974F24AF7B}"=-
"{CC98184A-53DA-48EE-B352-4B58A4162C94}"=-
"{D3597E82-7419-4BD4-A628-AF43A9201CA4}"=-
"{E487202A-1443-46CC-89E2-66858B7AC850}"=-
"{EA6CB6F5-A3E1-4E6E-BAC9-C89BC6010CC5}"=-
"{EB3282AC-EA4A-4DA7-AB32-50C2CBC17B94}"=-

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please download Malwarebytes' Anti-Malware to your Desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.



  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.

    • Click the Updates tab.

      • Click Check for Updates and allow the programme to download the latest definitions.

    • Click the Scanner tab.

      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.

        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.

      • Post the log in your next reply please.




You can also access the log by doing the following

  • Click on the Logs tab.

    • Click on the log at the bottom of those listed to highlight it.
    • Click Open



Summary of the logs I need from you in your next post:

  • OTL fix log
  • MBAM log
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Sun Jun 10, 2012 6:31 am    Post subject: Reply with quote

Let me do some tests and I'll let you know of system changes.


All processes killed
========== OTL ==========
Service hitmanpro35 stopped successfully!
Service hitmanpro35 deleted successfully!
C:\Windows\System32\drivers\hitmanpro36.sys moved successfully.
Error: No service named SmartDefragDriver was found to stop!
Service\Driver key SmartDefragDriver not found.
File C:\Windows\System32\drivers\SmartDefragDriver.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-709897677-3684748101-1059447926-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.
C:\Users\SeizeTheMemories\AppData\Local\{8FCB5055-B154-47A5-8614-77ACA654B97D} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{C4EE3DAE-5B49-4D94-986F-B3C0002CC837} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{13CAA70A-8E9E-4A01-963F-7ECDBB70C061} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{3844A07D-1AE0-4C60-A70B-4E631DF86C27} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{02F86E8C-F034-42E8-90C8-51C3C4B26F5F} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{E6A033DC-564A-438E-BC6F-EA4F2D61510D} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{C7408793-0A15-48FA-8FA3-07976793E270} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{5ADA54A4-CE20-4DFA-9EE1-AC2FF8C49378} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{A26D8B6F-35E8-45C6-A771-CCE288681434} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{3198D189-7E34-4D5B-8872-AACB4C3E969D} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{560CFFD7-3B45-4ADA-A36E-0A8176A1C309} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{40F4FD13-BD3F-449F-A205-A9EC5F5B399D} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{2C046B8D-6938-4644-B1E4-DC66001330EC} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{51FFFEB8-4A86-4E50-ACA6-9978DF3918AD} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{6343A432-E7F2-4065-9478-0AB735342AA7} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{C46F7F55-BB6E-49A7-BBB8-B268D7C1509E} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{3E725D63-3680-481C-9BA3-B157BA9C89A7} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{230C60F5-4B4A-42F0-A1EC-9BDC7F5D7813} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{506B8F36-BDC3-4218-916F-54F21F1B9588} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{F6F13FE9-5ED4-49CB-BED6-A0FC7E2EAD9B} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{CCCDBC48-3776-476D-AF6B-D720C49BD299} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{FC17C034-798C-4290-B4E9-56B36F11E63F} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{C2FB0F06-73FE-4748-BAF1-CDC49B3A26C7} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{F8CA8466-EE99-47A3-B9CF-17BD971F1A4A} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{27BBB63B-93A7-4A79-B550-67605206D6DA} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{C155A875-C1E8-4B56-948E-997FBD8464D8} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{60C13C44-89B4-40A0-B558-B33D6700D602} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{F66E04B2-350D-49DC-80A8-DD87B59D385B} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{9C11958B-CA86-422B-8617-A75FC5D4D9AE} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{43B07AB4-3E3A-4721-8B13-21CD5680264D} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{F1FE3035-A1E9-494E-A3FF-FBE89FCF8B31} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{AD2C3232-D5B2-4F4A-85F5-B635957126B3} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{675FE08C-9F07-4FBA-9DE8-8DFCED80DB0D} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{C5F91FC6-A50D-4AEF-865F-1E12ED111CDC} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{9289F08B-9120-435C-9E33-D9C8CCF8AE97} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{B389E016-299F-467F-A677-3DBA87EDAABD} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{2EF062A7-428E-4C1D-A922-5D7B36E8D2D4} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{746569D9-02C3-4E3F-8F2E-C7EE71E265AA} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{21FE0D61-5539-4D41-979D-273C61DBF64C} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{94DD8F9C-A3C4-4BDC-971F-C4290463A34D} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{433F4CE5-72D8-43E8-BD7E-910C38D61554} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{6A88D5C6-1BA9-4B25-AC4A-FEDD9ECB110A} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{FD59226C-3768-45F4-8AB4-CFD96C3A0F80} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{37E97F5D-6A63-47B0-AC3D-8FFA5ECDD3A6} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{BF2E5C64-8A2D-4FB6-AD4C-DBA13530C7B3} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{1CF4593F-49D6-414D-A0BF-2F89E717CA1C} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{79E9A468-1078-40FD-ACFB-09623B0E9982} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{47BBD7FE-743B-4E60-87F6-D4D4C64EF876} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{53D5CDF0-ACBF-4E4E-ACC8-F55E3F97FFE9} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{CC18CA34-0D9B-4D35-9B05-0C633E33B92F} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{8018244A-BE36-4E86-AD9E-617BCB417954} folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Local\{2AFFC383-3C53-4E8D-83B6-3ED95658A2B1} folder moved successfully.
========== FILES ==========
File\Folder C:\Windows\System32\drivers\SmartDefragDriver.sys not found.
C:\Users\SeizeTheMemories\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\SeizeTheMemories\AppData\Roaming\IObit folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons\default folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\libs folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files\IObit folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SeizeTheMemories\Downloads\cmd.bat deleted successfully.
C:\Users\SeizeTheMemories\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17D2A924-849A-43CA-9B2E-38DCE566A008} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17D2A924-849A-43CA-9B2E-38DCE566A008}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29E073BC-73BD-4668-A22A-C80A84273FFD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29E073BC-73BD-4668-A22A-C80A84273FFD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FC11306-816F-4E7A-8DBE-EE3D5BB4B93C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FC11306-816F-4E7A-8DBE-EE3D5BB4B93C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{780CACCD-C04F-4235-B519-03C8E5BF7ADD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{780CACCD-C04F-4235-B519-03C8E5BF7ADD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6FD8BFD-967D-4022-A709-5B974F24AF7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FD8BFD-967D-4022-A709-5B974F24AF7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC98184A-53DA-48EE-B352-4B58A4162C94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC98184A-53DA-48EE-B352-4B58A4162C94}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3597E82-7419-4BD4-A628-AF43A9201CA4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3597E82-7419-4BD4-A628-AF43A9201CA4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E487202A-1443-46CC-89E2-66858B7AC850} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E487202A-1443-46CC-89E2-66858B7AC850}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA6CB6F5-A3E1-4E6E-BAC9-C89BC6010CC5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6CB6F5-A3E1-4E6E-BAC9-C89BC6010CC5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB3282AC-EA4A-4DA7-AB32-50C2CBC17B94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB3282AC-EA4A-4DA7-AB32-50C2CBC17B94}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: SeizeTheMemories
->Temp folder emptied: 32056019 bytes
->Temporary Internet Files folder emptied: 6796681 bytes
->Java cache emptied: 22125392 bytes
->FireFox cache emptied: 384029616 bytes
->Flash cache emptied: 73109 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 2339832744 bytes

Total Files Cleaned = 2,656.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.47.0 log created on 06102012_101032

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
SeizeTheMemories :: SEIZETHEMEMOR [administrator]

Protection: Disabled

6/10/2012 10:21:06 AM
mbam-log-2012-06-10 (10-21-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211601
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\SeizeTheMemories\Downloads\PDFReaderSetup_V3.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.

(end)
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Mon Jun 11, 2012 5:37 am    Post subject: System improvements Reply with quote

System is much more responsive.
Processing speed is up, and lag time is much reduced.
Thank you for you great help.
This is always where I go when I have exhausted all my skills. Very Happy
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Mon Jun 11, 2012 6:06 am    Post subject: Reply with quote

Glad to hear that your computer is behaving better.

Before we finish I'd like to run a general scan with one of the online AV scanners, just to make sure we haven't missed anything.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Tue Jun 12, 2012 8:34 am    Post subject: OMG Reply with quote

When this showed up, I ran the same scan on my other 2
network computers.
They're all infected.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=46312a369f0fb74ebf6637f1baa7578a
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-11 07:45:18
# local_time=2012-06-11 03:45:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 22924288 22924288 0 0
# compatibility_mode=5893 16776574 100 94 22954790 90975064 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=297651
# found=16
# cleaned=0
# scan_time=13645
C:\Program Files\Microsoft Office\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe a variant of Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\234 PhotoShop Plugins.iso multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Digimation Fractal Flow 1.1\Digimation Fractal Flow 1.1.rar probably a variant of Win32/PSW.LdPinch.CVWKGYC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Lux 1.0.1\Trapcode Lux 1.0.1.rar probably a variant of Win32/Agent.DYALQLT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Particular 1.0.1\Trapcode Particular 1.0.1.rar probably a variant of Win32/Agent.DYALQLT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Zaxwerks 3D Invigorator Pro 4.0.3\Zaxwerks 3D Invigorator Pro 4.0.3.rar probably a variant of Win32/Agent.FWPLVTU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\Imagenomic Portraiture v.2.3 Windows 7 Compatible\Keygen\keygen.exe.old a variant of Win32/Keygen.CX application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\AppData\Local\temp\19666562.Uninstall\Uninstall.exe a variant of Win32/InstallCore.Q application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\2_Snow_and_2_Sand_Brushes_For_Photoshop_downloader.exe a variant of Win32/ExpressFiles application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\chatvibes108.exe a variant of Win32/MessengerPlus.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\cursors.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff(1).exe probably a variant of Win32/Adware.EZRPLFB application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff.exe probably a variant of Win32/Adware.EZRPLFB application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=46312a369f0fb74ebf6637f1baa7578a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-12 04:24:34
# local_time=2012-06-12 12:24:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 22995894 22995894 0 0
# compatibility_mode=5893 16776574 100 94 23026396 91046670 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=392905
# found=16
# cleaned=0
# scan_time=16396
C:\Program Files\Microsoft Office\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe a variant of Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\234 PhotoShop Plugins.iso multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Digimation Fractal Flow 1.1\Digimation Fractal Flow 1.1.rar probably a variant of Win32/PSW.LdPinch.CVWKGYC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Lux 1.0.1\Trapcode Lux 1.0.1.rar probably a variant of Win32/Agent.DYALQLT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Particular 1.0.1\Trapcode Particular 1.0.1.rar probably a variant of Win32/Agent.DYALQLT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Zaxwerks 3D Invigorator Pro 4.0.3\Zaxwerks 3D Invigorator Pro 4.0.3.rar probably a variant of Win32/Agent.FWPLVTU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Plugins\Not Compatible\Imagenomic Portraiture v.2.3 Windows 7 Compatible\Keygen\keygen.exe.old a variant of Win32/Keygen.CX application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\AppData\Local\temp\19666562.Uninstall\Uninstall.exe a variant of Win32/InstallCore.Q application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\2_Snow_and_2_Sand_Brushes_For_Photoshop_downloader.exe a variant of Win32/ExpressFiles application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\chatvibes108.exe a variant of Win32/MessengerPlus.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\cursors.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff(1).exe probably a variant of Win32/Adware.EZRPLFB application (unable to clean) 00000000000000000000000000000000 I
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff.exe probably a variant of Win32/Adware.EZRPLFB application (unable to clean) 00000000000000000000000000000000 I
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Tue Jun 12, 2012 12:37 pm    Post subject: Reply with quote

I'd like to check the files detected by e-set with a few other anti-virus scanners, since it's not clear to me how positive the identifications were. Installer files like these are often false flagged by heuristic scans because of their functionality.


Quote:
C:\Program Files\Microsoft Office\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
C:\Users\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
C:\Users\Public\Documents\Plugins\234 PhotoShop Plugins.iso
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Digimation Fractal Flow 1.1\Digimation Fractal Flow 1.1.rar
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Lux 1.0.1\Trapcode Lux 1.0.1.rar
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Particular 1.0.1\Trapcode Particular 1.0.1.rar
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Zaxwerks 3D Invigorator Pro 4.0.3\Zaxwerks 3D Invigorator Pro 4.0.3.rar
C:\Users\Public\Documents\Plugins\Not Compatible\Imagenomic Portraiture v.2.3 Windows 7 Compatible\Keygen\keygen.exe.old
C:\Users\SeizeTheMemories\AppData\Local\temp\19666562.Uninstall\Uninstall.exe
C:\Users\SeizeTheMemories\Downloads\2_Snow_and_2_Sand_Brushes_For_Photoshop_downloader.exe
C:\Users\SeizeTheMemories\Downloads\chatvibes108.exe
C:\Users\SeizeTheMemories\Downloads\cursors.exe
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff(1).exe
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff.exe


  • Browse to the first file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please.


If you recognise any of the files listed, and know that they come from a legitimate source, please let me know.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Tue Jun 12, 2012 1:43 pm    Post subject: Reply with quote

1 - ok
2 - yontoo
3 - yontoo
4 - yontoo
5 - too big, deleted
6 - too big, deleted
7 - too big, deleted
8 - too big, deleted,
9 - too big, deleted
10 - installcore
11 - ok
12 - ok
13 - trojangeneric/ibt
14 - yontoo
15 - yontoo
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Tue Jun 12, 2012 2:04 pm    Post subject: Reply with quote

There were 16 files to scan, you've only listed 15.

It's easier if you put the file name with the result against it rather than just a number, that way I'm not going to make any errors about scripting what needs removing.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
eldoncooper
Junior Member


Joined: 27 Dec 2011
Last Visit: 24 Oct 2012
Posts: 23

PostPosted: Tue Jun 12, 2012 2:38 pm    Post subject: Reply with quote

mini-KMS_Activator_v1.053.exe - ok
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll - yontoo
C:\Users\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll - yontoo
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll - yontoo
C:\Users\Public\Documents\Plugins\234 PhotoShop Plugins.iso - too big, deleted
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Digimation Fractal Flow 1.1\Digimation Fractal Flow 1.1.rar - too big, deleted
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Lux 1.0.1\Trapcode Lux 1.0.1.rar
- too big, deleted
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Trapcode Particular 1.0.1\Trapcode Particular 1.0.1.rar - too big, deleted,
C:\Users\Public\Documents\Plugins\Not Compatible\After Effects 1.0\After Effects CS3\Adobe After Effects Plugins MegaPack\Zaxwerks 3D Invigorator Pro 4.0.3\Zaxwerks 3D Invigorator Pro 4.0.3.rar - too big, deleted
C:\Users\Public\Documents\Plugins\Not Compatible\Imagenomic Portraiture v.2.3 Windows 7 Compatible\Keygen\keygen.exe.old
- ok
C:\Users\SeizeTheMemories\AppData\Local\temp\19666562.Uninstall\Uninstall.exe
- installcore
C:\Users\SeizeTheMemories\Downloads\2_Snow_and_2_Sand_Brushes_For_Photoshop_downloader.exe
- ok
C:\Users\SeizeTheMemories\Downloads\chatvibes108.exe
- ok
C:\Users\SeizeTheMemories\Downloads\cursors.exe
- trojangeneric/ibt
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff(1).exe
- yontoo
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff.exe - yontoo
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Tue Jun 12, 2012 9:18 pm    Post subject: Reply with quote

Thanks. Smile

Right, let's get rid of the ones that are infected.


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Files
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
C:\Users\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
C:\Users\SeizeTheMemories\AppData\Local\temp\19666562.Uninstall\Uninstall.exe
C:\Users\SeizeTheMemories\Downloads\cursors.exe
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff(1).exe
C:\Users\SeizeTheMemories\Downloads\PageRageSetupAff.exe

:Commands
[clearallrestorepoints]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Provided there are no problems, it's not necessary to post me the log.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Presuming that OTL has no problems removing those files, then it's time to clear out the programs we've been using to clean your computer.

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 01 Oct 2014
Posts: 9980
Location: Yorkshire

PostPosted: Thu Jun 14, 2012 10:01 pm    Post subject: Reply with quote

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group